Privacy Policy

Last updated: [June 15, 2026]

This Privacy Policy describes how Whatsup Germany processes personal data when you visit our website, sign up for our newsletter, use our tools, or contact us. It is provided in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

1. Controller responsible for data processing

The controller responsible for the processing of personal data on this website, within the meaning of Article 4(7) GDPR, is the operator of whatsupgermany.com. The full identity and contact address of the operator are set out in our Legal Notice (Impressum).

We have not appointed a Data Protection Officer, as we do not meet the thresholds set out in § 38 BDSG that would require us to do so. For data protection inquiries, please use our contact form at whatsupgermany.com/contact-us.

2. Definitions

The following terms have the meanings assigned to them in the GDPR and are used throughout this policy:

  • “Personal data” means any information that identifies a natural person or could be used to identify them, including name, email address, and IP address.
  • “Processing” means any operation performed on personal data, including collection, storage, transmission, and deletion.
  • “Controller” means the entity that determines the purposes and means of processing.
  • “Processor” means a third party that processes personal data on behalf of the controller under a written agreement.

3. Visiting the website

3.1 Server logs

When you load any page on whatsupgermany.com, our hosting provider automatically records technical information that is necessary for the website to be delivered to your browser. This information includes your IP address, the date and time of the request, the URL requested, your browser type and version, your operating system, and the referring page.

Legal basis: Article 6(1)(f) GDPR, based on our legitimate interest in delivering the website and ensuring its security.

Retention: Server logs are retained for a maximum of 14 days and then automatically deleted, unless a specific entry is required for the investigation of a security incident.

Processor: Hostinger International Ltd., operating on infrastructure located in Germany. A data processing agreement under Article 28 GDPR is in place.

3.2 Cookies and similar technologies

Cookies are small text files stored in your browser. Some cookies are strictly necessary for the website to function and are set without your consent. Other cookies, including those used for analytics, require your prior consent under § 25 TDDDG and Article 6(1)(a) GDPR.

When you first visit the site, a cookie consent banner asks whether you accept optional cookies. You may accept all, reject all, or make a granular selection. You can change your decision at any time by clicking the “Cookie settings” link in the footer.

4. Web analytics: Google Analytics 4

We use Google Analytics 4 to understand how visitors use the site, which articles are read most, and where visitors come from. This information helps us improve content and navigation. We do not use Google Analytics for advertising, remarketing, or user profiling.

Google Analytics 4 only runs if you accept analytics cookies through our consent banner. If you decline, no analytics data is collected from your visit.

If you consent, Google Analytics may process the following data: a randomly generated identifier stored in cookies (such as _ga and _ga_*), a truncated IP address (Google Analytics 4 shortens IP addresses by default and does not store the full address), pages viewed, time spent on pages, approximate location based on IP, and device and browser information.

Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, based on your explicit consent.

Recipient and transfer: Google Ireland Limited (controller in the EU) and Google LLC (United States). The transfer to the United States is based on the EU-US Data Privacy Framework, under which Google LLC is certified, supplemented by Standard Contractual Clauses adopted under Commission Implementing Decision (EU) 2021/914.

Retention: Analytics data is retained in Google Analytics for 14 months and then deleted by Google. Cookies on your device expire as documented in Google’s cookie documentation.

Withdrawing consent: You may withdraw your consent at any time through the “Cookie settings” link in the footer. Withdrawal takes effect immediately. Processing carried out before withdrawal remains lawful.

5. Contact form

When you contact us through the form at whatsupgermany.com/contact-us, we receive the information you provide, typically your name, email address, and the content of your message.

This information is used solely to respond to your inquiry and to keep a record of the correspondence in case of follow-up questions. It is not used to build marketing lists.

Legal basis: Article 6(1)(b) GDPR where the inquiry relates to a potential service relationship, or Article 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.

Retention: Until your inquiry is resolved, plus a maximum of 12 months thereafter in case of follow-up. Statutory retention periods under tax or commercial law may apply where relevant.

6. Newsletter

When you sign up for our newsletter, we collect your email address and, optionally, your first name. This information is used solely to deliver the newsletter you have subscribed to.

Newsletter signup uses a double opt-in process. After you submit the signup form, we send a confirmation email to the address provided. Your subscription is activated only after you click the confirmation link. This protects you against unauthorised third-party sign-ups.

Every newsletter contains a one-click unsubscribe link. You may unsubscribe at any time, or request removal through our contact form.

Legal basis: Article 6(1)(a) GDPR, based on your explicit consent.

Processor: Brevo (Sendinblue SAS), a French company, processing on EU-based infrastructure. A data processing agreement under Article 28 GDPR is in place. Brevo’s own privacy notice is available at brevo.com/legal/privacypolicy.

Retention: Your email address is retained until you unsubscribe or request deletion. Following unsubscribe, your email address is retained on an internal suppression list to ensure you are not contacted again inadvertently. This is a GDPR-compliant practice.

Tracking: We do not use tracking pixels in newsletters. Individual open and click events are not measured.

7. Net Salary Calculator and Cost of Living Calculator

These tools run entirely in your browser. Inputs such as salary, tax class, household size, and city are processed locally on your device. No input data is transmitted to our server, to our hosting provider, or to any third party.

Because no personal data leaves your device, this section is provided for transparency only. There is no processing of personal data through these tools.

8. Cost of Living by City

This is a static reference dataset displayed on the page. Viewing it does not involve any input from your side, and therefore no processing of personal data occurs beyond the standard server logs described in Section 3.1.

9. Social media and external links

Our footer and the Video Strip section include links to our profiles on Instagram, YouTube, X, Threads, and Reddit. These are plain hyperlinks. They are not embedded players or social media plugins. Visiting our website does not transmit any data to these platforms.

When you click one of these links and arrive on a third-party platform, the privacy policy of that platform applies. We have no influence over and assume no responsibility for the data processing carried out by these third parties.

10. Children’s privacy

The Whatsup Germany website is directed at an adult audience of internationals living in Germany. The service is not intended for individuals under 16. We do not knowingly collect personal data from minors.

If you become aware that a person under 16 has provided personal data to us, please contact us through our contact form and we will take appropriate steps to delete the data.

11. Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, in line with the requirements of Article 32 GDPR. These measures include encrypted transmission of the website over HTTPS, secure hosting infrastructure in Germany, restricted administrative access, and contractual safeguards with all processors.

No system connected to the internet can be guaranteed to be fully secure. We continue to review and update our security measures to reflect current best practice.

12. Recipients of personal data

We work with the following categories of recipients. None of them receives personal data for their own marketing purposes.

  • Hostinger International Ltd. (hosting provider, Germany-based infrastructure). Processes server logs as described in Section 3.1.
  • Brevo / Sendinblue SAS (newsletter platform, EU infrastructure). Processes your email address if you subscribe to the newsletter.
  • Google Ireland Limited and Google LLC (web analytics). Only if you consent to analytics cookies. Data may be processed in the United States as described in Section 4.
  • Public authorities, only where disclosure is legally required, such as in response to a binding legal order.
  • Usercentrics A/S (operating the Cookiebot consent management platform, EU-based infrastructure). Processes a brief consent log entry (your cookie consent choices, timestamp, anonymous identifier, and a verification hash) for accountability under Article 7 GDPR. A data processing agreement under Article 28 GDPR is in place.

13. International data transfers

With one exception, all personal data is processed within the European Union or the European Economic Area.

The exception is Google Analytics 4. If you consent to analytics cookies, data may be processed by Google LLC in the United States. This transfer is based on the EU-US Data Privacy Framework, supplemented by Standard Contractual Clauses adopted by the European Commission. You may request a copy of the safeguards in place through our contact form.

14. Retention of personal data

We retain personal data only for as long as necessary for the purpose for which it was collected, or for as long as required by law. Specific retention periods are set out alongside each processing activity above. In summary:

  • Server logs: up to 14 days.
  • Contact form correspondence: up to 12 months after resolution, unless statutory retention applies.
  • Newsletter subscriptions: until you unsubscribe; suppression list kept indefinitely to prevent re-subscription.
  • Analytics data: 14 months in Google Analytics, then deleted by Google.

Where German or EU law requires us to retain certain data for longer, for example under tax or commercial law (typically 6 or 10 years for invoices and related records), we retain the data for the period required and delete it thereafter.

15. Your rights under the GDPR

You have the following rights in relation to your personal data. To exercise any of these rights, please contact us through our contact form at whatsupgermany.com/contact-ud. We will respond within one month, in line with Article 12(3) GDPR.

  • Right of access (Article 15) — to request confirmation of whether we process your personal data, and to receive a copy of that data.
  • Right to rectification (Article 16) — to request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17) — to request deletion of your data, subject to limited statutory exceptions.
  • Right to restriction of processing (Article 18) — to request that processing be paused while a dispute about your data is resolved.
  • Right to data portability (Article 20) — to request data you have provided to us based on consent or contract, in a structured, commonly used and machine-readable format.
  • Right to object (Article 21) — to object, on grounds relating to your particular situation, to processing based on legitimate interest. Processing will cease unless we can demonstrate compelling legitimate grounds that override your rights.
  • Right to withdraw consent (Article 7(3)) — to withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to lodge a complaint with a supervisory authority (Article 77). See Section 16.

16. Right to lodge a complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with a data protection supervisory authority. You may choose the authority in your country of residence, your place of work, or in the place where the alleged infringement occurred.

The supervisory authority responsible for us is the data protection authority of the federal state in which the controller is based:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), lda.bayern.de” (Bavaria).

The right to complain to a supervisory authority is in addition to any other administrative or judicial remedy available to you.

17. Changes to this Privacy Policy

As the platform develops, this policy may need to be updated. When changes are made, the “Last updated” date at the top of this document will be revised. For substantive changes, including new processing activities or new third-party recipients, newsletter subscribers will be notified by email.

Changes do not apply retroactively to data collected under a previous version of this policy.

18. Contact

For any privacy-related question, comment, or rights request, please use our contact form at whatsupgermany.com/contact-us. We will respond promptly and in any case within the timeframes set out in Article 12(3) GDPR.