Skip to content

Data Privacy Statement

Last updated: May 11, 2026

1. Controller

The controller responsible for the processing of personal data on this website is:

Active Fungus GmbH
Westendstraße 19 Rear building
80339 Munich
Germany

Managing Director: Jakob Braun

Email: info@activefungus-studios.de

2. General Information

We process personal data only to the extent necessary to operate this website, provide our content and functions, communicate with you, or process data on the basis of your consent. Personal data means any information relating to an identified or identifiable natural person, for example IP addresses, contact details, or usage data.

3. Legal Bases

Depending on the processing activity, we process personal data in particular on the basis of Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual steps), Art. 6(1)(c) GDPR (legal obligation), or Art. 6(1)(f) GDPR (legitimate interests).

4. Self-Hosting, Server Log Files, and Technical Delivery

Our website is operated on self-managed server infrastructure. When you access our website, our web server processes technically necessary access data. This may include: IP address, date and time of access, requested URL or file, HTTP status code, transferred data volume, referrer URL, browser and operating system information, and the requesting provider, to the extent that this information is transmitted by your browser or connection.

The processing is carried out to deliver the website, ensure stability and security, analyze errors, and investigate misuse or fraudulent activity. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and reliable operation of the website.

An external website hosting provider does not process these access logs as a regular independent recipient for website operation. Where technical infrastructure, maintenance, or security providers receive access to systems, this happens only to the extent necessary for operation, maintenance, or security. Where providers process personal data on our behalf, this is done under a data processing agreement pursuant to Art. 28 GDPR.

Server log files are retained for a maximum of 7 days and are then deleted. Longer retention may occur in individual cases where this is necessary for evidence preservation, troubleshooting, or legal enforcement.

Backups may technically include log data. Backups are used exclusively to restore systems and are not used for regular analysis of website visits.

5. Cookies and Consent Management

Our website uses technically necessary cookies and local storage mechanisms to provide core functions. These include cookies for storing your cookie preferences and a language cookie to preserve the selected language.

Optional services that are not technically necessary are activated only after your consent. You can withdraw or adjust your consent at any time with effect for the future via the cookie settings.

6. Local Fonts

The fonts used on this website are served locally from our own server. Loading the fonts does not create a connection to Google Fonts or other external font provider servers.

7. Videos and YouTube

Before consent is given, embedded videos are shown, where possible, as locally hosted video files from our own domain. No connection to YouTube is established for these local video fallbacks.

After your consent, videos may be embedded via YouTube, using the privacy-enhanced youtube-nocookie.com domain where possible. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, data such as your IP address, technical device and browser information, the page accessed, referrer information, and usage interactions may be transmitted to Google or YouTube. Transfers to third countries, in particular the United States, cannot be excluded.

The legal basis for embedding YouTube is your consent pursuant to Art. 6(1)(a) GDPR. Information about Google’s processing activities can be found in Google’s privacy information.

8. Newsletter and MailerLite

We may use MailerLite for newsletter functions and sign-up forms. The provider is MailerLite Limited or the relevant MailerLite entity within the EU. If you subscribe to a newsletter, we process the data you provide, in particular your email address and any voluntary information, to send the newsletter and manage your consent.

To document the subscription, the time of registration, IP address, and confirmation information may also be processed. Newsletters are generally sent only on the basis of your consent. The legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. You can unsubscribe at any time via the unsubscribe link in the newsletter or by contacting us.

Newsletter and subscription data are stored for as long as you are subscribed to the newsletter. After unsubscribing, data may be retained in a restricted form where this is necessary to prove prior consent or comply with legal obligations.

9. Contact by Email or Form

If you contact us by email or through a contact form, we process the information you submit in order to handle your request. This may include your name, email address, message content, time of request, and technical transmission data.

Depending on the content of the request, the legal basis is Art. 6(1)(b) GDPR where the communication relates to contractual or pre-contractual measures, or Art. 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.

10. Koko Analytics

We use Koko Analytics for simple, data-minimizing reach measurement. Koko Analytics is configured on our website so that no analytics cookies are set and no personal usage profiles are created. The analysis is used for aggregated statistics about the use of our website.

To the extent that personal data, in particular IP addresses, is processed server-side when the statistics endpoints are technically accessed, this is done for reach measurement and secure operation of the website on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in improving and technically monitoring our website.

11. External Links and Social Media References

Our website may contain links to external websites and social media profiles. Merely visiting our website does not transmit data to those providers through such links. Data is transmitted only when you click an external link and access the respective page.

12. Recipients and Third-Country Transfers

Personal data may be transmitted to technical service providers, hosting providers, newsletter providers, or providers of external content where this is necessary for the purposes described above or where you have given consent.

For services based outside the European Union or European Economic Area, or where access from such countries is possible, transfers to third countries may occur. Where required, we base such transfers on appropriate safeguards such as adequacy decisions, EU Standard Contractual Clauses, or your consent.

13. Retention Periods

We store personal data only for as long as necessary for the respective purposes or as long as statutory retention periods apply. Data processed on the basis of consent is processed until you withdraw that consent, unless statutory retention obligations or documentation requirements apply.

14. Your Rights

Subject to the requirements of the GDPR, you have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and objection to certain processing activities (Art. 21 GDPR). Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority. For private-sector controllers in Bavaria, the Bavarian Data Protection Supervisory Authority is generally competent.

15. Automated Decision-Making and Profiling

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place on our website.