DE EN

Legal

Privacy Notice

Last updated: May 17, 2026, Version 1.8 — Azure App Insights removed, AI-engine referrer tracking added

1. Data controller

The data controller under the General Data Protection Regulation (GDPR) and other data protection laws is:

Maximilian Bräu
Maximilian Bräu Innovation & Consulting
Mittenwalder Str. 46
82467 Garmisch-Partenkirchen
Germany
Email: info@braeu-innovation.de

2. General notes on data processing

We process personal data of our users only within the limits of the law. Processing takes place only where it is needed to provide the website and its functions, or where a legal basis applies (Art. 6 GDPR).

The connection between your device and our website is encrypted (TLS). We take appropriate technical and organizational measures under Art. 32 GDPR to protect your data against loss, manipulation, and unauthorized access.

3. Hosting and infrastructure

The website runs on Microsoft Azure Static Web Apps. The operator is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, represented within the EU by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Delivery runs from the "West Europe" region (data centers in the Netherlands).

When you visit the website, server-side log files are recorded. These include your IP address, the date and time of the request, the volume of data transferred, the user agent, and the referrer. Log files serve operational security, attack defense, and error analysis. Retention is 14 days; data is then deleted automatically.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and stable operation of the website.

4. Contact form

When you contact us through the contact form, we process the data you provide: name, email address, and the content of your message. This data serves only to handle your request and any follow-up communication. We also record the time of your form submission (submission timestamp). This documents that you acknowledged the privacy notice before submitting.

The technical delivery runs through Azure Communication Services (Microsoft, West Europe region). The content of your request is not stored in a database. It is delivered as an email to our business mailbox, which runs on Microsoft 365 (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland), and processed there.

The legal bases are Art. 6(1)(b) GDPR (pre-contractual steps taken at your request) and Art. 6(1)(f) GDPR (legitimate interest in receiving, handling, and documenting incoming requests).

Retention periods:

  • Email in the business mailbox (Microsoft 365), if the request does not lead to a business relationship: up to 6 months after the end of correspondence, then deletion as part of routine mailbox hygiene
  • Email kept as business correspondence: up to 10 years under § 257 of the German Commercial Code (HGB) and § 147 of the German Fiscal Code (AO), if the request leads to a business relationship

5. Reach measurement with Plausible Analytics

To measure reach and analyze how our website is used, we use Plausible Analytics. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia (EU member state).

Plausible Analytics does not use cookies and does not build cross-device profiles. Only anonymized usage data is recorded: the page visited, referrer, browser type, operating system, and country (derived from the IP address). The IP address is used to generate a daily, salted hash and then discarded permanently. It is neither stored nor passed on. Under Plausible's technical architecture, there is no risk of re-identification.

The usage data collected is processed on servers within the European Union (Hetzner, Frankfurt). No transfer to third countries takes place.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is to analyze how the website is used, in order to improve content and technical operation. You can object to processing based on Art. 6(1)(f) GDPR under Art. 21 GDPR. Plausible Analytics automatically detects the DNT: 1 browser header (Do Not Track); when the DNT header is set, no data is transmitted to Plausible. A further opt-out is available through the Plausible privacy notice: https://plausible.io/privacy.

We also record the language version visited on each page view as a technical aggregate (custom property locale: value de or en). This is not personal data; the information serves only language-based usage analysis within the Plausible dashboard.

We also record AI-engine referrals as a custom event called „AI Referrer” with the property engine (e.g. chatgpt, perplexity, claude, gemini, copilot, you). The event fires only when the browser referrer matches a known AI-engine domain. Only the engine name is transmitted; no user identifiers, session data, or URL paths are recorded. This is an aggregated channel signal with no personal data. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest is the analysis of marketing channels.

No personal data is stored persistently. A data processing agreement under Art. 28 GDPR is in place with Plausible Insights OÜ (Data Processing Agreement, available in the Plausible account settings).

6. Appointment booking via Microsoft Bookings

For scheduling calls, we link to Microsoft Bookings (Microsoft Corporation, see Section 3). When you click the booking link, you are forwarded to a domain operated by Microsoft. Microsoft processes the data you enter there under its own data protection responsibility, within the scope of our Microsoft 365 account.

The legal basis for the forwarding and the subsequent appointment handling is Art. 6(1)(b) GDPR (pre-contractual steps taken at your request).

For information on what data Microsoft processes through Bookings, and how long it is stored, please see Microsoft's privacy statement: https://privacy.microsoft.com/en-us/privacystatement .

7. Web fonts

This website uses the "Fraunces" and "Inter" typefaces. They are served locally through the @fontsource package and loaded from our own server. There is no connection to external font providers, in particular not to Google Fonts. No data is transferred to third parties.

8. Presence on social networks

We maintain profiles on social networks (LinkedIn, Instagram, Facebook) to share information about our work and to connect with interested visitors. The respective platform operators are responsible for the data processing on these platforms.

When you visit our pages on social networks, the platform operators collect data about you — whether or not you have an account there. This is typically done through cookies and similar tracking technologies. We have no influence on this processing.

Where we are considered joint controllers with the platform operators, we note that we have no reliable information on the purposes for which the operators use the data collected. For more information, please see the privacy notices of each provider:

The legal basis for our presence on social networks is Art. 6(1)(f) GDPR. Our legitimate interest is external visibility and communication with interested visitors and clients.

You can exercise your data protection rights (access, rectification, erasure, objection) both against us and against each platform operator. We recommend addressing your rights directly with the platform operator, since they have direct access to the usage data.

9. Recipients and data processors

Personal data is transferred to the following data processors under Art. 28 GDPR:

  • Microsoft Corporation / Microsoft Ireland Operations Limited: hosting, contact form delivery, appointment booking, email services (Microsoft 365)
  • Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia: reach measurement (Plausible Analytics)
  • IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany: domain registration

Data processing agreements under Art. 28 GDPR are in place with all data processors.

10. Transfer to third countries

Processing takes place primarily in data centers within the European Union (Azure West Europe region). Within the Microsoft group, processing may in individual cases occur in third countries, in particular the United States — for support or infrastructure management, and for the technical operation of Azure Communication Services (email delivery for the contact form).

The basis for this is the data processing agreement (Data Protection Addendum) with Microsoft and the EU Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR. Microsoft is additionally certified under the EU-US Data Privacy Framework (Art. 45 GDPR). Additional technical and organizational measures (encryption, access restrictions) are contractually agreed.

11. Retention periods at a glance

Processing Retention
Server log files (Azure) 14 days
Contact inquiries (email mailbox Microsoft 365, no contract concluded) up to 6 months after the end of correspondence
Contact inquiries (email, business correspondence after contract conclusion) up to 10 years (§ 257 HGB, § 147 AO)
Plausible Analytics (usage data) no personal data stored persistently; IP address discarded immediately after hash generation
Appointment booking data until the purpose is fulfilled, then under commercial and tax law retention periods

12. Rights of the data subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR), in particular against processing based on Art. 6(1)(f) GDPR
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact: info@braeu-innovation.de.

13. Competent supervisory authority

Bavarian Data Protection Authority (BayLDA — Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 18
91522 Ansbach
Germany
Phone: +49 981 180093-0
Email: poststelle@lda.bayern.de

14. Reservation of changes

We reserve the right to amend this privacy notice so that it always meets current legal requirements, or to reflect changes to our services — for example when we introduce new services. For your next visit, the new privacy notice will apply.

Last updated: May 17, 2026, Version 1.8 — Azure App Insights removed, AI-engine referrer tracking added

Finden

Esc schließt · Cmd/Ctrl+K öffnet.

Manifest.

Was hier steht, steht nicht auf der Hauptseite.

Ich arbeite allein – bewusst.
Wer mich beauftragt, arbeitet mit mir, nicht mit einem Büro.

Ich komme vor Ort. Nicht weil es effizienter wäre –
oft ist es das Gegenteil. Sondern weil die Wahrheit eines Hauses
sich im Gang zeigt, nicht in der Tabelle.

Ich interessiere mich mehr für den Betrieb als für den Bericht.
Was am Ende bleibt, soll das Haus sein, das wieder läuft –
nicht das Dokument, das beweist, dass ich da war.

Ich nehme wenige Mandate an, weil Qualität nicht durch Skalierung entsteht.

Ich habe keinen Pitch für jede Gelegenheit.
Wenn die Frage nicht zu dem passt, was ich wirklich kann,
sage ich das lieber früh als spät.

Das ist alles.

Maximilian Bräu, ÖHV Diplomhotelier
Bräu Innovation & Consulting, Garmisch-Partenkirchen

Danke, dass Sie genau hinsehen.

Das ist, woran ich meine Kunden erkenne.

— M.

Fünf Sätze. Keine Präsentation.

Ein gutes Haus braucht keinen Pitch. Es braucht jemanden, der die richtige Frage stellt.
1 / 5
+49 151 46 19 12 17