Privacy Policy
1. Privacy at a Glance
This privacy policy explains what personal data we process, why we process it, the legal bases under the GDPR, how long we keep it, and what rights you have.
2. Data Controller
The data controller for this website is:
Königsallee 19, 40212 Düsseldorf, Germany
E-Mail: info@mfqconsulting.com
Data Retention
Unless a more specific retention period is stated elsewhere in this privacy policy, your personal data will be retained until the purpose for processing no longer applies.
Specific retention periods:
- Server log files: 7 days
- Contact inquiries: 6 months after inquiry completion, unless an ongoing business relationship exists
- Matomo analytics data: 180 days
3. Hosting
This website is hosted externally. Personal data collected on this website is stored on the servers of our hosting provider.
HOSTINGER operations, UAB
Švitrigailos str. 34, Vilnius 03230, Lithuania
Data collected in server log files: Browser type and version, operating system, referrer URL, hostname, time of request, IP address
Art. 6(1)(f) GDPR (legitimate interest in reliable and optimised website operation).
Server log files are typically retained for 7 days.
We have concluded a Data Processing Agreement (DPA) with our hosting provider.
4. Data Collection on This Website
Cookies
This website does not use tracking cookies. Our analytics service (Matomo) operates in fully cookieless mode. Appointment booking via Calendly is loaded only after user interaction (see section 7). No cookies are set during normal operation. Legal basis for technically necessary access to end devices: § 25(2) TDDDG (technical necessity). Subsequent processing of personal data: Art. 6(1)(f) GDPR.
Contact Form
When you send us inquiries via the contact form, your data (name, email, company, message) is transmitted to Web3Forms (web3forms.com) for processing and forwarded to us via email. Web3Forms acts as a data processor under a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. Bot protection is provided by a honeypot field (no cookies or reCAPTCHA). Contact form data is retained for 6 months after inquiry completion, unless an ongoing business relationship exists.
Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw your consent at any time by emailing info@mfqconsulting.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
International transfer: The contact form uses Web3Forms (Web3Creative). Your data is transmitted to Web3Forms' infrastructure (hosted on AWS). If data is processed outside the EEA, the transfer is based on Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR. You may obtain a copy of the applicable safeguards by contacting us at info@mfqconsulting.com.
Web3Forms privacy policy: https://web3forms.com/privacy
5. Your Rights
Under the GDPR, you have the following rights: right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and the right to lodge a complaint with a supervisory authority (Art. 77). Where processing is based on consent, you have the right to withdraw consent at any time (Art. 7(3)). To exercise your rights, contact us at info@mfqconsulting.com.
Competent supervisory authority: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf, Germany. E-Mail: poststelle@ldi.nrw.de
6. Analytics
Matomo (Cookieless Tracking)
We use the open-source web analytics service Matomo in cookieless mode. Configuration: cookieless tracking (no cookies set), no fingerprinting or persistent identifiers, IP anonymization (last 2 bytes removed), data stored on the servers of our hosting provider (Hostinger, Vilnius, Lithuania, EU), Do-Not-Track is respected, analytics data is retained for 180 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website optimization). The legal basis for access to end devices under § 25(2) TDDDG is the technical necessity of audience measurement. We provide transparency and an opt-out option. If your browser sends a Do Not Track signal, we respect it. You can also use the Matomo opt-out option provided on this page.
7. Plugins and Tools
OpenStreetMap
This website uses the mapping service OpenStreetMap for displaying interactive maps. Provider: OpenStreetMap Foundation (OSMF), St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom. Map tiles are loaded from CARTO (formerly CartoDB) servers (domains: *.basemaps.cartocdn.com). No cookies or tracking mechanisms are used, but when loading tiles, connection data - in particular your IP address, user agent, and referrer - is transmitted to the CARTO tile servers. Your IP address constitutes personal data under the GDPR. The map is loaded only after your active consent (2-click pattern). Legal basis: Art. 6(1)(a) GDPR (consent) pursuant to § 25(1) TDDDG.
More information: OpenStreetMap Privacy Policy
Calendly (Appointment Booking)
For online appointment booking, we use Calendly. The service is loaded only after active user interaction (clicking the booking link). Provider: Calendly LLC, 3423 Piedmont Road NE, Suite 200, Atlanta, GA 30305, USA. Data processed: name, email, appointment slot, and optional additional details. International transfer: Calendly processes data in the USA. The transfer is based on Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. Legal basis: Art. 6(1)(b) GDPR (contract initiation) and Art. 6(1)(f) GDPR (efficient appointment management).
More information: Calendly Privacy Policy
8. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect current legal requirements or changes to our services.
Last updated: February 2026