Privacy Policy

The controller responsible for data processing on this website is:

Data You Provide Voluntarily

• Contact information: Name, email address, company name when you submit a contact form, book a call, or subscribe to the newsletter.
• Communication data: Messages, inquiries, and feedback you send us through the contact form or email.
• Assessment data: Responses to the Agent Readiness Scorecard, including company size and current CRM.
• Business information: Details about your company, tech stack, and operational challenges shared during consultations.

Data Collected Automatically

• Usage data: Pages visited, time spent on pages, referring URLs, and navigation paths. Collected via Plausible Analytics (privacy-focused, no cookies, EU-hosted).
• Device information: Browser type, operating system, device type, and screen resolution.
• IP address: Anonymized and used for analytics and security purposes only.

We process your data for the following purposes:

• Contract performance (Art. 6(1)(b) GDPR): Responding to inquiries, providing services, and fulfilling contractual obligations.
• Consent (Art. 6(1)(a) GDPR): Sending newsletter communications (double opt-in required). You may withdraw consent at any time.
• Legitimate interest (Art. 6(1)(f) GDPR): Website analytics for improving user experience, security measures, and fraud prevention.

We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies and does not collect personal data. Plausible is hosted in the EU and is fully GDPR compliant without requiring cookie consent.

If we implement additional tracking tools in the future, we will obtain your explicit consent before any non-essential cookies are set, in compliance with the ePrivacy Directive and German Telemediengesetz (TDDDG).

We share data with the following processors, all of which have signed Data Processing Agreements (DPAs):

• HubSpot (EU data residency): CRM and email marketing. Stores contact information, scorecard results, and engagement data.
• Plausible Analytics (EU-hosted): Website analytics. No personal data collected. No cookies.
• Resend (email delivery): Transactional email delivery for contact form confirmations and newsletter distribution.
• Calendly / Cal.com: Appointment scheduling. Collects name, email, and appointment details when you book a call.
• Vercel (hosting): Website hosting and content delivery. Processes server logs including anonymized IP addresses.

We retain your personal data only as long as necessary for the purposes described in this policy:

• Contact form submissions: 36 months, unless you request earlier deletion.
• Newsletter subscribers: Until you unsubscribe.
• Scorecard results: 36 months.
• Client engagement data: Duration of the engagement plus 36 months for follow-up.
• Analytics data: Plausible retains anonymized, aggregated data only. No personal data is stored.

As a data subject in the European Economic Area, you have the following rights:

• Right of access (Art. 15): Request a copy of your personal data.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing (Art. 18): Request limitation of data processing.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)): Withdraw consent for newsletter or marketing communications at any time.

To exercise any of these rights, contact us at hello@verluna.de. We will respond within 30 days.

You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte fur Datenschutz und Informationsfreiheit).

We implement appropriate technical and organizational measures to protect your personal data:

• TLS/HTTPS encryption for all data in transit
• Encrypted storage for data at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments of third-party processors
• EU-based hosting and data processing where possible

We prioritize EU-based data processing. Where data is transferred outside the EEA (for example, certain Vercel CDN nodes), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

Newsletter subscriptions require double opt-in in compliance with German unfair competition law (UWG). After entering your email, you will receive a confirmation email. Your subscription is only active after you click the confirmation link. Every newsletter includes an unsubscribe link.

Our services are directed at businesses and professionals. We do not knowingly collect data from individuals under 16. If you believe we have collected data from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will notify newsletter subscribers via email.

For privacy-related inquiries, data subject requests, or complaints: