Start a project

Privacy Policy

Privacy policy pursuant to GDPR

1. Controller

Jana Enderle
Studio Rotstich
Olbersstraße 4
10589 Berlin

Email: kontakt@studio-rotstich.de
Phone: +49 176 60404458

2. Overview of Data Processing

We process personal data only to the extent necessary to provide a functional website and our content and services. Personal data is only collected with consent, unless processing is permitted by statutory regulations.

3. Legal Basis

The processing of personal data is carried out on the basis of the following legal bases of the GDPR:

  • Art. 6 (1) lit. a GDPR – Consent of the data subject
  • Art. 6 (1) lit. b GDPR – Performance of a contract or steps prior to entering into a contract
  • Art. 6 (1) lit. f GDPR – Legitimate interest, unless the interests or fundamental rights and freedoms of the data subject override

4. SSL or TLS Encryption

For security reasons, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the address line of the browser changing from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Hosting and Server Log Files

Our hosting provider collects the following data, which your browser automatically transmits, in so-called server log files:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • IP address
  • Time of the server request

This data is not merged with other data sources. The collection is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website.

6. Contact Form and Email

If you contact us via the contact form or email, the details you provide (name, email address, message) will be stored by us for the purpose of processing your inquiry and in the event of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, provided that your inquiry is related to the performance of a contract or is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR).

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.

Contact form messages are sent using the email service Fastmail (Fastmail Pty Ltd, Melbourne, Australia). Fastmail processes your data exclusively to deliver the email. Further information can be found in Fastmail's privacy policy at https://www.fastmail.com/privacy/.

7. Fonts (Self-Hosted)

This website uses the Sora typeface, served directly from our own servers (self-hosting). No connection is made to external third parties such as Google Fonts. When a page is loaded, font files are retrieved exclusively from this website — your IP address is not transmitted to third parties.

The provision of fonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in a consistent and privacy-friendly presentation of typography.

8. Map Display (CARTO / OpenStreetMap)

We embed an interactive map on our website that is based on map data from OpenStreetMap. The map tiles are loaded via the service CARTO (CARTO, Inc., New York, USA).

When you access a page containing a map, your browser connects to CARTO's servers (basemaps.cartocdn.com) to load the map tiles. In doing so, your IP address is transmitted to CARTO. The underlying map data originates from the OpenStreetMap Foundation (OSMF), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK.

This is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the appealing presentation of the studio location and ease of finding it.

Further information can be found in CARTO's privacy policy at https://carto.com/privacy/ and in OpenStreetMap's privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

9. External Links

Our website contains links to external websites (e.g., Instagram, LinkedIn). When clicking these links, you will be redirected to the pages of the respective providers. We have no influence on the data collected and processing operations there. You can find information about data protection in the respective privacy policies of the providers.

10. Rights of the Data Subject

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR) – You can request information about your personal data processed by us.
  • Right to rectification (Art. 16 GDPR) – You can request the correction of incorrect or completion of your personal data stored by us.
  • Right to erasure (Art. 17 GDPR) – You can request the deletion of your personal data stored by us, provided that no statutory retention obligations prevent it.
  • Right to restriction of processing (Art. 18 GDPR) – You can request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR) – You can request to receive your data in a structured, commonly used, and machine-readable format or to have it transmitted to another controller.
  • Right to object (Art. 21 GDPR) – You can object to the processing of your personal data at any time, provided that processing is based on Art. 6 (1) lit. f GDPR.

11. Withdrawal of Your Consent

Many data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

12. Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:

Berliner Beauftragte for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
https://www.datenschutz-berlin.de

13. Status and Amendment of this Privacy Policy

This privacy policy is currently valid and is as of May 2026. Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this privacy policy.