Skip to main content
Back to Home

Privacy Policy

Last updated: 2 April 2026

In accordance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679

1. Data Controller

The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is:

JaWelt Bay GmbH

Kaiser Strasse 5

40479 Düsseldorf, Germany

E-Mail: info@ja-welt.com

Website: www.ja-welt.com

2. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Art. 6 GDPR:

  • Art. 6(1)(a) GDPR — Consent: Where you have given us explicit consent (e.g. analytics cookies, marketing communications)
  • Art. 6(1)(b) GDPR — Contract performance: Where processing is necessary to fulfil a contract or pre-contractual steps (e.g. booking a call, service delivery)
  • Art. 6(1)(c) GDPR — Legal obligation: Where we are required to process data to comply with applicable law
  • Art. 6(1)(f) GDPR — Legitimate interests: Where processing is necessary for our legitimate business interests (e.g. fraud prevention, IT security), provided your interests and rights do not override ours

3. Personal Data We Collect

We collect only the personal data that is necessary for the stated purposes (data minimisation principle, Art. 5(1)(c) GDPR):

  • Contact Information: Name, email address, company name, and budget — collected via contact and booking forms (legal basis: Art. 6(1)(b) GDPR)
  • Authentication Data: User credentials and session tokens — managed via Supabase (legal basis: Art. 6(1)(b) GDPR)
  • Usage Data: Pages visited, session duration, interactions — collected only with your consent (legal basis: Art. 6(1)(a) GDPR)
  • Device Information: Browser type, operating system, IP address — collected for security and technical operation (legal basis: Art. 6(1)(f) GDPR)
  • Cookies: See our Cookie Policy for full details

4. Purposes of Processing

We process your personal data for the following purposes:

  • Service Delivery: Processing enquiries, sending booking confirmations, and providing customer support (Art. 6(1)(b) GDPR)
  • Transactional Communication: Sending booking confirmations and service-related notifications (Art. 6(1)(b) GDPR)
  • Analytics: Understanding website usage to improve performance — only with your consent (Art. 6(1)(a) GDPR)
  • Marketing: Sending marketing communications — only with your explicit consent, which you may withdraw at any time (Art. 6(1)(a) GDPR)
  • Legal Compliance: Meeting legal obligations and protecting against fraud (Art. 6(1)(c) GDPR)

We do not use your personal data for automated decision-making or profiling with legal or similarly significant effects (Art. 22 GDPR).

5. Cookies and Tracking Technologies

We use cookies and similar technologies. Non-essential cookies (analytics, marketing) are only placed after you have given your explicit consent via our cookie banner, in accordance with Art. 6(1)(a) GDPR and the ePrivacy Directive.

  • Strictly Necessary: Required for authentication, security, and core functionality — no consent required
  • Analytics: Track usage patterns — placed only with consent
  • Marketing: Enable targeted advertising — placed only with consent
  • Preferences: Remember your settings — placed only with consent

You can manage or withdraw your consent at any time via the "Cookie Preferences" link in the footer, or by visiting our Cookie Policy.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). Where we transfer personal data to third countries, we ensure an adequate level of protection through:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards under Art. 46 GDPR

You may request a copy of the applicable safeguards by contacting us at info@ja-welt.com.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights (Arts. 15–22 GDPR):

  • Right of access (Art. 15): Obtain confirmation of whether we process your data and receive a copy
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restriction (Art. 18): Request that we restrict processing of your data
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint (Art. 77): File a complaint with your national supervisory authority (see below)

To exercise any of these rights, please contact us at info@ja-welt.com. We will respond within one month (Art. 12(3) GDPR).

Supervisory Authority: You have the right to lodge a complaint with the competent data protection supervisory authority. For Germany, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW). You may also contact the supervisory authority in your country of residence.

8. Data Retention

We retain personal data only for as long as necessary for the stated purpose or as required by law (Art. 5(1)(e) GDPR — storage limitation):

  • Contact Form Data: Retained for up to 2 years for business records and follow-up; deleted upon request
  • Authentication Data: Retained while your account is active; deleted within 30 days of account deletion
  • Consent Records: Stored for up to 3 years for compliance documentation
  • Analytics Data: Aggregated and anonymised; individual session data retained for 90 days
  • Booking Data: Retained for up to 3 years for contractual and tax purposes

9. Third-Party Service Providers

We engage the following categories of data processors under Art. 28 GDPR. All processors are bound by data processing agreements:

  • Supabase (USA): Authentication and database hosting — SCCs in place
  • Resend (USA): Transactional email delivery — SCCs in place
  • Calendly (USA): Appointment scheduling — SCCs in place
  • Google Analytics (USA): Website analytics — only with consent; SCCs in place

We do not sell your personal data to third parties.

10. Contact & Data Protection Enquiries

For any questions about this Privacy Policy, to exercise your rights, or for data protection enquiries, please contact us:

JaWelt Bay GmbH

Kaiser Strasse 5, 40479 Düsseldorf, Germany

E-Mail: info@ja-welt.com

We will respond to your request within one month. For complex requests, this period may be extended by a further two months (Art. 12(3) GDPR), in which case we will inform you.

11. Changes to This Policy

This Privacy Policy was last updated on 2 April 2026. We may update this policy to reflect changes in our practices or applicable law. Where changes are material, we will notify you by updating the "Last updated" date and, where required by law, by obtaining your renewed consent.