Skip to content
FranchiseForYou

Legal

Privacy policy

Effective June 13, 2026 · Version 1.0

1. Data controller

The data controller responsible for the processing of personal data on this website is:

Sylvia Steenken
FranchiseForYou / Sylvia Steenken Management Consultancy
Nierster Straße 3
47809 Krefeld
Germany

Telephone: 02151 7899310
Email: info@FranchiseForYou.de
Website: www.FranchiseForYou.de

2. General information

We process personal data only to the extent necessary to provide a secure and fully functional website, to deal with enquiries, to arrange appointments, or to carry out pre-contractual and contractual measures.

Depending on the processing method, this is due in particular to:

  • Article 6(1)(b) of the GDPR in relation to pre-contractual or contractual measures,
  • Article 6(1)(f) of the GDPR on the basis of legitimate interests, in particular the secure operation of the website and the processing of business enquiries,
  • Article 6(1)(a) of the GDPR in the case of explicit consent.

Consent that has been given may be withdrawn at any time with effect for the future.

3. Hosting and technical provision

Our website is developed and operated by the following technical service provider:

mansour.io Beratungsgesellschaft UG (limited liability)
Neumarkt 5–11
42103 Wuppertal
Germany

The infrastructure provided by Vercel Inc., USA, is used for hosting, deployment and delivery of the website. Editorial content is managed via the Sanity content management system. Images can be delivered directly to the browser via Sanity’s content delivery network.

The domain is managed by the registrar INWX GmbH & Co. KG, Germany. Cloudflare, Inc., USA, is used for DNS management, as an upstream content delivery network and to protect against attacks. In doing so, technical connection data, in particular the IP address, is processed.

Vercel Web Analytics (Vercel Inc., USA) is used for anonymous audience measurement. Data is collected without the use of cookies and without storing personal data on your device. No cross-page profiles are created, and no data is passed on to third parties for advertising purposes. Only aggregated, anonymised usage data is processed, such as pages visited, approximate region of origin and device type. The legal basis is Article 6(1)(f) of the GDPR; the legitimate interest lies in the statistical analysis and improvement of our service.

When you visit the website, data required for technical purposes is processed. This may include, in particular:

  • IP address,
  • Date and time of access,
  • URL accessed,
  • Browser and device information,
  • User-Agent,
  • Referrer URL and
  • Technical specifications and safety data.

The processing is carried out for the purposes of website delivery, stability, security and fault analysis. The legal basis is Article 6(1)(f) of the GDPR.

No data is analysed for advertising, tracking or profiling purposes.

Where service providers process data on our behalf, this is done on the basis of contracts in accordance with Article 28 of the GDPR.

4. Technically necessary functions

The website uses locally hosted fonts. No connection is made to Google Fonts when the page is loaded.

The internal search function runs within the browser. Search terms are not sent to external search providers.

The language setting transmitted by the browser can be used to select the language version. No language cookie is set for this purpose.

5. Consent management and external media

We use our own consent management system with the categories ‘Essential’ and ‘External media’.

Your selection will be stored in your browser’s local storage. This is done solely to take your choice into account. It will not be used for analytical or advertising purposes, nor will it be transmitted to an external consent provider.

The legal basis for storing the selection is Section 25(2) of the TDDDG. Where personal data is processed in this context, this is based on Article 6(1)(f) of the GDPR.

Microsoft Bookings, YouTube and Spotify will only be loaded once you have consented to the ‘External Media’ category or have explicitly enabled the relevant content. The legal basis for this is your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.

You can change or withdraw your consent at any time via the permanently accessible button for privacy settings.

6. Contact by email and telephone

If you contact us by email or telephone, we will process the data you provide in order to deal with your enquiry.

This may include, in particular, your name, company, role, email address, telephone number, the content of your enquiry and the history of our communications.

If the enquiry relates to the initiation or performance of a contract, the legal basis is Article 6(1)(b) of the GDPR. For other business enquiries, processing is carried out on the basis of Article 6(1)(f) of the GDPR.

7. Contact form and email dispatch

The following information is processed via our contact form:

  • Name,
  • Companies, where specified,
  • Email address,
  • Telephone number, if provided,
  • selected topic,
  • Message and
  • data required for technical transmission purposes.

The data will be used to process your enquiry. The form is protected against automated submissions by an invisible honeypot field and a server-side check. No external CAPTCHA service is used.

We use Resend, a service provided by Plus Five Five, Inc., USA, to send contact enquiries and automatic confirmation of receipt.

The form data is not stored in a separate website database or in the content management system. It is sent as an email to info@FranchiseForYou.de and is subsequently stored in the relevant email systems.

The legal basis is Article 6(1)(b) of the GDPR, insofar as the enquiry serves to initiate or perform a contract. In all other respects, processing is carried out on the basis of Article 6(1)(f) of the GDPR.

8. Microsoft Bookings

Our contact page features an appointment booking form embedded via Microsoft Bookings.

The provider is:

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland

The embedding will only be loaded once you have given your consent. In particular, your IP address, browser and device information, and technical connection data may be transmitted to Microsoft.

When you book an appointment, Microsoft also processes, in particular, your name, your email address, the appointment you have selected and the details you have entered.

The embedding is loaded on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. The processing of booking data is carried out on the basis of Article 6(1)(b) of the GDPR.

9. YouTube

Videos from YouTube are embedded on our website.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, USA.

The videos will only be loaded once you have given your consent. In particular, your IP address, browser and device information, usage and playback data, as well as cookies or similar identifiers, may be processed.

If you are signed in to Google or YouTube, Google may be able to link your usage to your account.

The legal basis is your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.

10. Spotify

Podcast episodes are embedded on our website via Spotify.

The provider is Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden.

The embedded content will only be loaded once you have given your consent. In particular, this may involve the processing of your IP address, browser and device information, playback data, as well as cookies or similar identifiers.

If you are logged in to Spotify, Spotify may be able to link your usage to your account.

The legal basis is your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.

11. External links

Our website contains links to external websites and profiles, such as LinkedIn, trade associations, partners or specialist publications.

It is only when you click on such a link that you leave our website. The respective provider is responsible for any subsequent data processing.

12. Recipients and transfers to third countries

Recipients of personal data may include, in particular, technical service providers, hosting and CMS providers, email service providers and providers of embedded external media.

Some service providers are based in the USA or process data there. Data will only be transferred if the conditions set out in Articles 44 et seq. of the GDPR are met, in particular on the basis of:

  • an adequacy decision by the European Commission,
  • valid certification under the EU-US Data Privacy Framework, or
  • appropriate safeguards, such as EU standard contractual clauses.

In the case of Microsoft Bookings, YouTube and Spotify, the initial data transfer via embedding only takes place once you have given your consent.

13. Retention period

We only store personal data for as long as is necessary for the relevant purpose.

Data may be stored for a longer period where there are statutory retention obligations or where the data is required for the establishment, exercise or defence of legal claims.

The consent setting stored in your browser will remain in place until you change it or clear your browser’s local storage.

14. Your rights

In accordance with the statutory requirements, you have the following rights in particular:

  • Information pursuant to Article 15 of the GDPR,
  • Rectification pursuant to Article 16 of the GDPR,
  • Erasure in accordance with Article 17 of the GDPR,
  • Restriction of processing pursuant to Article 18 of the GDPR,
  • Data portability pursuant to Article 20 of the GDPR,
  • Objection pursuant to Article 21 of the GDPR, and
  • Withdrawal of consent in accordance with Article 7(3) of the GDPR.

Where we process data on the basis of Article 6(1)(f) of the GDPR, you may object to such processing on grounds relating to your particular situation.

To exercise your rights, please use the contact details set out in Section 1.

15. Right of appeal

You have the right to lodge a complaint with a data protection supervisory authority.

The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia
Kavalleriestraße 2–4
40213 Düsseldorf
Germany

16. Data security and timeliness

Our website uses SSL or TLS encryption.

No decision-making is carried out solely by automated means, including profiling, in accordance with Article 22 of the GDPR.

Date of this privacy policy: June 2026

We will update the privacy policy if there are changes to the services we use, our technical processes or legal requirements.