With the following privacy notices, I inform you about which personal data I process, for what purpose and to what extent when you visit my website and use my business services.

not famous GmbH
Maillingerstraße 22
80636 München
Germany

Represented by: Michael Heindl (Managing Partner)
Email address: hello@not-famous.com

I have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss, and other external disturbances. For this purpose, I regularly review my security measures and adapt them to the state of the art. I have also established procedures that ensure the assertion of data subject rights, the deletion of data, and responses to data threats.  
TLS/SSL Encryption (https): To protect the data of users transmitted via my online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transferred between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured with an SSL/TLS certificate.

I process data of my contractual and business partners, e.g., customers and interested parties, within the scope of pre-contractual measures and for the fulfillment of contractual agreements as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g., to answer inquiries.

I process this data to fulfill my contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies for warranty and other performance disruptions. Furthermore, I process the data to safeguard my rights and for the purpose of administrative tasks associated with these obligations, as well as for company organization. I process the data based on my legitimate interest in proper and business-like management and in security measures to protect my contractual partners and my business operations against misuse, danger to their data, secrets, information, and rights (e.g., for the involvement of telecommunication, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of the applicable law, I only pass on data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

Which data are required for the aforementioned purposes will be communicated to the contractual partners before or during the data collection.

I delete the data after the expiry of statutory warranty and comparable obligations, usually after 6 years, unless the data are stored in a customer account, e.g., as long as they must be retained for legal archiving reasons. The statutory retention period for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions and other organizational documents required to understand these documents, and booking receipts is ten years, and for received commercial and business letters and reproductions of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made or the annual financial statement was prepared, the commercial or business letter was received or sent, or the booking receipt arose, or the recording was made, or the other documents were created.

Insofar as I use third-party providers or platforms to provide my services, the general terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Processed Data Categories: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, telephone number); contract data (e.g., subject matter of the contract, term, customer category).

Data Subjects: Business and contractual partners, interested parties.
Purposes of Processing: Provision of pre-contractual services and fulfillment of contractual obligations; contact inquiries and communication, fulfillment of legal requirements, etc. Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR); legal obligations (Art. 6 para. 1 lit. c GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Agency Services: I process my customers' data within the scope of my contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, data analysis/consulting services, and training services. Legal Bases: Pre-contractual inquiries, execution and termination of contracts (Art. 6 para. 1 lit. b GDPR).

Events and Activities: I process the data of participants in events, activities, and similar activities offered or hosted by me to enable them to participate in the events and use the services or actions associated with the participation. If I process health-related data, religious, political, or other special categories of data in this context, this is done within the framework of being publicly manifest (e.g., in the case of thematic events or with the consent of the data subjects).
The necessary information is identified as such within the scope of the order, purchase, or comparable conclusion of the contract and includes the information required for the provision of services and billing, as well as contact information to be able to make any necessary consultations. Insofar as I gain access to information of end customers, employees, or other persons, I process this in accordance with statutory and contractual requirements;
Legal Bases: Pre-contractual measures, fulfillment of a contract (Art. 6 para. 1 lit. b GDPR).

When you contact me (e.g., by email, telephone), the information provided by the inquiring persons is processed, insofar as this is necessary to answer the contact inquiries and any requested measures.

The answering of contact inquiries within the framework of contractual or pre-contractual relationships is carried out for the fulfillment of my contractual obligations or to answer (pre-)contractual inquiries and otherwise based on the legitimate interests in answering the inquiries.

Inventory Data: Address data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos).
Data Subjects: Business partners, interested parties.
Purposes of Processing: Answering inquiries and communication.
Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR).

I process the data of users to be able to provide them with my online services. You can generally use my website for purely informational purposes without disclosing your identity. When retrieving the individual pages of the website in this sense, only access data is transmitted to my service provider so that the website can be displayed to you. This includes the following data:

Browser type / browser version,
Operating system used,
Language and version of the browser software,
Host name of the accessing device,
IP address,
Website from which the request comes,
Content of the request (specific page),
Date and time of the server request,
Access status / HTTP status code,
Referrer URL (the previously visited page),
Amount of data transferred,
Time zone difference to Greenwich Mean Time (GMT).

‍The temporary processing of the IP address by the system is necessary to technically enable the delivery of the website to your computer. Processing your IP address for the duration of the session is required for this. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

The access data is not used to identify individual users and is not merged with other data sources. The access data is deleted when it is no longer required to achieve the purpose of its processing. In the case of data collection for the provision of the website, this is the case when you end your visit to the website.

IP addresses are stored in log files to ensure the functionality of the website. The data also serves to optimize the website and ensure the security of the information technology systems. Data evaluation for marketing purposes does not take place in this context either. The data is generally deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or anonymized so that assignment to the calling client is no longer possible.

The collection of data for the provision of the website and the processing of the data in log files is absolutely necessary for the operation of the website.

Note on Analytics and Tracking: As stated by not famous GmbH, no external analysis or tracking tools are currently in use.

Under "Cookies," we understand functions that store or read information on end devices. They serve, for example, the functionality, security, user-friendliness, or analysis of the use of our online service.

‍Note: As stated by not famous GmbH, no cookies are currently used on this website.

As a data subject under the GDPR, you have various rights, which arise in particular from Art. 15 to 21 GDPR:

Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or f) GDPR.
If personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Right to Withdraw Consent
Right of Access
Right to Rectification
Right to Erasure and Restriction of Processing
Right to Data Portability
You also have the right to lodge a complaint with the supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht).

To exercise the aforementioned rights, please contact hello@not-famous.com with the subject "Data Protection."

I will occasionally adjust and improve this information and privacy notices, especially if this is necessary due to changes in applicable law or my internal processes.

Date: October 2025