Back to homeHoracek Marketing

Last updated: June 2026

Privacy Policy

This Privacy Policy describes how Horacek Marketing processes personal data of visitors to pavelhoracek.pro and of our clients in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the German Federal Data Protection Act (BDSG), the German Telecommunications-Telemedia Data Protection Act (TTDSG) and, for users in the United Kingdom, the UK GDPR and the Data Protection Act 2018.

1. Controller

Horacek Marketing, Fontenay 90, 20354 Hamburg, Germany. Email: contact@horacek.online. Phone: +34 662 583 428. We have not appointed a statutory Data Protection Officer as the conditions of § 38 BDSG are not met; data-protection enquiries should be sent to the controller address above.

2. Categories of Data We Process

  • Contact form data: name, email address, company, message content.
  • Communication data when you email or call us.
  • Contract and billing data (for clients): company details, VAT ID, invoicing data.
  • Server log data: IP address (shortened where possible), browser, OS, referrer, time of request.
  • Consent data (records of cookie / marketing consents).

3. Purposes & Legal Bases

  • Responding to enquiries — Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in handling enquiries).
  • Performance of the service contract — Art. 6(1)(b) GDPR.
  • Compliance with legal obligations (e.g. tax retention) — Art. 6(1)(c) GDPR in conjunction with §§ 147 AO, 257 HGB.
  • Operation and security of the website — Art. 6(1)(f) GDPR.
  • Non-essential cookies / analytics / marketing — Art. 6(1)(a) GDPR and § 25(1) TTDSG (your consent via the cookie banner).

4. Recipients & Processors

We disclose personal data only to processors acting on our behalf under Art. 28 GDPR / UK GDPR — for example hosting, email delivery, customer support and analytics providers. We do not sell personal data. Public authorities receive data only where legally required.

5. International Transfers

Where processors are located outside the EEA / UK, transfers are safeguarded by an adequacy decision of the European Commission / UK Government or by Standard Contractual Clauses (Art. 46(2)(c) GDPR / the UK International Data Transfer Addendum), supplemented by additional technical and organisational measures where required.

6. Retention Periods

We keep personal data only as long as necessary for the purposes set out above. Contact-form enquiries are deleted after 24 months unless a contract is concluded. Accounting records are retained for 10 years (§ 147 AO) and other commercial documents for 6 years (§ 257 HGB). For UK clients, equivalent statutory retention periods apply.

7. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object (Art. 21) to processing based on Art. 6(1)(f) GDPR. Where processing is based on consent you may withdraw it at any time with effect for the future. To exercise your rights write to contact@horacek.online.

8. Right to Lodge a Complaint

You may lodge a complaint with a supervisory authority. The competent authority for our establishment is the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit). UK residents may complain to the Information Commissioner's Office (ICO, ico.org.uk).

9. Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects concerning you within the meaning of Art. 22 GDPR.

10. Updates to this Policy

We may update this Privacy Policy to reflect changes in our services or the law. The current version is always available at this URL.