Privacy Policy
Haus of Visibility · Last updated 18 April 2026
1. Who we are
Haus of Visibility™ provides authority infrastructure services to founders and founder-led brands. This Privacy Policy describes how we collect, use, and protect the personal data of visitors to hausofvisibility.com, subscribers to our communications, and clients of our services.
The data controller under Article 4(7) of the General Data Protection Regulation (GDPR) is:
Haus of Visibility
Albertine Visser, Einzelunternehmen
Agnes-Neuhaus-Str. 5
80797 Munich, Germany
Email: albertine@hausofvisibility.com
2. What personal data we collect
We collect only the personal data you choose to give us, or that is strictly necessary to operate our website. This typically includes:
— Email address, when you subscribe to a lead magnet, join our waitlist, contact us, or become a client.
— First name, when you provide it in a form or communication.
— Message content, when you write to us directly.
— Technical data (IP address, browser type, operating system, device information, referring website), collected automatically when you visit our site. Where technically possible, this data is pseudonymised.
— Client data, when you enter into a service agreement with us. Limited strictly to what is necessary to deliver the engagement.
We do not collect payment card data directly. Payments, if processed online, are handled by trusted third-party providers (see Section 6).
3. How we use your data
We process personal data only for the following purposes:
— To provide access to requested content. When you request a lead magnet, you are directed to a page on our website where the document is available. We use your email address to record your request and to send any directly related follow-up communication.
— To send our newsletter. When you give consent, we use your email to send occasional newsletters from Haus of Visibility. You may unsubscribe at any time.
— To notify you of availability. When you join the Founder Portrait™ waitlist, we use your email to notify you when intake opens.
— To respond to inquiries. When you contact us directly, we use your information to respond to your message.
— To fulfil our contractual obligations. When you engage our services, we process client data as necessary to deliver the engagement.
— To maintain and improve our website. We use aggregated, anonymised data to understand how visitors interact with our site and to maintain site security.
4. Legal basis for processing
We process personal data under the following legal bases under Article 6 GDPR:
— Consent — Art. 6(1)(a) GDPR. For newsletter subscriptions, waitlist notifications, and lead magnet opt-ins. You may withdraw consent at any time without affecting the lawfulness of prior processing.
— Contract — Art. 6(1)(b) GDPR. When we process your data to fulfil a service agreement, or to take steps at your request prior to entering into one.
— Legitimate interests — Art. 6(1)(f) GDPR. Where we have a legitimate interest in maintaining, securing, and improving our website and services, provided your fundamental rights and freedoms do not override this interest.
— Legal obligation — Art. 6(1)(c) GDPR. Where we are required by law to retain or disclose certain data (for example, German tax and commercial law).
5. How long we keep your data
We retain personal data only as long as necessary for the purposes for which it was collected:
— Newsletter subscriptions — until you unsubscribe.
— Waitlist entries — until you unsubscribe or the relevant intake window has closed and the list has been archived (typically within 12 months).
— Lead magnet opt-ins — until you unsubscribe.
— Inquiries and correspondence — for up to 24 months, unless a client relationship is established.
— Client data — for the duration of our engagement and for up to 10 years thereafter where required by German tax and commercial law (§147 AO, §257 HGB).
Once the retention period expires, your data is deleted or fully anonymised.
6. Third-party services (processors)
To deliver our services and operate our website, we share limited personal data with trusted third-party processors. Each is bound by a data processing agreement (Auftragsverarbeitungsvertrag) under Article 28 GDPR.
— Framer — website hosting and form handling. Registered in the Netherlands, with processing governed by GDPR-compliant terms.
— Kit (formerly ConvertKit) — email delivery and subscriber management. Based in the United States. Data transfers are safeguarded under the EU-US Data Privacy Framework and Standard Contractual Clauses.
— Stripe — payment processing for client invoices. European operations are handled by Stripe Payments Europe Ltd., based in Dublin, Ireland. Processing is governed by GDPR-compliant terms.
We do not use any analytics, marketing, or tracking tools. We do not use Google Analytics, Meta Pixel, Hotjar, or equivalent services. We collect no behavioural or visitor data beyond what is strictly necessary for the site to function.
A current list of our subprocessors is available on request by email.
7. International data transfers
Some of our processors are based outside the European Economic Area, primarily in the United States. Where your personal data is transferred internationally, we rely on the following safeguards under Articles 45 and 46 GDPR:
— The EU-US Data Privacy Framework, where the processor is certified.
— Standard Contractual Clauses approved by the European Commission, where applicable.
A copy of the relevant safeguards is available on request.
8. Your rights under GDPR
You have the following rights regarding your personal data:
— Right of access (Art. 15) — the right to know what personal data we hold about you and to receive a copy.
— Right to rectification (Art. 16) — the right to have inaccurate or incomplete data corrected.
— Right to erasure (Art. 17) — the right to request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
— Right to restriction of processing (Art. 18) — the right to limit how we use your data.
— Right to data portability (Art. 20) — the right to receive your data in a structured, commonly used, machine-readable format.
— Right to object (Art. 21) — the right to object to processing based on legitimate interests.
— Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you may withdraw it at any time.
— Right not to be subject to automated decision-making (Art. 22) — we do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, please contact us at albertine@hausofvisibility.com. We will respond within one month, as required by Article 12(3) GDPR. For complex or numerous requests, this period may be extended by two further months, in which case we will inform you.
9. Right to lodge a complaint
If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. The competent authority for Haus of Visibility is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Website: www.lda.bayern.de
Email: poststelle@lda.bayern.de
You may also lodge a complaint with the supervisory authority in the member state of your habitual residence.
10. Cookies and tracking
Our website uses only strictly necessary cookies required for the basic operation of the site. We do not use analytics cookies, marketing pixels, or any third-party tracking technologies.
No consent is required for strictly necessary cookies under Article 6(1)(f) GDPR and §25(2) TTDSG, as they are essential for providing the service you have requested.
You can manage or delete cookies at any time through your browser settings.
11. Security
We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encrypted data transmission (TLS/SSL), secure storage with reputable processors, access controls, and regular review of our security practices.
No online system is entirely secure, but we maintain the safeguards required by Article 32 GDPR and align with current industry standards.
12. Children’s data
Our services are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe that we have inadvertently collected data from a child, please contact us and we will delete it promptly.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of this page will always indicate the most recent version.
If we make material changes, we will notify you by email (if you are a subscriber) or through a prominent notice on our website before the changes take effect.
14. Contact
For any questions about this Privacy Policy, or to exercise your rights, please contact:
Haus of Visibility
Albertine Visser, Einzelunternehmen
Agnes-Neuhaus-Str. 5
80797 Munich, Germany
Email: albertine@hausofvisibility.com
——————————————————————————-
Haus of Visibility™
AI visibility & marketing for hotels.
© 2026 Haus of Visibility™.
All rights reserved.
· Munich, Germany