1. Introduction
Protecting your personal data is important to us. This Privacy Policy explains how Drapalski Consulting collects, uses, stores, and protects personal data when you visit our website or interact with us.
This policy is provided in accordance with:
Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
Applicable German data protection and media laws
By using this website, you acknowledge that you have read and understood this Privacy Policy.
2. Applicability of German and EU Data Protection Law
Drapalski Consulting is operated by a sole proprietor residing in Germany.
Accordingly, all processing of personal data through this website is governed by German and EU data protection law, regardless of where users or clients are located.
3. Data Controller (Responsible Party)
Drapalski Consulting
Sole proprietorship / individual entrepreneur
Ross A. Drapalski
Gütersloh, 33332, Germany
Email: info@drapal.ski
Phone: +49 151 684 68371
If you have questions regarding data protection, you may contact us using the details above.
4. Categories of Personal Data Collected
4.1 Data You Provide Directly
We collect personal data when you voluntarily provide it to us, including:
First and last name
Email address
Phone number (optional)
Company name and role (optional)
Message content
Files or documents you submit
Email address used to:
Download resources (guides, templates, etc.)
Subscribe to newsletters or marketing communications
4.2 Data Collected Automatically
When you visit our website, we may automatically collect:
IP address
Browser type and device information
Pages visited and duration
Interaction data (clicks, scrolling)
Referring URLs
This data is used for security, analytics, and website optimization.
4.3 Comments
If you leave comments on the website, we collect:
Information entered into the comment form
IP address (for spam prevention and security)
5. Purposes and Legal Bases of Processing
We process personal data only where permitted under Article 6 GDPR.
5.1 Consent (Art. 6(1)(a) GDPR)
We rely on your consent when processing data for:
Newsletter subscriptions
Marketing communications
Downloadable resources with follow-up emails
Cookies and analytics where legally required
You may withdraw consent at any time by:
Clicking the “unsubscribe” link, or
Contacting us directly
5.2 Legitimate Interests (Art. 6(1)(f) GDPR)
We process data based on legitimate interests to:
Respond to inquiries
Improve website functionality and content
Ensure website security
Prevent misuse or fraud
We balance our interests against your rights and freedoms.
5.3 Contractual Necessity (Art. 6(1)(b) GDPR)
We process personal data where necessary to:
Provide consulting services
Prepare and perform contracts
Manage client relationships
5.4 Legal Obligations (Art. 6(1)(c) GDPR)
Certain data is processed to comply with:
Tax and accounting laws
Regulatory retention obligations
6. How We Use Personal Data
We use personal data to:
Respond to inquiries
Deliver consulting services
Provide requested resources
Improve website performance
Communicate with clients and prospects
Send newsletters and marketing communications (with consent)
Maintain internal records
Fulfill legal obligations
We do not sell or rent personal data.
7. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to:
Improve functionality and performance
Analyze traffic and usage
Store user preferences
Protect against misuse
You can manage cookies through your browser settings.
Where legally required, non-essential cookies are used only with your consent.
8. Embedded and Third-Party Content
This website may contain embedded content (e.g., videos, forms, articles).
Embedded content behaves as if you visited the third-party website directly and may collect data in accordance with that provider’s privacy policy.
We do not control third-party data practices.
9. Data Sharing and Processors
We may share personal data with trusted service providers, including:
Web hosting and security providers
Email and communication services
Analytics providers
Legal and accounting professionals
All processors are contractually obligated to:
Process data only on our instructions
Implement appropriate security measures
10. International Data Transfers
Personal data may be processed outside the EU/EEA.
Where applicable, we ensure safeguards such as:
EU Standard Contractual Clauses (SCCs)
Adequacy decisions
Contractual data protection guarantees
11. Data Retention Periods
We retain personal data only as long as necessary:
| Data Type | Retention Period |
| Comments | Indefinitely |
| Contact inquiries | Up to 24 months |
| Newsletter data | Until withdrawal of consent |
| Client records | 6–10 years (legal obligation) |
| Analytics data | Anonymized or deleted within 26 months |
12. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right of access (Art. 15 GDPR): obtain confirmation whether we process your data and access to that data.
Right to rectification (Art. 16 GDPR): request correction of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR): request deletion of your data, where legally applicable.
Right to restriction (Art. 18 GDPR): request limitation of processing under certain circumstances.
Right to data portability (Art. 20 GDPR): receive your data in a structured, commonly used format and transmit it to another controller, where applicable.
Right to object (Art. 21 GDPR): object to processing based on legitimate interests; you may object to direct marketing at any time.
Right to withdraw consent (Art. 7(3) GDPR): withdraw consent at any time with effect for the future; withdrawal does not affect the lawfulness of processing prior to withdrawal.
Rights related to automated decision-making (Art. 22 GDPR): where applicable, not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.
To exercise your rights, please contact us at:
info@drapal.ski
We may request additional information to verify your identity before fulfilling a request. We will respond within the statutory timeframe (generally within one month, unless an extension is permitted under the GDPR).
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). In Germany, you may contact the competent data protection authority for your federal state.
13. Children’s Data
Our website is not intended for individuals under the age of 16.
We do not knowingly collect personal data from children.
14. Data Security
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or misuse.
However, no system can guarantee absolute security.
15. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect legal or operational changes.
The latest version will always be available on this page.
16. Language
The primary language of this Privacy Policy is English.
If this Privacy Policy is provided in additional languages for convenience, the English version shall prevail in the event of any discrepancies, inconsistencies, or differing interpretations.
17. Social Media Presence
Drapalski Consulting may maintain publicly accessible profiles on social media platforms (e.g., LinkedIn or similar professional networks).
When you interact with our social media profiles (e.g., by following, commenting, sharing, or sending messages), personal data may be processed by the respective platform and by us.
The processing of personal data on social media platforms is governed primarily by the privacy policies and terms of service of the respective platform operators. We do not have full control over data processing carried out by those platforms.
We process personal data obtained through social media interactions solely for the purpose of:
Managing and maintaining our professional presence
Communicating with users and responding to inquiries
Providing information about our services, activities, or content
The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR, unless another legal basis applies.
Users are advised that any personal data shared publicly on social media platforms may be visible to other users. We recommend reviewing the privacy settings and data protection information of the respective platform.
We reserve the right to remove content from our social media pages that:
Violates applicable laws or regulations
Infringes third-party rights
Is offensive, misleading, or inappropriate
Violates principles of good faith or professional conduct
If you contact us via social media and share personal data, we are not responsible for the security measures implemented by the respective platform provider.