Back to home

    Privacy Policy

    Datenschutzerklärung · Last updated: March 2026

    Jump to section

    1. Controller

    TL;DR: Who's responsible for your data

    whaamkabaam
    Owner: Felix Holtkamp
    Donaustr. 44
    12043 Berlin
    Germany

    Email: hi@whaamkabaam.com

    2. Overview of Data Processing

    TL;DR: What we do with data & why

    This privacy policy informs you about the nature, scope, and purpose of the processing of personal data ("data") within our online offering whaamkabaam.com, including associated websites, functions, content, and external online presences such as social media profiles (collectively referred to as the "online offering").

    The terms used, such as "processing" or "controller", are defined in Article 4 of the General Data Protection Regulation (GDPR).

    3. Types of Data Processed

    TL;DR: Categories of data we collect
    • Master data (e.g. name, address)
    • Contact data (e.g. email address, Discord username)
    • Contract data (e.g. purchased product, scope of services)
    • Payment / billing data (e.g. transaction ID, payment status, billing address, country, VAT/GST ID if applicable, invoice/receipt details)
    • Content data (e.g. information provided for customization)
    • Usage data (e.g. visited pages, access times)
    • Meta/communication data (e.g. IP address, device information)

    4. Categories of Data Subjects

    TL;DR: Who this applies to

    Visitors and users of the online offering (collectively referred to as "users").

    5. Purposes of Processing

    TL;DR: Why we process your data
    • Provision and operation of the website
    • Fulfillment of contracts and delivery of digital products and services
    • Communication with users (email, Discord)
    • Processing payments and handling refunds/chargebacks (via our payment partners)
    • Security and abuse prevention
    • Analytics, marketing, and optimization
    • Preparation and future operation of newsletters

    7. Hosting and Infrastructure

    TL;DR: Where your data is stored

    Framer

    The website frontend is hosted via Framer B.V., Netherlands. Framer processes personal data (e.g. IP addresses, access data) on our behalf for the purpose of providing hosting and website functionality.

    STRATO

    Domain and related infrastructure services are provided by STRATO AG, Germany.

    Hetzner

    Backend services and servers are hosted by Hetzner Online GmbH, Germany. Hetzner processes data as a processor under Art. 28 GDPR.

    The processing is based on our legitimate interest in secure and efficient website operation (Art. 6(1)(f) GDPR).

    8. Payments

    TL;DR: How payment data is handled

    We use the following providers to run checkout and process payments. Depending on the product and checkout flow, your purchase may be handled by one of these providers:

    A) CopeCart

    CopeCart GmbH, Rosenstr. 2, 10178 Berlin, Germany

    CopeCart processes payment and transaction data (e.g. name, email, billing details, payment method details, transaction identifiers) to complete your purchase and for fraud prevention and compliance.

    We receive from CopeCart the information necessary to fulfill the contract and provide support (typically: name, email, product purchased, invoice/receipt identifiers, country, and payment status). We do not receive or store full card details.

    Privacy policy: copecart.com/de/datenschutz

    B) FastSpring (Merchant of Record)

    FastSpring acts as Merchant of Record (MoR) / reseller for certain transactions. This means FastSpring is responsible for processing the payment, handling taxes/VAT (where applicable), issuing invoices/receipts, and managing chargebacks/refunds in that MoR flow.

    Bright Market, LLC d/b/a FastSpring, 801 Garden Street, #201, Santa Barbara, CA 93101, USA

    FastSpring processes payment and transaction data (e.g. name, email, billing address, payment method details, transaction identifiers, and tax-related details where applicable). We receive from FastSpring the information required to deliver the purchased digital product/service and provide customer support (typically: name, email, product purchased, invoice/receipt identifiers, country, and payment status). We do not receive or store full card details.

    FastSpring may process personal data in third countries (e.g. the USA). Where required, transfers are safeguarded in accordance with applicable data protection law.

    Privacy policy: fastspring.com/privacy

    Legal basis for our processing: Art. 6(1)(b) GDPR (contract performance). Where applicable, Art. 6(1)(f) GDPR (fraud prevention, secure operations). The payment providers process data under their own responsibility for payment execution, compliance, and fraud prevention.

    Note: If you have questions about a charge, invoice, or refund, the fastest route is usually the support contact shown on your receipt/checkout confirmation (CopeCart or FastSpring), in addition to contacting us for product/service access issues.

    9. Analytics & Marketing

    TL;DR: Tools we use to improve the site

    We use the following tools based on our legitimate interests in analyzing, optimizing, and marketing our online offering (Art. 6(1)(f) GDPR):

    Google Analytics

    Provided by Google Ireland Limited. IP anonymization is enabled. Data may be transferred to the USA under appropriate safeguards.

    Opt-out: tools.google.com/dlpage/gaoptout

    Privacy policy: policies.google.com/privacy

    Google Tag Manager

    Used to manage website tags. The Tag Manager itself does not process personal data.

    Google Ads

    Used for conversion tracking and remarketing.

    Meta (Facebook / Instagram Pixel)

    Provided by Meta Platforms Ireland Ltd. Used to measure advertising effectiveness and display interest-based ads.

    Privacy policy: facebook.com/policy.php

    Ad settings: facebook.com/settings?tab=ads

    10. Cookies

    TL;DR: We use cookies & you can disable them

    We use cookies and similar technologies. Cookies can be temporary (session cookies) or persistent.

    Users can disable cookies via their browser settings. Please note that disabling cookies may limit website functionality.

    11. Communication & Contact

    TL;DR: How we handle your messages

    If you contact us via email or Discord, your data will be processed to handle your request (Art. 6(1)(b) GDPR).

    12. Newsletter (Planned)

    TL;DR: Planned newsletter via MailerLite

    We plan to offer a newsletter in the future via MailerLite UAB, Lithuania.

    When activated:

    • Subscription will occur via double opt-in
    • Processing will be based on consent (Art. 6(1)(a) GDPR)
    • Users can unsubscribe at any time

    Privacy policy: mailerlite.com/legal/privacy-policy

    13. Data Retention

    TL;DR: How long we keep your data

    Personal data is deleted when no longer required for its purpose, unless statutory retention obligations apply.

    German retention periods include:

    • 10 years for tax-related records
    • 6 years for commercial correspondence

    14. Data Subject Rights

    TL;DR: Access, delete, port your data

    You have the right to:

    • Access (Art. 15 GDPR)
    • Rectification (Art. 16 GDPR)
    • Erasure (Art. 17 GDPR)
    • Restriction of processing (Art. 18 GDPR)
    • Data portability (Art. 20 GDPR)
    • Objection to processing (Art. 21 GDPR)
    • Withdraw consent at any time (Art. 7(3) GDPR)

    15. Right to Lodge a Complaint

    TL;DR: You can file with a supervisory authority

    You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

    16. Security Measures

    TL;DR: Industry-standard protections

    We implement appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect personal data.

    17. Changes to This Privacy Policy

    TL;DR: We may update this policy

    We reserve the right to update this privacy policy to reflect legal or technical changes.