Privacy Policy

This section of our website is designed to give you access to our Data Protection Declaration, that is intended to provide you with information on the collection and processing of personal data when using our website

1. General information on Data Privacy

1.1. This Data Protection Declaration is intended to provide you with information on the collection and processing of personal data when using our website Personal data means individual information on personal or factual circumstances being attributable to an identified or identifiable natural person.

1.2. The natural persons being responsible according to Art. 4 Para. 7 GDPR (General Data Protection Regulation) are Florence Lenoir & Felipe Mora (hereinafter also referred to as “The Way Factory”, “we” or “us”). The Way Factory can be contacted at

2. Rights of Affected Persons

2.1. In accordance with Art. 15 GDPR, you have the right, upon request and free of charge, to receive information about the personal data that has been stored about you. In accordance with Art. 16, 17 and 18 of the GDPR, you also have the right to have incorrect data corrected and your personal data blocked, deleted or processed to a limited extent. Under the conditions laid down in Art. 20 of the GDPR, you are also entitled to receive the personal data concerning you that have been stored in a structured, common and machine-readable format and to transmit this data to another person responsible without any impediment by The Way Factory. In addition, you have the right to withdraw your given consent. In according to Art. 21 Para. 1 GDPR you are also entitled to object to the processing of personal data relating to you, which is carried out on the basis of Art. 6 Para. 1 S. 1 lit. e) or f) GDPR, for reasons arising from your particular situation. You do not need any reason to object to data processing for the purpose of direct advertising. The Way Factory will fulfil your aforementioned claims, provided that the legal requirements for the assertion of the respective claims are satisfied.

2.2. Any requests for your personal data should be made to the e-mail address given in the imprint of our website or the e-mail address specified under Section 1.2. of this data protection declaration.

2.3. You are also entitled to file a complaint with a data protection supervisory authority regarding our processing of your personal data.

3. Subject of this Data Protection Declaration

This Data Protection Declaration exclusively deals with the handling of personal data by The Way Factory. In case our services are performed by subcontractors, you will find the information on the respective procedures below. In case you make use of services provided by third parties via the website, the data protection regulations of the respective third parties apply exclusively. The Factory does not check the data protection regulations of third parties.

4. Collection and Processing of Personal Data when using our website

We collect, store and process personal data in accordance with Art. 6 Para. 1 lit. b) GDPR for the entire handling of our services. Any and all personal data is processed exclusively in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

4.1. Access Data/ Server-Logfiles

In case our website is exclusively used for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server (server log files/access data). If you wish to view our website, we collect the following data on the basis of Art. 6 Para. 1 S. 1 lit. f) GDPR, which is technically necessary for us to display our website to you and to guarantee stability and security:

Name and content of the accessed website, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred, access status/HTTP status code (referrer URL), browser type, your operating system and its interface, language and version of the browser software.

The hosting provider shall store logfile data for safety purposes (e.g. for clarifying cases of misuse or fraud) for the duration of max. 7 days and deleted after this period. Data which are necessary for evidentiary purposes are stored until the specific incident is clarified.

4.2. Communication with us

When contacting us by e-mail or contact form, the data you provide (your e-mail address, if applicable your first and last name) will be stored by us in order to answer your question and handle your concern. The legal basis is provided in Art. 6 Para. 1 S. 1 lit. a) and b) GDPR. Your personal data can be stored in a customer relationship management system (“CRM system”) or similar systems.

We delete the data acquired in this context once no further storage is necessary or reduce the processing if further retention is required by law.

5. Cookies

We use cookies on our website. A cookie is a small file your browser creates automatically and that is stored on your access device (PC, Laptop, smartphone, etc.) when you are visiting our website. Cookies cannot run programs or transmit viruses to your computer. The cookie stores certain information related to the access device. This does not mean that we become aware of your identity directly. Cookies are used on the basis of Art. 6 Para. 1 S. 1 lit. f) GDPR.

We are using so-called session cookies to recognize that you visited certain pages of our websites. Those cookies will be deleted automatically at the time you leave our website. We also use temporary cookies to optimize the usability of our website, which are stored on your device during a certain period. In case you visit our website again to use our services, you and the inputs or settings you made will be recognized automatically, so you do not have to repeat it.

On the other hand, we use cookies to collect statistical data via third-party services on your website use and to analyze the data for optimization of the usability of our website (more details in Sect. 10). Those cookies are deleted after a certain period.

You can enable or disable cookies via the settings in your browser. However, not all interactive features of our website may be available if you disable cookies. You can find more information on how to prevent the use of cookies in each relevant section for the different services.

6. Webhosting

We use server capacities of a hosting provider for the purpose of offering our services through our website (web hosting) on the basis of Art. 6 Para. 1 S. 1 lit. b) GDPR. For that purpose, all your personal data we process via our website is transmitted to this service providers on the basis of the respective Data Processing Agreements obliging the hosting provider to take the appropriate technical and organizational measures in accordance with Art. 28 GDPR. We chose our host provider carefully. We only work with providers where an adequate level of data protection is guaranteed.

Visitor comments may be checked through an automated spam detection service.

7. Newsletter and Publications

7.1. Our newsletter and publications provide information about us and our services. If you would like to receive the newsletter, we need a valid e-mail address from you. For the registration of our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an email to the specified e-mail address asking you to confirm that you would like to receive the newsletter. Your information is not added to our systems until a confirmation is provided. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible abuse of your personal data.

7.2. The only information for sending the newsletter is your e-mail address. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a) GDPR.

7.3. We use the MailChimp component for sending our newsletters on the basis of Art. 6 Para. 1 S. 1 lit. f) GDPR. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA.

If you subscribe to our newsletter, your e-mail address will be transmitted to a server of The Rocket Science Group in the USA and stored there as long until you decide to unsubscribe as explained in Section 6.4.
According to the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016, the transfer of data from an EU controller or order processor to organizations in the US who have committed themselves to adhere to the framework principles of the EU-US Privacy Shield, including the additional principles, by way of self-certification with the US Department of Commerce, is permitted. MailChimp is subject to these principles through self-certification by the US Department of Commerce. Further information about data protection at MailChimp can be found here.

7.4. At the bottom of each newsletter, you will find a link to unsubscribe at any time. You can also unsubscribe from the newsletter at any time by sending a message to the e-mail address or address given in the imprint of our website or under Section 1.2. If the newsletter is canceled, the personal data stored for the purpose of providing the newsletter will be deleted, unless there is a legal obligation to keep it in safekeeping.

8. Safe Data Transmission

Your personal data is transmitted securely by encryption. We use the TLS encrypted channel using SSL. No one can guarantee absolute protection. However, we secure our website and other systems through technical measures.

9. Duration of Storage and Routine Deletion

9.1. We process and store personal data only during the period necessary to realize the purpose of processing or during the period of time and to the extent provided for in laws or regulations applicable to the controller.

9.2. If the storage purpose ceases to apply or a legally prescribed storage period expires, the personal data will be blocked or deleted as of a matter of routine and in accordance with the statutory provisions.

10. Integration of Services of Third Parties

10.1. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies (more details in Section 4.3.) to help the website analyze how users use the site. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on servers in the United States.

The Commission Decision (EU) 2016/1250 of 12.07.2016 allows the transfer of data from an EU controller or processor of orders to organizations in the US that have committed themselves to adhere to the framework principles of the EU-US Data Protection Shield, including the additional principles, by way of self-certification with the US Department of Commerce. Google is subject to these principles through self-certification with the U.S. Department of Commerce.

However, if IP anonymization is activated on our website, Google will reduce your IP address beforehand within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP anonymization is active on this website. On behalf of The Way Factory, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and Internet use in comparison with The Way Factory. Legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f) GDPR.

The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available here.

You can find further information on the data use by Google here:

User Terms and Conditions
Overview regarding Data Protection
Data Protection Declaration

10.2. Use of Mailchimp

This website uses the online marketing platform Mailchimp operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. Its use is to allow The Way Factory to maintain its mailing list and send campaigns to subscribers. The legal basis for the use of Mailchimp is Art. 6 Par. 1 S. 1 lit. f) GDPR.

Mailchimp and their partners may use various technologies to collect and store information when you interact with The Way Factory’s email marketing campaign, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. For example, Mailchimp uses web beacons in the emails they send on The Way Factory’s behalf. When you receive and engage with a campaign from The Way Factory, web beacons track certain behavior such as whether the email sent through the Mailchimp platform was delivered and opened and whether links within the email were clicked. They also allow Mailchimp to collect information such as your IP address, browser, and other similar details. Mailchimp uses this information to measure the performance of our campaigns and to provide analytics information and enhance the effectiveness of their services.

Information of the third party provider Mailchimp on data protection is available here.

March 2, 2019