Book a call →

— Legal / Data Privacy

Data Privacy

How we collect, use, and protect your personal data. Last updated: May 2026.

1. Data controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Lara Barboza da Silva

Trading as Branding by Lara

Berlin, Germany

hello@brandingbylara.com

For all questions about data protection, you can contact us directly at the address above.

2. Data we collect

We only collect personal data that you actively provide to us, or data that is technically necessary for the operation of the website. We do not use tracking tools, advertising pixels, or behavioural analytics.

Server log files

When you visit our website, your browser automatically transmits certain technical information to our hosting provider. This includes:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Date and time of the request
  • IP address (anonymised)

This data is processed solely for the purpose of ensuring stable and secure operation of the website. It is not linked to any personal identity and is not shared with third parties.

3. Contact form and email

When you submit an enquiry through our contact form or send us an email, the data you provide (name, email address, and any information you share in the message) is transmitted to us and stored.

We use this data exclusively to respond to your enquiry and to follow up as needed. We do not use it for marketing purposes without your explicit consent.

Legal basis: Art. 6(1)(b) GDPR (processing necessary for the performance of a contract or pre-contractual steps) and Art. 6(1)(f) GDPR (legitimate interest in responding to your request).

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected, typically within 12 months of last contact, unless a longer retention period is required by law (for example, for invoicing purposes: 10 years under § 147 AO).

4. Cookies and consent management

Cookies are small text files stored on your device. This website uses a cookie consent management tool to give you control over which cookies are set.

Strictly necessary cookies

Some cookies are technically required for the website to function (for example, remembering your cookie preferences). These do not require your consent under Art. 6(1)(f) GDPR and cannot be disabled.

Optional cookies

Any non-essential cookies are only set with your explicit consent, which you can give or withdraw at any time via the cookie settings in the footer of this website. Withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal.

You can also manage cookies directly in your browser settings and delete stored cookies at any time.

5. Hosting

This website is hosted by a third-party provider. The hosting provider processes technical access data (including IP addresses) as a data processor on our behalf and is bound by a data processing agreement in accordance with Art. 28 GDPR.

The hosting provider's servers are located within the European Union. No data is transferred to third countries.

7. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law:

  • Enquiry and correspondence data: up to 12 months from last contact
  • Client and invoicing data: 10 years (§ 147 AO, German tax law)
  • Technical server logs: 7 to 14 days, then automatically deleted
  • Cookie consent records: 12 months

When the retention period expires, data is securely deleted or anonymised.

8. Third-party services

We do not sell, rent, or otherwise share your personal data with third parties for their own commercial purposes.

Data may be shared with the following categories of service providers, strictly as processors acting on our behalf:

  • Web hosting and infrastructure provider
  • Email communication tools used to respond to enquiries
  • Cookie consent management platform

All processors are contractually bound to handle your data in accordance with GDPR. No data is transferred outside the European Economic Area (EEA).

Google Fonts

This website loads fonts from Google Fonts. The font files are served via Google's CDN. When the page loads, your browser may transmit your IP address to Google's servers. Google LLC is certified under the EU-US Data Privacy Framework. For details, see Google's privacy policy.

9. Your rights

Under the GDPR, you have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR): You can request information about the data we hold about you.
  • Right to rectification (Art. 16 GDPR): You can ask us to correct inaccurate data.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your data, subject to legal retention obligations.
  • Right to restrict processing (Art. 18 GDPR): You can request that we limit how we process your data.
  • Right to data portability (Art. 20 GDPR): You can request a copy of your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest at any time.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at: hello@brandingbylara.com

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219, 10969 Berlin

www.datenschutz-berlin.de

10. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

Material changes will be communicated to active clients directly via email where required.