01Home02Services03Zenku Complete04Projects05Pricing06About07Contact07Emergency08Deutsch
hello@zenku.studio
Book a free call

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to the full text of this privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in section 2 of this privacy policy and in the Legal Notice.

How do we collect your data?
Your data is collected in part when you provide it to us directly, for example by filling out a contact form or subscribing to our newsletter. Other data is collected automatically or with your consent when you visit the website by our IT systems. This includes primarily technical data such as the browser and operating system you are using, or the time of the page request. This data is collected automatically as soon as you enter our website.

What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour, but only with your explicit consent.

What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time regarding these and other questions on the subject of data protection.

2. Responsible Party

The party responsible for data processing on this website (the "controller" within the meaning of the GDPR) is:

FreelanceWP LLC, DBA Zenku Studio
1309 Coffeen Avenue STE 1200
Sheridan, WY 82801, USA

Operating address:
Jln Raya Tegalallang
Gianyar, Bali, Indonesia

Represented by: Simon Meyer, Managing Member
Email: hello@zenku.studio
Website: https://zenku.studio

For further details, please see our Legal Notice.

3. Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data. To exercise any of these rights, please contact us using the details provided in section 2.

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to access that data along with information about the purposes of processing, the categories of data concerned, the recipients, the envisaged storage period, and the existence of your other rights.

Right to Rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of personal data concerning you without undue delay where one of the grounds set out in Art. 17 GDPR applies, for example if the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal basis for the processing.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing where one of the conditions in Art. 18 GDPR is met, for example if you contest the accuracy of your personal data, for a period enabling us to verify the accuracy, or if the processing is unlawful and you oppose erasure and request restriction instead.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us, where the processing is based on consent or on a contract and is carried out by automated means.

Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

If personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing.

Right to Withdraw Consent

Where processing is based on your consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us via the contact details in section 2 or by using any opt-out mechanism provided.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR (Art. 77 GDPR).

4. Hosting

This website is hosted by NameHero. The servers are located in Germany (Frankfurt and Nuremberg), ensuring that your data is processed within the European Union.

Server Log Files

The hosting provider automatically collects and stores information in so-called server log files, which your browser transmits automatically. These include:

  • IP address of the requesting device
  • Browser type and browser version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Date and time of the server request
  • Pages visited on our website

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website. Server log files are typically deleted automatically after 7 days unless they are needed for evidence purposes.

5. SSL/TLS Encryption

This website uses HTTPS encryption (SSL/TLS) for security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Cookies and Consent Management

What Are Cookies?

Our website uses cookies. Cookies are small text files that are stored on your device by your browser. They do not cause any damage and are used to make our website more user-friendly, effective, and secure.

Technically Necessary Cookies

Some cookies are technically necessary for the functioning of the website. These cookies are set automatically and do not require your consent. They are based on our legitimate interest in providing a functional website pursuant to Art. 6(1)(f) GDPR.

Optional Cookies

Cookies that are not technically necessary (for example, cookies for analytics or marketing purposes) are only set with your explicit consent pursuant to Art. 6(1)(a) GDPR. You can grant or revoke your consent at any time via our consent management tool.

Consent Management

We use a consent management tool to obtain and manage your cookie preferences. When you first visit our website, you will be asked to select which categories of cookies you wish to allow. You may change your preferences at any time. The consent itself is stored as a technically necessary cookie so that your preferences can be honoured on subsequent visits.

Language Preference Cookie

We store a cookie named lang_pref to remember your preferred language setting. This cookie has a lifespan of 1 year and is set on the basis of our legitimate interest in providing the website in your preferred language pursuant to Art. 6(1)(f) GDPR. This cookie does not contain any personal data beyond your language selection.

7. Contact Form

If you send us enquiries via the contact form on our website, the data you enter in the form will be processed for the purpose of handling your request. The following data is collected:

  • Name (required)
  • Email address (required)
  • Message (required)
  • Company name (optional)
  • Budget (optional)
  • Timeline (optional)

Processing and Transmission

Your form data is transmitted via Brevo SMTP (Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France) for the purpose of delivering your message to us. Brevo acts as a processor on our behalf and is contractually obligated to process data only in accordance with our instructions and applicable data protection law.

Storage Period

The data you provide in the contact form will be stored by us until you request its deletion, revoke your consent for its storage, or the purpose for data storage no longer applies (for example, after your request has been fully processed). Mandatory statutory provisions, in particular retention periods, remain unaffected.

Legal Basis

The processing of this data is based on Art. 6(1)(b) GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries directed to us pursuant to Art. 6(1)(f) GDPR.

8. Newsletter

If you would like to receive our newsletter, we require a valid email address. We use the so-called double opt-in procedure, meaning that after your initial registration you will receive a confirmation email asking you to confirm your subscription. This is to ensure that no one can register with someone else's email address.

Newsletter Service Provider

Our newsletter is sent via Brevo (Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France). Brevo is a service through which the dispatch and analysis of newsletters can be organised. We have concluded a data processing agreement with Brevo in accordance with Art. 28 GDPR.

Stored Data

The following data is stored when you subscribe to our newsletter:

  • Email address
  • Language preference
  • Timestamp of registration and confirmation

Unsubscribe

You can unsubscribe from the newsletter at any time using the link provided in each newsletter email or by contacting us directly. After unsubscribing, your email address will be deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law.

Legal Basis

The processing of your data for the purpose of sending the newsletter is based on your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future without affecting the lawfulness of processing carried out on the basis of consent prior to its revocation.

9. Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Activation Only with Consent

Google Analytics is only activated after you have given your explicit consent via our consent management tool. Without your consent, no data is transmitted to Google Analytics. We use Google Consent Mode v2, which ensures that Google tags adapt their behaviour based on your consent status.

Purpose and Data Processing

Google Analytics enables us to analyse the use of our website in order to improve our content and offerings. The information generated about your use of this website is usually transmitted to a Google server and stored there. IP anonymisation is activated on this website, so your IP address is truncated within Member States of the European Union or in other states party to the Agreement on the European Economic Area before transmission.

Data Retention

We have set the data retention period in Google Analytics to 14 months. After this period, user-level and event-level data is automatically deleted.

Opt-Out

You can prevent the collection of your data by Google Analytics by withdrawing your consent via our consent management tool. Additionally, you can install the Google Analytics opt-out browser add-on.

Legal Basis

The use of Google Analytics is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future.

10. Google Ads

This website uses Google Ads conversion tracking and remarketing services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Activation Only with Consent

Google Ads tracking is only activated after you have given your explicit consent. Without your consent, no conversion tracking or remarketing data is collected.

Purpose

Google Ads conversion tracking allows us to measure the effectiveness of our advertising campaigns. When you click on an ad placed by Google, a conversion tracking cookie is set on your device. These cookies expire after a limited time and do not contain any personal information. Remarketing enables us to display targeted advertisements to users who have previously visited our website.

Legal Basis

The use of Google Ads is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management tool.

11. Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tag management system that allows us to manage website tags (small code snippets) through a single interface. Google Tag Manager itself is a purely organisational tool and does not set any cookies on its own and does not collect any personal data. It serves as a container that triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data.

We use Google Tag Manager in a client-side configuration and may additionally use server-side tagging to enhance data protection and control. If a tag has been deactivated at the domain or cookie level, it remains deactivated for all tracking tags implemented with Google Tag Manager.

12. Facebook/Meta Pixel

This website uses the Meta Pixel (formerly Facebook Pixel), a service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Meta").

Activation Only with Consent

The Meta Pixel is only activated after you have given your explicit consent via our consent management tool. Without your consent, no data is transmitted to Meta.

Purpose

The Meta Pixel enables us to track conversions and build custom audiences for our advertising campaigns on Meta platforms (Facebook, Instagram). It allows us to measure the effectiveness of our advertisements and to show relevant ads to users who have visited our website.

Legal Basis

The use of the Meta Pixel is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management tool.

13. LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

Activation Only with Consent

The LinkedIn Insight Tag is only activated after you have given your explicit consent via our consent management tool. Without your consent, no data is transmitted to LinkedIn.

Purpose

The LinkedIn Insight Tag enables us to track conversions from LinkedIn advertising campaigns and to retarget website visitors with relevant advertisements on the LinkedIn platform. It provides us with aggregated and anonymised reports about website audience demographics and ad performance.

Legal Basis

The use of the LinkedIn Insight Tag is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future via our consent management tool.

14. YouTube Videos

We embed videos from the platform YouTube on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Enhanced Privacy Mode

We use YouTube in the enhanced privacy mode (domain: youtube-nocookie.com). According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode.

When you play a YouTube video, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile.

Legal Basis

The embedding of YouTube videos is based on our legitimate interest in presenting our content in an appealing manner pursuant to Art. 6(1)(f) GDPR. Where specific consent has been requested (for example, consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. Consent can be revoked at any time.

15. Calendly

We use Calendly for appointment scheduling. The provider is Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305, USA.

Data Processing

When you use Calendly to book an appointment with us, the following data is collected:

  • Name
  • Email address
  • Selected appointment date and time

This data is used exclusively for the purpose of scheduling and conducting the appointment.

Legal Basis

The processing of your data via Calendly is based on Art. 6(1)(b) GDPR, as it is necessary for the implementation of pre-contractual measures at your request. By voluntarily booking an appointment, you initiate a pre-contractual relationship with us.

16. Fonts

This website uses the Geist Variable Font, which is hosted locally on our own servers (self-hosted). When you access our website, no connection is established to an external font server, and no data is transferred to third parties in connection with font rendering. The font files are delivered directly from our hosting infrastructure as part of the regular page load.

17. International Data Transfers

In the course of using certain third-party services described in this privacy policy, personal data may be transferred to countries outside the European Economic Area (EEA), in particular to the United States of America. This concerns the following providers:

  • Google (Google Analytics, Google Ads, Google Tag Manager, YouTube) — Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Meta (Facebook/Meta Pixel) — Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
  • LinkedIn (LinkedIn Insight Tag) — LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA
  • Calendly — Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305, USA

Safeguards

These providers have certified under the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection as recognised by the European Commission. Where applicable, we additionally rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a supplementary safeguard for international data transfers pursuant to Art. 46(2)(c) GDPR.

Data transfers to these providers only occur where there is a legal basis for the processing itself (typically your consent pursuant to Art. 6(1)(a) GDPR or our legitimate interest pursuant to Art. 6(1)(f) GDPR) and adequate safeguards are in place for the transfer.

18. Data Retention

As a general rule, we store your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Once the purpose of data processing no longer applies and no statutory retention obligations exist, the data will be deleted or anonymised.

Specific retention periods, where applicable, are stated in the relevant sections of this privacy policy (for example, 14 months for Google Analytics data, 1 year for the language preference cookie, or until the completion of your request for contact form data).

Statutory retention obligations under commercial or tax law may require us to store certain data for a longer period. In such cases, the data will be blocked from further processing and deleted upon expiry of the retention period.

19. Changes to This Privacy Policy

We review and update this privacy policy on a regular basis to reflect changes in our data processing practices, legal requirements, or the services we use. The most recent version will always be available on this page.

Last updated: April 2026