This privacy policy explains how we process personal data when you use our website or contact us.
Responsible: Weloka Service GmbH, Dr.-Julius-Leber-Str. 61, 23552 Lübeck, info@weloka.de
Purposes of processing: providing and securing the website, responding to inquiries, preparing and fulfilling contractual relationships, internal administration, and marketing communication with consent.
We collect personal data when you visit our website, contact us, or use our services. This includes, for example, name, email address, IP address, and usage data.
Categories of personal data: master data (e.g., name), contact data (e.g., email), content data (e.g., messages), usage data (e.g., pages visited, access times), meta/communication data (e.g., IP address, device information).
Your data is processed based on Art. 6 GDPR (e.g., consent, contract fulfillment, legitimate interest).
Contact form: When you use the contact form, we process the data you provide (company, email, first name, last name, message) to handle your inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient communication). If you give consent, Art. 6(1)(a) GDPR may also apply.
To protect against spam and abuse, we use Google reCAPTCHA (provider: Google Ireland Limited or Google LLC). IP address and possibly further usage data may be transmitted to Google. The Privacy Policy and Terms of Service of Google apply. A transfer to third countries (e.g., USA) may occur; legal basis includes EU Standard Contractual Clauses.
We use cookies and similar technologies to provide the website (technically necessary) and – with consent – to analyze and improve it. Consent is managed through our own cookie banner; your preference is stored locally in your browser (localStorage) and is not transmitted to any server. No third-party consent service is used. Local Google Fonts: webfonts are embedded locally; no data is transmitted to Google.
Analytics (Firebase): We use Firebase Analytics only with your consent to understand and improve the use of our website. The provider is Google/Firebase (Google Ireland Limited / Google LLC). Data collected may include: page views, scroll depth, contact form submissions (no form content), language preference changes, and general device/browser information. This data may be transferred to third countries (e.g., USA); appropriate safeguards (EU Standard Contractual Clauses) apply. Legal basis: Art. 6(1)(a) GDPR. You can withdraw your consent at any time by clearing your browser's localStorage or contacting us.
Analytics (PostHog): With your consent, we use PostHog for web analytics, session replay, heatmaps, and error monitoring. The provider is PostHog Inc. Data is processed in the EU (eu.i.posthog.com). Data collected may include: page views, click interactions (autocapture), session recordings (with password fields masked), scroll behavior, heatmap data, JavaScript errors, contact form submissions (no form content), language preference changes, and CTA interactions. Session recordings capture your screen interactions to help us improve usability — password inputs are always masked. Legal basis: Art. 6(1)(a) GDPR. You can withdraw your consent at any time by clearing your browser's localStorage or contacting us. For more information, see PostHog's privacy policy at https://posthog.com/privacy.
Recipients: internal departments of Weloka Service GmbH and – where necessary – processors (e.g., hosting/CDN: Firebase, communications: Google Workspace (SMTP), bot protection: Google reCAPTCHA, optional analytics: Firebase Analytics, CRM: HubSpot). In addition, legally obligated recipients (e.g., authorities) where applicable.
Data transfers to third countries: When using Google/Firebase services, data may be transferred to third countries (e.g., the USA). We rely on appropriate safeguards (in particular, EU Standard Contractual Clauses) and implement additional protective measures where necessary.
Retention period: We process and store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations. Afterwards, data is deleted or anonymized.
Security: We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.
You have rights under the GDPR: access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent with effect for the future. Please contact us with your request.
Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. One competent authority is the Independent State Center for Data Protection Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, https://www.datenschutzzentrum.de.
Children: Our services are not directed at individuals under the age of 16. We do not knowingly process data of children under 16 without appropriate parental consent.
If you have any questions about privacy, please contact: info@weloka.de
Changes: We may update this privacy policy from time to time to reflect legal changes or adjustments to our services. The current version is available on this page.
Last updated: April 28, 2026
