Privacy Policy

Henrik Wiedwald CoreFrame Schubertring 32 22848 Norderstedt Germany Email: wiedwald@coreframe.one Phone: +49 162 3217783 Website: coreframe.one

This website is hosted by Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA. Each time our website is accessed, Vercel automatically records server log files transmitted by your browser, including: • Browser type and version • Operating system • Referrer URL • Hostname of the accessing device • Time of the server request • IP address This data is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in technically error-free operation of the website). As Vercel is based in the USA, your data is transferred there. The transfer is based on EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Vercel is certified under the EU-US Data Privacy Framework. For more information, see Vercel's Privacy Policy: vercel.com/legal/privacy-policy

Contact form / appointment booking: When you use our contact form or book a call, we collect your name, email address, and message content to process your enquiry (Art. 6(1)(b) GDPR). WhatsApp communication: If you contact us via WhatsApp, your messages and metadata are processed by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland). The legal basis is your consent (Art. 6(1)(a) GDPR). Please refer to WhatsApp's Privacy Policy at whatsapp.com/legal/privacy-policy.

We process your personal data on the following legal bases: • Art. 6(1)(a) GDPR — your consent • Art. 6(1)(b) GDPR — performance of a contract or pre-contractual measures • Art. 6(1)(c) GDPR — compliance with a legal obligation • Art. 6(1)(f) GDPR — our legitimate interests (e.g. technically secure operation of the website)

Contact enquiries are stored for the duration of the business relationship and thereafter in accordance with statutory retention periods (up to 10 years under German commercial and tax law). Server log data is automatically deleted after a maximum of 30 days.

Your personal data is only passed on to third parties if: • you have given your explicit consent (Art. 6(1)(a) GDPR), • it is necessary for the performance of a contract (Art. 6(1)(b) GDPR), • a legal obligation requires it (Art. 6(1)(c) GDPR), or • it is necessary to protect legitimate interests (Art. 6(1)(f) GDPR). All processors we engage are contractually bound to comply with GDPR (Art. 28 GDPR).

Our website uses only technically necessary cookies required for its proper operation. These cookies do not store personal data and are automatically deleted when you close your browser. Tracking, advertising, or analytics cookies are not used without your explicit consent. You may configure your browser to reject cookies at any time, which may affect website functionality.

This website uses SSL/TLS encryption to protect the transmission of confidential content. You can recognise an encrypted connection by the "https://" prefix and the padlock icon in your browser address bar.

Some service providers we use (in particular Vercel Inc.) are based outside the European Economic Area (EEA), especially in the USA. We ensure that appropriate safeguards under Art. 46 GDPR are in place for every transfer to third countries, including EU Standard Contractual Clauses and certifications such as the EU-US Data Privacy Framework.

Under the GDPR you have the right to: • Access (Art. 15): request a copy of the personal data we hold about you • Rectification (Art. 16): request correction of inaccurate data • Erasure (Art. 17): request deletion of your data where no retention obligations apply • Restriction (Art. 18): request restriction of processing • Data portability (Art. 20): receive your data in a structured, machine-readable format • Object (Art. 21): object to processing based on legitimate interests • Withdraw consent (Art. 7(3)): withdraw consent at any time with effect for the future To exercise your rights, contact: wiedwald@coreframe.one You also have the right to lodge a complaint with the competent supervisory authority: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) Holstenstraße 98, 24103 Kiel www.datenschutzzentrum.de

This Privacy Policy is current as of April 2026. We may update it as our website develops or due to changes in law or regulatory requirements. The latest version is always available at coreframe.one/privacy.