Privacy & Data Protection.

When you visit our website, our hosting provider automatically receives and processes technical data your browser transmits. This is necessary to display the website and to maintain stability and security:

• Pages visited on our website
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL
• IP address
• Amount of data transferred

This data is processed by our hosting provider (see section "Hosting" below). It is not used to identify individual users. Server logs are typically retained for up to 30 days and then deleted, unless a specific security incident requires longer retention for investigation.

Legal basis: Art. 6 (1) lit. f GDPR — our legitimate interest in operating a stable and secure website.

This website is hosted by Lovable.dev (Lovable Labs AB, Regeringsgatan 25, 111 53 Stockholm, Sweden). When you visit our site, technical data including your IP address is processed by Lovable to deliver the website to you. We have concluded a data processing agreement with Lovable pursuant to Art. 28 GDPR.

For its hosting and back-end services, Lovable uses sub-processors, in particular Supabase and the underlying AWS infrastructure on which Supabase runs. Depending on the region configured for our project, data may be processed on servers located within the European Union or in third countries (such as the United States). Where data is transferred to third countries, such transfers are based either on an adequacy decision of the European Commission (Art. 45 GDPR) or on Standard Contractual Clauses pursuant to Art. 46 GDPR.

For details on how Lovable processes data and on its sub-processors, see Lovable's privacy policy at https://lovable.dev/privacy.

Legal basis: Art. 6 (1) lit. f GDPR.

Our website uses technically necessary cookies and local storage to enable basic functionality. These do not track you across sessions or websites and are exempt from consent requirements under § 25 Abs. 2 Nr. 2 TDDDG.

We do not currently use analytics, advertising, or third-party tracking technologies on this site. If this changes in the future, we will implement a cookie consent banner and update this privacy policy accordingly.

You can configure your browser to block or notify you about cookies. Note that some site features may not work correctly if you do so.

When you submit our contact form, we collect the data you provide (name, email address, message content, and any optional fields). The form submission is processed and stored through our website infrastructure (see "Hosting" above) so that we can respond and follow up on your inquiry.

We use this data exclusively to handle your request and any follow-up communication that arises from it.

Retention: We retain your data for the duration of our communication and any resulting engagement. After the matter is concluded, we retain related correspondence for up to 6 years where required by statutory retention obligations (in particular § 257 HGB for business correspondence). After that period, the data is deleted. You may request earlier deletion at any time, provided no statutory retention obligation applies.

Legal basis: Art. 6 (1) lit. b GDPR if your request relates to the initiation or performance of a contract; otherwise Art. 6 (1) lit. f GDPR based on our legitimate interest in responding to inquiries.

Our newsletter is operated through Substack Inc., 548 Market St, PMB 72296, San Francisco, CA 94104, USA. If you subscribe through a Substack signup form embedded on our site or via a link to our Substack page, your email address (and optionally your name) is transferred to and stored by Substack in the United States.

Substack uses double opt-in: you will receive a confirmation email before being added to our list. You may unsubscribe at any time via the unsubscribe link in any newsletter email.

Substack is certified under the EU-U.S. Data Privacy Framework. The transfer to the United States is therefore based on the European Commission's adequacy decision of 10 July 2023 pursuant to Art. 45 GDPR.

For Substack's own privacy policy, see https://substack.com/privacy.

Legal basis: Art. 6 (1) lit. a GDPR (your consent).

Our website contains links to external services including, but not limited to, LinkedIn and Substack. When you click these links, you leave our site. We have no control over the data processing on those external sites — their respective privacy policies apply.

These links are implemented as standard hyperlinks. They do not load external content on our pages and do not transfer your data to third parties unless you actively click them.

Under the GDPR, you have the following rights regarding your personal data:

• Right to information about the data we hold about you (Art. 15 GDPR)
• Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
• Right to erasure, "right to be forgotten" (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent at any time, with effect for the future (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise any of these rights, contact us at info@leonardrinser.com.

The supervisory authority competent for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany

We may update this privacy policy from time to time to reflect changes in our services or in applicable law. The current version is always available at this URL.

Last updated: 29 May 2026