Privacy Policy

1. Scope of This Privacy Policy

This Privacy Policy explains how personal data is processed when you visit or use ContactTheBusiness.com, including all subpages, business profile pages, registration forms, dashboard functions, contact forms, upload functions, billing functions, content-reporting functions, and related services.

ContactTheBusiness.com is a B2B business visibility and discovery platform. The Platform is intended for business users, entrepreneurs, companies, self-employed professionals, freelancers, sole proprietors, partnerships, legal entities, and authorised business representatives.

Although the Platform is B2B-only, personal data may still be processed where information relates to natural persons, such as sole proprietors, freelancers, business owners, business representatives, employees, contact persons, support contacts, persons shown in uploaded media, or persons communicating with us.

This Privacy Policy does not apply to external websites, platforms, social media pages, payment providers, or third-party services that are linked from ContactTheBusiness.com or from listed business profiles. Such third-party services are responsible for their own data processing.

2. Data Protection Officer

No Data Protection Officer has been appointed.

If you have questions about data protection, privacy, or your rights, please contact us at:
contact@contactthebusiness.com

3. B2B-Only Service and Personal Data in a Business Context

ContactTheBusiness.com is provided exclusively for business use.

We do not intentionally collect private consumer data for consumer services. Users must not submit private residential addresses, private telephone numbers, private financial data, private life information, or other non-business personal data unless it is legally required or strictly necessary for the specific purpose.

Business users are responsible for ensuring that any personal data they submit to the Platform is provided lawfully and with the required legal basis, consent, permission, or authority.

This includes personal data contained in:

business owner names;
contact person names;
business email addresses;
business phone numbers;
business addresses;
uploaded images, videos, logos, or banners;
review replies or messages;
support requests;
invoices or billing requests;
content reports;
external links or social media links.

We do not request special categories of personal data, such as health information, religious beliefs, political opinions, trade union membership, biometric data for identification, sexual orientation, or similar sensitive information. Business users must not upload such data unless legally permitted and necessary. If such data is submitted or appears in uploaded content, we may remove, restrict, blur, mask, or delete it where appropriate.

4. Principles of Processing

We process personal data only where there is a lawful basis and only for specified, explicit, and legitimate purposes.

We aim to process data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

We only collect and process data that is necessary or useful for operating, securing, improving, documenting, billing, moderating, or legally protecting the Platform and our business relationship with users.

5. Purposes, Categories of Data, Legal Bases, Recipients, and Storage Periods

5.1 Website Visit and Server Log Files

When you visit ContactTheBusiness.com, technical data may be processed automatically.

Data processed may include:

IP address;
date and time of access;
requested URL or file;
HTTP status code;
referrer URL;
browser type and version;
operating system;
device information;
pages or files accessed;
error logs;
security-relevant log entries.

Purposes include providing the website, technical delivery of pages, system security, error diagnosis, prevention of misuse, attacks, spam, fraud, or unauthorised access, and ensuring stable operation of the Platform.

Legal basis:
Article 6(1)(f) GDPR — legitimate interests in operating a secure, functional, and reliable website.

Recipients:
Hosting provider, technical service providers, internal administration, and IT/security support where necessary.

Storage period:
Usually 7 to 30 days, unless longer retention is required for security analysis, abuse prevention, legal claims, or technical troubleshooting.

5.2 Registration and Business User Account

When a business user registers, submits a business listing, or uses dashboard/account functions, we process account and business-related data.

Data processed may include:

business name;
owner or representative name;
business email address;
business phone number;
business address or service location;
country, state, city, or service area;
business category;
business description;
website or online presence;
opening hours;
business keywords;
login credentials;
account status;
approval/moderation status;
subscription status;
plan status;
dashboard activity relevant to account operation;
communication history;
terms/privacy/content standards acceptance data;
business-user confirmation data;
upload and moderation records.

Purposes include registration, account creation, account authentication, business listing submission, business approval and moderation, dashboard access, contract performance, customer support, compliance with our Terms and Content Standards, prevention of misuse, and documentation of legal acceptance and business-user status.

Legal bases:
Article 6(1)(b) GDPR — contract performance and pre-contractual steps.
Article 6(1)(f) GDPR — legitimate interests in platform security, moderation, documentation, misuse prevention, and legal defence.

Recipients:
Hosting provider, internal administration, support, technical service providers, and moderation staff where necessary.

Storage period:
For the duration of the user account and contractual relationship. After account deletion or termination, account-related data may be retained for up to 12 months where required for documentation, misuse prevention, moderation history, support handling, or legal claims. Longer retention may apply where statutory obligations or legal claims require it.

5.3 Public Business Profiles

Business listings approved for publication may be displayed publicly on ContactTheBusiness.com.

Published data may include:

business name;
business category;
business description;
public business address or service location;
phone number;
email address;
website;
opening hours;
service areas;
keywords;
logo;
photos;
videos;
banners;
call-to-action options;
social media links;
external business links;
public profile URL;
other business information submitted for publication.

Purposes include public display of business listings, business visibility and discovery, presentation of business services, search and category functionality, public profile access, platform operation, and promotion of listed businesses within the Platform.

Legal bases:
Article 6(1)(b) GDPR — contract performance.
Article 6(1)(f) GDPR — legitimate interests in operating a public business directory and visibility platform.

Recipients:
Website visitors, search engines, hosting provider, technical service providers, and the general public.

Visibility:
Published business profile data may be publicly accessible worldwide and may be indexed by search engines. Search engines may cache or archive public content outside our direct control.

Storage period:
For as long as the business profile remains active or as long as publication is required for the contractual relationship. After deletion or deactivation, removal from the live system normally takes place within a reasonable period. Search-engine caches or third-party archives may remain available outside our control.

5.4 Uploaded Media: Logos, Photos, Videos, Banners, and Thumbnails

Business users may upload or submit business-related media.

Data processed may include logos, photos, videos, thumbnails, banners, file names, file metadata, upload timestamps, moderation status, approval/rejection records, media titles, descriptions, captions, alt text, or related information, and persons or objects visible in uploaded media.

Purposes include displaying business media, profile presentation, moderation, approval/rejection workflow, content safety, platform operation, legal documentation, and enforcement of Terms and Content Standards.

Legal bases:
Article 6(1)(b) GDPR — contract performance.
Article 6(1)(f) GDPR — legitimate interests in moderation, security, legal protection, and operation of a business listing platform.

Responsibility for depicted persons:
Business users are responsible for ensuring that they have all required rights, permissions, licences, and consents for uploaded media, including where persons, employees, customers, premises, products, third-party logos, music, or protected content appear.

Recipients:
Website visitors where media is published, hosting provider, technical service providers, internal moderation/support, and search engines where public pages are indexed.

Storage period:
For as long as the media is needed for the business listing, moderation, contractual relationship, or legal documentation. Rejected or removed media may be retained temporarily where needed for moderation, evidence, misuse prevention, security, or legal claims, and may then be deleted or anonymised.

5.5 Contact Forms, Support Requests, and General Communication

When you contact us, we process the information you provide, such as name, email address, company or business name, role or function if provided, message content, phone number if provided, URLs, timestamps, attachments, screenshots, evidence provided, and technical metadata related to the communication.

Purposes include responding to enquiries, handling support requests, processing business customer communication, handling legal, billing, privacy, content, or technical requests, documenting communication, and preventing misuse.

Legal bases:
Article 6(1)(b) GDPR — contract or pre-contractual communication where applicable.
Article 6(1)(f) GDPR — legitimate interests in responding to enquiries, support handling, documentation, and legal protection.

Recipients:
Email/mail service, hosting provider, internal administration, support, legal/tax advisors where required, and technical providers where necessary.

Storage period:
Until the enquiry has been handled, plus up to 12 months for documentation and follow-up, unless longer retention is required by law, contract, accounting obligations, or legal claims.

5.6 Content Reports, Rights Complaints, and Moderation Requests

When a person or organisation reports illegal content, rights infringement, misleading business information, unsafe links, or misuse, we process the information needed to review the report. This may include the reporting person’s name and contact details, organisation or role if provided, reported URL or business listing, description of the report, evidence or supporting documents, timestamps, communication history, moderation decision, appeal information, and data of the affected business user where necessary.

Purposes include reviewing content reports, handling rights complaints, enforcing Content Standards, preventing misuse, documenting decisions, legal defence, and compliance with applicable legal obligations.

Legal bases:
Article 6(1)(f) GDPR — legitimate interests in content moderation, platform safety, legal protection, and handling reports.
Article 6(1)(c) GDPR — legal obligation where applicable.

Recipients:
Internal moderation/support, hosting provider, technical service providers, legal advisors where required, affected business users where appropriate, and competent authorities where legally required or necessary.

Storage period:
For the duration of the review and afterwards as long as necessary for documentation, legal claims, misuse prevention, or compliance obligations.

5.7 Billing, Payments, Invoices, and Tax Records

If paid services are used, we process billing and payment-related data, such as business name, billing contact name, billing address, email address, payment status, subscription status, payment method, PayPal subscription or transaction reference where applicable, invoice data, service description, amounts paid or due, tax/VAT information, and billing/payment communication.

Purposes include payment processing, subscription management, billing, invoice email delivery, accounting, tax documentation, fraud prevention, legal compliance, and handling payment disputes or support requests.

Legal bases:
Article 6(1)(b) GDPR — contract performance.
Article 6(1)(c) GDPR — legal obligations under tax, accounting, and commercial law.
Article 6(1)(f) GDPR — legitimate interests in payment security, fraud prevention, and legal defence.

Recipients:
Payment providers such as PayPal where used, banks where applicable, tax advisors, accounting providers, authorities where required, hosting provider, email provider, and internal administration.

Storage period:
Billing, invoice, payment, tax, and accounting records are generally retained for 6 to 10 years in accordance with applicable German commercial and tax retention obligations. Other payment-support communication may be retained as long as necessary for contract handling, documentation, or legal claims.

5.8 Service Emails and Business Communication

We may send emails related to registration, account status, approval, moderation, subscription status, billing, security, support, legal notices, service changes, and important platform information.

Data processed may include name, email address, business name, account status, subscription or billing status, moderation status, message content, delivery metadata, and communication history.

Purposes include operating the account, fulfilling the contract, providing service notifications, informing users about moderation or approval decisions, sending billing and invoice emails, handling security or legal notices, and platform administration.

Legal bases:
Article 6(1)(b) GDPR — contract performance.
Article 6(1)(f) GDPR — legitimate interests in service communication, platform administration, documentation, and security.

Recipients:
Email provider/mail server, hosting provider, internal administration, support, and technical service providers.

Storage period:
For the duration of the business relationship and afterwards as long as needed for documentation, support history, legal claims, or statutory obligations.

5.9 Optional B2B Updates, Platform News, and Public-Link Announcements

Where permitted, we may contact registered business users with relevant B2B platform information, service updates, feature changes, important business-user notices, or similar communications related to ContactTheBusiness.

Where we maintain official ContactTheBusiness social media pages, we may also share links to public business profiles or public business pages already visible on ContactTheBusiness.com. We do not re-upload private or unpublished business media to social media unless separately agreed.

Data processed may include business name, public profile URL, public business category or location, business contact email, communication preferences, and opt-out records.

Purposes include B2B communication, platform updates, visibility of publicly listed businesses, promoting public business profiles, and improving discoverability.

Legal bases:
Article 6(1)(f) GDPR — legitimate interests in B2B communication, platform operation, and promoting public listings.
Article 6(1)(a) GDPR — consent, where legally required.

Right to object / opt-out:
You may object to public-link announcements or non-essential B2B communication at any time by contacting us at contact@contactthebusiness.com.

Recipients:
Email provider/mail server, internal administration, hosting provider, and social media platforms where public-link announcements are posted.

Storage period:
Communication history and opt-out records may be stored as long as necessary to manage preferences, prove compliance, handle objections, or defend legal claims.

5.10 Dashboard Analytics and Platform Statistics

Business users may receive dashboard information, statistics, or analytics related to their business listing.

Data processed may include profile views, card clicks, media clicks or views, CTA clicks, banner clicks, social-link clicks, aggregated time periods, technical event data, and pseudonymous or aggregated usage information.

Purposes include providing dashboard statistics, showing business listing performance, improving platform features, misuse prevention, technical analysis, and service development.

Legal bases:
Article 6(1)(b) GDPR — contract performance where analytics are part of the service.
Article 6(1)(f) GDPR — legitimate interests in platform improvement, technical analysis, and service quality.

Recipients:
Hosting provider, internal administration, technical service providers, and the relevant business account owner.

Storage period:
Analytics and event data may be retained for as long as needed to provide dashboard statistics, improve the Platform, detect misuse, or maintain business records. Data may be aggregated or anonymised where possible.

6. Cookies and Similar Technologies

ContactTheBusiness.com currently uses cookies and similar technologies that are technically necessary for the operation and security of the website.

Such processing may include access to or storage of information on the user’s device. In Germany, this is governed by Section 25 TDDDG, formerly TTDSG, in addition to GDPR requirements.

Technically necessary cookies may be used for maintaining a user session, protecting forms against cross-site request forgery, remembering cookie notice status, enabling secure login, and ensuring technical operation of the website.

Cookie or technology	Purpose	Type	Typical storage period
PHPSESSID or similar session cookie	Maintains a temporary session across page views	Session cookie	Until the browser session ends
CSRF token or similar	Protects forms against cross-site request forgery	Session/security token	Until the browser session ends
cookie notice accepted or similar	Remembers that the cookie notice has been closed	First-party cookie	Usually up to 6 months

Legal bases:
Article 6(1)(f) GDPR — legitimate interests in secure and functional website operation.
Section 25(2) TDDDG — where storage/access is technically necessary.

We do not use these technically necessary cookies to build advertising profiles.

If we introduce non-essential analytics, advertising, remarketing, tracking, or social-media cookies in the future, we will update this Privacy Policy and implement consent where legally required.

7. Social Media Pages and External Platforms

We may maintain official ContactTheBusiness or Wallstoneberg social media pages for communication, visibility, and general business presence.

When you visit, follow, comment on, message, or interact with social media pages, the respective platform provider may process your data under its own responsibility. This may include usage data, profile data, device data, analytics, and communication data.

We may process messages, comments, public interactions, and contact details that you provide through social media channels in order to respond to enquiries, moderate communication, or manage our business presence.

Legal bases:
Article 6(1)(b) GDPR — where communication relates to a contract or pre-contractual request.
Article 6(1)(f) GDPR — legitimate interests in communication, public business presence, and handling enquiries.

Social media providers may process data outside the EU/EEA. Please review the privacy notices of the relevant platforms.

8. External Links from Business Listings

Business profiles may contain external links, such as websites, social media profiles, booking pages, menus, portfolios, product pages, event pages, or other third-party pages.

If you click an external link, you leave ContactTheBusiness.com. The operator of the external website is responsible for its own data processing. We do not control the privacy practices, cookies, tracking tools, content, or security of external websites.

Business users are responsible for ensuring that links they submit are lawful, safe, accurate, and relevant.

9. Recipients and Processors

Personal data may be processed by or disclosed to the following categories of recipients where necessary:

hosting and server providers;
email and mail server providers;
IT and technical service providers;
payment providers, such as PayPal where used;
banks where applicable;
tax advisors, accountants, or bookkeeping support;
legal advisors where required;
public authorities where legally required;
internal administration, support, moderation, billing, and technical personnel;
listed business owners where reports or moderation processes concern their listing;
website visitors and search engines where business profile data is published publicly.

Where service providers process personal data on our behalf as processors, we use appropriate arrangements in accordance with GDPR requirements where required.

We do not sell personal data. We do not disclose personal data to third parties for their own unrelated advertising purposes.

10. Third-Country Transfers

Our primary hosting is intended to be within the EU/EEA where applicable.

However, some processing may involve access from or transfer to countries outside the EU/EEA, for example where public business profiles are accessible worldwide on the internet, search engines index public pages, payment providers such as PayPal are used, social media platforms process interaction or preview data, external links lead to third-party websites, or email, security, or technical service providers involve non-EU/EEA infrastructure.

Where we use service providers that involve transfers to third countries, we rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or other mechanisms permitted under GDPR Chapter V.

Public business profile data is intentionally published on the internet as part of the Platform. Such public availability may mean that the data can be accessed worldwide.

11. Storage Periods, Deletion, and Backups

We store personal data only for as long as necessary for the relevant purposes or as long as required by statutory obligations, contractual obligations, legal claims, security needs, moderation records, or legitimate business interests.

General retention examples:

server logs: usually 7 to 30 days;
account and business listing data: for the duration of the account or contractual relationship;
deleted account documentation: up to 12 months where needed for support, moderation, misuse prevention, documentation, or legal claims;
contact and support communication: usually until handled, plus up to 12 months where needed for follow-up or documentation;
billing, invoice, tax, and accounting records: generally 6 to 10 years;
moderation and content-report records: as long as necessary for documentation, legal claims, misuse prevention, or compliance;
public profile data: for as long as the business profile is active or publication is required for the service;
backups: overwritten or deleted according to technical backup cycles, unless longer retention is needed for restoration, security, or legal purposes.

If deletion is requested, we will delete or anonymise personal data where legally possible. Data may remain in backups for a limited period until backup cycles overwrite it. Access to backup data is restricted and used primarily for restoration or security purposes.

12. Obligation to Provide Data

Certain data is necessary to use ContactTheBusiness.com as a business listing and account service.

Required data may include business name, business contact details, email address, login credentials, business category, business location or service area, contract and billing information where paid services are used, and data required for moderation, security, or legal compliance.

Without required data, registration, business listing publication, account access, billing, or support may not be possible.

Optional data is marked or treated as optional where applicable. Business users should avoid submitting unnecessary personal data.

13. Children and Minors

ContactTheBusiness.com is a B2B platform and is not directed at children or minors.

We do not knowingly collect personal data from children for account registration or business listing services.

If you believe that a child has provided personal data to us, please contact us at contact@contactthebusiness.com so that we can review and delete the data where appropriate.

14. Automated Decision-Making and Profiling

We do not use automated decision-making, including profiling, that produces legal effects concerning individuals or similarly significantly affects individuals within the meaning of Article 22 GDPR.

We may use technical checks, security logs, moderation signals, or automated support tools to assist with platform security, spam prevention, fraud prevention, moderation, or technical operation. Final moderation or account decisions may involve human review where appropriate.

15. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, misuse, or manipulation.

These measures may include TLS encryption for website access, access restrictions, authentication and authorisation controls, role-based access where applicable, server and application security measures, logging and monitoring, backup and restoration procedures, secure hosting configuration, protection against common web attacks, regular review and adjustment of security measures, and limiting internal access to persons who need access for operational, support, moderation, billing, legal, or technical purposes.

No website or internet transmission can be guaranteed to be completely secure. Users are responsible for keeping their login credentials confidential and protecting their own systems.

16. Your GDPR Rights

Subject to the applicable legal requirements, you may have the following rights under the GDPR:

Right of access to information about personal data processed about you;
Right to rectification of inaccurate or incomplete personal data;
Right to erasure where legal requirements are met;
Right to restriction of processing where legal requirements are met;
Right to data portability where legal requirements are met;
Right to object to processing based on legitimate interests;
Right to withdraw consent where processing is based on consent.

To exercise your rights, please contact:
contact@contactthebusiness.com

We may need to verify your identity before responding to a request.

Some rights may be limited where statutory retention obligations, legal claims, business documentation, security needs, moderation records, or rights of third parties require continued processing.

17. Right to Object Under Article 21 GDPR

Where we process personal data based on legitimate interests under Article 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation.

If you object, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

You may object to non-essential B2B communication or public-link announcements at any time by contacting:
contact@contactthebusiness.com

18. Withdrawal of Consent

Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

You may withdraw consent by contacting:
contact@contactthebusiness.com
or by using the relevant unsubscribe, settings, or preference option where provided.

19. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

The supervisory authority responsible for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Germany
Website: https://www.lda.bayern.de/

You may also contact another competent data protection supervisory authority.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time if the legal situation, our services, our technical systems, our processing activities, or our business procedures change.

The current version will be available on ContactTheBusiness.com.

The version and effective date are shown at the top of this page.

Where required, we may notify registered business users of material changes by email, dashboard notice, or another reasonable communication method.

Operator / Controller Details

Legal operator

Wallstoneberg operates ContactTheBusiness.com

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is Wallstoneberg. Full provider identification is available in the Imprint.

Controller

Wallstoneberg
Operator of ContactTheBusiness.com
Full provider identification is available in the Imprint.

Contact channels

Privacy, legal, and general enquiries relating to ContactTheBusiness.com contact@contactthebusiness.com

Registered business customers and billing-related enquiries businesscontact@contactthebusiness.com