Privacy Policy (EN)



1. Controller

Tiptoe Films – Daniel Scheimberg

Windscheidstr. 13, 10627 Berlin, Germany

Phone: +49 (0) 175 528 1568

Email: daniel (@) tiptoefilms.com


2. Scope

This policy explains how we process personal data when you visit tiptoefilms.com (WordPress with Astra/Elementor).

3. Categories of data

  • Server logs (IP address, date/time, requested URL, referrer, user agent, HTTP status)

  • Contact form data (name, email, message, any details you provide)

  • FluentSMTP logs (timestamp, recipient, subject, delivery status; technical errors if any)

  • Security/Audit data from Sucuri Security (e.g., IP addresses on login attempts, firewall/audit events)

4. Purposes & legal bases (GDPR)

  • Website provision & IT security (server logs, Sucuri): legitimate interests, Art. 6(1)(f) GDPR

  • Handling enquiries (contact form/email): contract/pre-contractual steps, Art. 6(1)(b) GDPR; otherwise legitimate interests, Art. 6(1)(f)

  • Technical email delivery & troubleshooting (FluentSMTP logs): legitimate interests, Art. 6(1)(f)

5. Hosting

The site is hosted by Host Europe in Germany. The provider processes server logs to ensure secure and stable operation.

6. Contact forms & email

When you contact us via an Elementor form or email, we process your details to handle your enquiry.

Retention: until your enquiry is fully resolved; further retention where required by law.

7. Email delivery (FluentSMTP)

We use FluentSMTP to send system/form emails. If logging is enabled, we store the metadata listed above.

Retention: 180 days, then deletion/anonymisation.

8. Security (Sucuri Security)

We use Sucuri Security to detect and mitigate attacks. IP addresses and security-relevant events are logged.

Retention: 180 days, then deletion/anonymisation.

9. Cookies

We do not use analytics or tracking cookies.

Technically necessary cookies may be set for operation (e.g., admin login/session). These are typically not set for visitors who are not logged in.

10. Embedded content / third parties

No embedded third-party content (e.g., YouTube/Vimeo, Google Maps, social plugins). External links (e.g., BFS, Crew United, IMDb) simply open the provider’s website.

11. Fonts

No externally hosted webfonts (e.g., Google Fonts CDN). The site uses system fonts and/or locally served styles.

12. Recipients

  • Hosting provider (server logs)

  • If applicable, IT/maintenance service providers acting under instructions (data processing agreements in place where required)

13. Third-country transfers

No transfers to non-EU/EEA countries, unless stated otherwise above.

14. General retention

Unless stated otherwise here, we delete personal data when the purpose no longer applies and no legal retention obligations prevent deletion.

15. Your rights

Under the GDPR you have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object (Art. 21). Where processing is based on consent, you may withdraw consent at any time with effect for the future (Art. 7(3)).

16. Complaints

You may lodge a complaint with a data protection authority. For Berlin:

Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59–61, 10555 Berlin, Germany, Tel. +49 30 13889-0, mailbox@datenschutz-berlin.de.

17. Changes

We will update this policy if our processing or the legal framework changes. 

The current version is available on this page.


Last updated: 18 Sep 2025

Scroll to Top