1. Who is the controller
• Controller: Maiysha Fotsch (trading as “FOCS” / “FOCS Agency”)
• Primary place of business: Berlin, Germany
• Postal address for correspondence: Rotlintstraße 9, 60316 Frankfurt, Germany • Email (privacy requests): hello@focs.agency
• Data Protection Officer: not appointed
2. Scope & laws that apply
We are based in the EU and primarily serve EU visitors. This policy is written to comply with the EU GDPR and includes notes for UK GDPR (no UK representative appointed) and California CPRA.
3. What data we collect and why
3.1 When you contact us or join our newsletter
• Data: email address (and anything you include in your message).
• Purpose: respond to inquiries, send newsletters/updates you request.
• Legal bases (GDPR):
– Consent (Art. 6(1)(a)) for newsletter sign-ups (we use confirmation/double opt-in where required).
– Contract / pre-contractual steps (Art. 6(1)(b)) for handling inquiries about our services.
– Legitimate interests (Art. 6(1)(f)) for record-keeping and preventing abuse.
Destination/tools: Newsletter data is processed in Mailchimp. We do not collect job applications or file uploads via the website.
3.2 Website operation & security
• Data: server logs from our hosting provider (GoDaddy) such as IP address, date/time, requested URL, user-agent.
• Purpose: provide the site, ensure security/fraud prevention, debug issues.
• Legal basis: Legitimate interests (Art. 6(1)(f)).
• Retention: server logs are typically kept up to 30 days unless needed longer to investigate incidents.
4. Cookies & tracking
At launch, we only use strictly necessary cookies to operate the site. We do not use analytics, advertising pixels, heatmaps, or A/B testing cookies.
If we later introduce non-essential cookies, we will request your consent via a cookie banner and update this policy.
5. Where your data is processed (international transfers)
We use third-party providers that may process data outside the EEA (e.g., the United States).
• Where a provider participates in the EU–US Data Privacy Framework (DPF), we rely on that adequacy decision.
• For providers not handling website visitor personal data or configured to store data in the EEA, international transfer does not occur.
• We avoid transferring personal data to providers without an adequate protection mechanism and will update this notice if that changes.
Current key providers: Mailchimp (email/newsletter), Google Workspace (business email), GoDaddy (hosting/CDN).
Internal tools like Notion and Airtable are not used for website visitor submissions at launch; if a business relationship develops, contact details may be stored there for project administration (see Section 3.1).
6. How long we keep data • Newsletter data: until you unsubscribe; limited backups may persist for up to 12 months.
• Inquiry emails: up to 12 months after our last interaction, unless legal claims require longer retention. • Server logs: up to 30 days, unless needed for security investigations.
7. Security
We use reasonable technical and organizational measures, including TLS encryption, access controls/least-privilege, MFA where available, and regular backups. No method is 100% secure, but we aim to protect data against unauthorized access, alteration, or loss.
8. Your GDPR rights
You have the right to access, rectify, erase, restrict, object to processing based on legitimate interests, and data portability. Where processing is based on consent, you may withdraw consent at any time (e.g., unsubscribe link in emails).
To exercise rights, email hello@focs.agency.
You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the Berlin Commissioner for Data Protection and Freedom of Information.
9. Children
Our site and services are not directed to children under 16. If you believe a child provided us personal data, contact hello@focs.agency so we can delete it.
10. California (CPRA) notice
For California residents, we provide the following disclosures:
• Categories collected: identifiers (email), internet activity (basic server logs).
• Purposes: provide the site, respond to inquiries, send newsletters you request.
• Sensitive personal information: not intentionally collected.
• “Sell” or “Share” PI: We do not sell or share personal information for cross-context behavioral advertising. • Your rights: know/access, delete, correct, portability (where applicable), and non-discrimination. Requests: hello@focs.agency.
11. Third-party links & embeds
Our site may link to third-party platforms (e.g., our Instagram profile). Following those links may allow those platforms to collect data under their own privacy policies.
12. Changes to this policy
We may update this policy from time to time. The latest version will always be available on this page and will show the effective date.