Privacy Policy

Last updated: 10 April 2026

I take your privacy seriously. Below you'll find a clear overview of what data I collect, why I need it, which third-party services are involved, and what rights you have. If anything is unclear, just drop me a line.

  1. Who I am

Controller Anastasiia Rossokha, sole proprietor Wirtstraße 12, 81539 Munich, Germany ana.rossokha.ads@gmail.com

  1. Hosting

This website is hosted by Framer B.V. (Amsterdam, Netherlands). When you visit, a connection to Framer's servers is established, which necessarily involves processing your IP address. This is required to deliver the website to you (Art. 6(1)(f) GDPR — legitimate interest in reliable website operation). Details on Framer's data handling: https://www.framer.com/legal/privacy-statement

  1. Cookie consent and Google Consent Mode

Before any non-essential cookies or tracking scripts are activated, you will see a consent banner provided by Kukie.io. No marketing, analytics, or tracking cookies are set until you actively give consent. If you decline, no data is collected by these services. You can change or withdraw your consent at any time by clicking the small cookie icon in the corner of the page.

The legal basis for displaying the consent banner itself is § 25 TTDSG in conjunction with Art. 6(1)(a) GDPR.

  1. Google Tag Manager

This website uses Google Tag Manager (GTM), a tag management service by Google Ireland Ltd., to manage the tracking services described below. GTM and all tags it controls are loaded only after you give consent via the cookie banner.

Legal basis: Art. 6(1)(a) GDPR (your consent).

  1. Analytics and tracking (only with your consent)

The following services are activated only after you give consent via the cookie banner.

5.1 Google Analytics 4 (GA4)

Provider: Google Ireland Ltd. Purpose: Understanding how visitors use the website — which pages are visited, how long sessions last, and where visitors come from. Data processed: IP address (anonymised), pages visited, session duration, device and browser information, approximate geographic location, referral source. Cookies set: _ga, ga[ID] (expire after up to 14 months). Legal basis: Art. 6(1)(a) GDPR (your consent). Google's privacy policy: https://policies.google.com/privacy

5.2 Meta Pixel (Facebook/Instagram)

Provider: Meta Platforms Ireland Ltd. Purpose: Measuring the effectiveness of advertising campaigns on Facebook and Instagram, building audiences for retargeting, and optimising ad delivery. Data processed: IP address, browser and device data, pages visited, actions taken on the website (e.g. clicking a contact button), referral data from ad clicks. With Advanced Matching enabled, hashed (one-way encrypted) versions of data you voluntarily provide — such as your email address or phone number when filling out a form — may be transmitted to Meta to improve attribution accuracy. Cookies set: _fbp, _fbc (expire after up to 90 days). Legal basis: Art. 6(1)(a) GDPR (your consent).

5.3 Meta Conversions API (server-side)

In addition to the browser-based Meta Pixel, certain events (such as page views and contact actions) are also sent to Meta server-side via a Conversions API gateway. This means some data is transmitted from the server rather than from your browser. The same events are deduplicated so they are not counted twice. The data processed is the same as described in Section 5.2.

The gateway is operated via Stape.io and proxied through sgw.anarossokha.com. Data is processed on EU-based servers. Legal basis: Art. 6(1)(a) GDPR (your consent).

5.4 Calendly

Provider: Calendly LLC (Atlanta, USA). Purpose: Scheduling consultation calls. Data processed: Name, email address, answers to pre-booking questions (whether you currently run ads, and a link to your website or Instagram). Calendly also has its own integration with Meta Pixel and Google Analytics — when you confirm a booking, Calendly sends a scheduling event directly from its servers to Meta and/or Google. Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps at your request) for the booking itself; Art. 6(1)(a) GDPR (your consent) for Calendly's tracking integrations. Calendly's privacy policy: https://calendly.com/privacy

6. Data transfers to countries outside the EU/EEA

Several of the services listed above are operated by US-based companies (Meta Platforms Inc., Google LLC, Calendly LLC). Data transferred to the US is protected by the EU-US Data Privacy Framework, under which these providers are certified. Where the Data Privacy Framework does not apply, Standard Contractual Clauses (SCCs) approved by the European Commission serve as the transfer mechanism.

7. Data I receive directly from you
Enquiry / booking

Name, email address, phone number, (invoice) postal address. Source: email, Instagram direct message, or Calendly booking form.

Invoicing

Name and full postal address (mandatory under § 14 UStG). Source: details you provide when placing an order.

Payment

Payment references (IBAN or PayPal transaction ID). Source: SEPA bank transfer or PayPal.

Legal bases: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c) GDPR (legal obligations for bookkeeping).

8. Who else has access to your data

  • Framer B.V. — website hosting

  • Google Ireland Ltd. — GTM, GA4, Google Consent Mode

  • Meta Platforms Ireland Ltd. — Meta Pixel, Conversions API

  • Calendly LLC — appointment scheduling

  • Kukie.io — consent management

  • Stape.io — server-side event gateway

  • Google Workspace Ireland Ltd. — hosted email service

  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processing

  • German house bank — SEPA payments

  • Public authorities (e.g. tax office) — only where required by law

9. How long I keep data

Cookies: as specified per service above (GA cookies up to 14 months, Meta cookies up to 90 days). Deleted immediately if you withdraw consent.

  • Accounting and invoicing records: 10 years (§ 147 AO).

  • Enquiry and project correspondence: 12 months after our last contact.

  • Consent records (proof that you accepted or declined cookies): 3 years (statute of limitations under § 195 BGB).

  • Early deletion: anytime on request, provided no legal duty to retain applies.

10. Your rights

Under the GDPR you have the right to:

  • Access the data I hold about you (Art. 15)

  • Have inaccurate data corrected (Art. 16)

  • Have your data deleted (Art. 17)

  • Restrict processing (Art. 18)

  • Data portability (Art. 20)

  • Object to processing based on legitimate interest (Art. 21)

  • Withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3))

To exercise any of these rights, email ana.rossokha.ads@gmail.com.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach https://www.lda.bayern.de

11. Minors

My services target people aged 16 and over. I do not knowingly process data from younger individuals.

12. No automated decisions

I do not use profiling, scoring, or other automated decision-making within the meaning of Article 22 GDPR.

13. Changes to this policy

I may update this privacy policy from time to time. The "last updated" date at the top will reflect the most recent revision. For material changes affecting how your data is processed, I will make reasonable efforts to inform you (e.g. via a notice on the website).