Privacy Policy
Bellecony UG (haftungsbeschränkt), operating under the brand “Kunkel Capital”, is a limited liability company based in Germany. We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Controller pursuant to Art. 4(7) GDPR
Bellecony UG (haftungsbeschränkt)
Kommandantenstraße 78
10117 Berlin
Germany
Email: info@kunkelcapital.com
Represented by: Tobias Kunkel
Register Court: Amtsgericht Berlin-Charlottenburg
HRB 197630 B
2. Data Processing on This Website
a) Internal Operational and Reach Measurement (Anonymized Aggregate Logs)
To securely operate and improve our service, we process strictly limited first-party telemetry for internal performance and quality analysis.
Persisted analytics data is stored as anonymized aggregate counters (for example by day, page, source class, country, click action, and total engagement duration). We do not persist per-user or per-session raw analytics logs for this purpose.
For technical reliability (duplicate protection, abuse prevention, and bounded engagement accumulation), short-lived technical state may be processed for a limited period in protected server storage. This temporary state is not part of analytics reporting and is not used for advertising profiling or cross-site tracking. Direct IP addresses are not stored in persisted analytics logs.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests: secure operation, abuse prevention, troubleshooting, service quality, and internal performance measurement). In the current technical setup, this first-party measurement does not rely on non-essential cookie/local-storage access (Section 25(2) TDDDG).
Right to object: You can object at any time under Art. 21 GDPR by contacting info@kunkelcapital.com.
b) Registration
When you sign up, we store your username, email, and a hashed password to manage your account and send a one-time welcome email.
Legal basis: Art. 6(1)(b) GDPR
c) Payment via Stripe
We transmit selected product data and, if logged in, your email address to Stripe when you initiate a purchase. Stripe handles the payment session and processes payment data on its own infrastructure. We do not store any card or payment details.
Legal basis: Art. 6(1)(b) GDPR (contract performance)
Third country transfer: Stripe Inc. is located in the USA. Data transfer is secured via Standard Contractual Clauses. Details: Stripe Privacy Policy.
d) Push Notifications
If enabled, a random device token is stored to deliver push messages. This can be revoked at any time in the app settings.
Legal basis: Art. 6(1)(a) GDPR
e) Web Fonts and Scripts
To ensure visual consistency and performance, we load fonts and scripts from our own server. No external third-party servers are contacted when visiting our website. Therefore, no personal data is transmitted to third parties in this context.
f) Meta Pixel
With your explicit consent, we use the Meta Pixel provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The pixel records page views and interactions to measure the reach of our marketing campaigns. When the pixel fires, information such as the pixel ID, visited URL, HTTP headers (including IP address and browser details) and, if available, your Meta user ID are transmitted to Meta. Meta may store this data and combine it with your Meta account to deliver advertising and analytics services. We only receive aggregated reports that help us assess campaign performance.
Activation: The Meta Pixel is loaded only after you grant consent for marketing cookies through our cookie preferences banner. Without consent, the pixel remains inactive.
Legal basis: Art. 6(1)(a) GDPR (consent).
Withdrawal: You can withdraw your consent at any time via the “Cookie Preferences” link in the footer or by adjusting your Meta ad settings at https://www.facebook.com/adpreferences/ad_settings/.
Third-country transfer: Meta may transfer data to the USA. We rely on the European Commission’s Standard Contractual Clauses and Meta’s Data Processing Terms. Further information is available in Meta’s privacy policy at https://www.facebook.com/privacy/policy.
g) Google Tag (Google Analytics, Google Ads Conversion Tracking and Google Consent Mode v2)
With your explicit consent, we use the Google Tag provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for Google Analytics 4 and Google Ads conversion tracking. In this consented mode, Google may set and read analytics/advertising cookies (for example _ga, _ga_*) and process event data such as page URLs, referrer, browser/device data, truncated IP address, and conversion events.
Activation (Basic Opt-in): Our Google setup is configured so that Google analytics and advertising tags are loaded only after you actively consent to marketing/analytics cookies. If you choose “Only Necessary” or do not grant consent, we do not load Google analytics/ads tags and do not send Google Analytics or Google Ads conversion events from this website.
Google Consent Mode v2: We use Consent Mode v2 for consent-state handling within our Google setup after your decision.
Purposes: Audience and campaign measurement as well as campaign optimization in the consented mode.
Recipient: Google Ireland Limited and, where applicable, Google LLC (USA).
Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG for the setting/reading of non-essential cookies and related tracking in consented mode.
Withdrawal: You can withdraw your consent at any time via the “Cookie Preferences” link in the footer or via the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout. After withdrawal, non-essential Google cookies and related tracking are no longer used by our website.
Third-country transfer: Data may be transferred to Google LLC in the USA. Google is certified under the EU-U.S. Data Privacy Framework; where required, transfer safeguards (including Standard Contractual Clauses) apply. Further information: Google Privacy Policy.
i) Newsletter Subscription (Blog Daily Note)
If you subscribe to our blog newsletter via the signup form on kunkelcapital.com/blog (or in any blog post), we collect and process the following data:
- Email address — to deliver the newsletter.
- Source identifier — which form/CTA you signed up from (e.g., "blog-landing-hero"). Used solely to measure in aggregate which content drives signups.
- Country (2-letter ISO code) — derived from your IP address at the moment of signup. Your IP address itself is not stored.
- Timestamps — signup date, confirmation date, and unsubscribe date (if applicable).
Confirmation flow (double opt-in): After submitting the form, you will receive a confirmation email with a verification link. You will only start receiving the newsletter after you confirm your address by clicking the link. This protects against third-party abuse (someone enrolling your address without permission).
Content of the newsletter: A short summary of each day's published research note plus a link to read the full version on the website. Each email also contains a one-click unsubscribe link.
Legal basis: Art. 6(1)(a) GDPR (consent given via the "By clicking" affirmative action on the signup form, confirmed via double opt-in). For Germany this also satisfies §7(2) UWG (commercial electronic communication with prior explicit consent).
Withdrawal / Unsubscribe: You can unsubscribe at any time by clicking the unsubscribe link in any newsletter email, or by contacting info@kunkelcapital.com. Your email is removed from the active list immediately and the record is deleted within 30 days (short grace period to allow re-subscription if accidentally unsubscribed).
Recipients / Processors: The newsletter is sent directly from our own server via the same mail infrastructure that sends transactional emails (welcome, password reset). No third-party email marketing service (Mailchimp, SendGrid, etc.) is used. No data is shared with external recipients.
Data retention: Email addresses are retained as long as you remain subscribed. After unsubscribe, the record is deleted within 30 days. Unconfirmed signups (no click on the confirmation link) are deleted after 14 days.
j) Blog Analytics (Cookieless, No Consent Required)
Each visit to a page under kunkelcapital.com/blog is counted in an aggregated, server-side pageview log. This counter is used exclusively to understand which posts are read and to improve the editorial direction of the research notes. It is not used for advertising, personalization, profiling, or cross-site tracking.
What is recorded (aggregated, not per-visitor):
- The date of the visit and the URL that was requested.
- The post ID if the visit was on a single article.
- A two-letter country code derived from your IP address. The IP address itself is never written to a persistent log. It is read for the country lookup and immediately discarded in the same request.
- The referrer host only (e.g.
google.com,twitter.com), never the full referring URL or any query string. - A coarse device class:
desktop,mobile,tablet, orbot. This is derived from the User-Agent string and is not a fingerprint.
All of the above is aggregated daily via an ON DUPLICATE KEY UPDATE counter, meaning individual visits are not distinguishable after they are recorded. The row stored in the database is a tally per (date, URL, country, referrer host, device class), never a per-visitor event.
What is NOT done:
- No cookies are set, read, or required.
- No browser storage (localStorage, sessionStorage, IndexedDB) is used.
- No unique identifier is generated, assigned, or stored on your device.
- No data is sent to any third party. The counter lives on our own server only.
- No IP address is stored. The raw IP is held in memory only for the duration of the country lookup, then discarded.
- No device fingerprint, no canvas/font probing, no cross-site linking.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding how the publicly accessible blog is used, in order to improve editorial quality). Because no information is stored on or read from your device (no cookies, no identifiers), this processing falls outside the scope of Section 25(1) TDDDG / ePrivacy Art. 5(3) and therefore does not require consent.
Retention: Aggregated daily rows are retained for up to 24 months for long-term trend analysis, then deleted. No IP addresses are retained at any stage.
Objection: You can object to this legitimate-interest-based processing at any time by contacting info@kunkelcapital.com. Because the data is fully aggregated and no identifier links a row to you, practical removal is performed by deleting the relevant date slices on request.
h) TikTok Pixel
With your explicit consent, we use the “TikTok Pixel” of the provider TikTok (for the EEA: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland). This pixel allows us to track the behavior of users after they have seen or clicked on a TikTok advertisement. This process is used to evaluate the effectiveness of TikTok ads for statistical and market research purposes and to optimize future advertising measures. The data collected is anonymous to us; however, TikTok stores and processes the data, which may be linked to your TikTok user profile and used for TikTok's own advertising purposes in accordance with their privacy policy.
Activation: The TikTok Pixel is loaded only after you grant consent for marketing cookies through our cookie preferences banner.
Legal basis: Art. 6(1)(a) GDPR (consent).
Withdrawal: You can withdraw your consent at any time via the “Cookie Preferences” link in the footer or by adjusting your settings within your TikTok account.
Third-country transfer: Data may be transferred to TikTok Inc. (USA) or other global entities of the group. We rely on the European Commission’s Standard Contractual Clauses. Further information: TikTok Privacy Policy.
3. Cookies and Local Storage
We use essential cookies required for secure and proper website function. Our first-party anonymized aggregate operational/reach measurement (Section 2a) is performed server-side, is limited to internal purposes, and does not rely on a dedicated analytics cookie or comparable local storage. Third-party analytics and advertising cookies are only used if you provide consent for the tools listed below.
| Cookie / Storage | Purpose | Expiration | Category |
|---|---|---|---|
| PHPSESSID | Maintains login session | Session | Necessary |
| csrf_token | CSRF protection for forms | Session | Necessary |
| cookie_consent | Stores banner choice | 6 months | Necessary |
| _fbp | Meta Pixel identifier for marketing performance measurement | 3 months | Marketing (requires consent) |
| _ga | Google Analytics: Used to distinguish users | 2 years | Marketing/Analytics (requires consent) |
| _ga_* | Google Analytics: Used to persist session state | 2 years | Marketing/Analytics (requires consent) |
| _ttp | TikTok Pixel: Used to measure and improve the performance of advertising campaigns | 13 months | Marketing (requires consent) |
| theme (localStorage) | UI preference (light/dark) | Persistent | Functional |
| Stripe Checkout | Session creation, fraud protection | Stripe domain | Necessary |
4. Cookie Consent Options
- Only Necessary: Enables only essential cookies (login, CSRF, preference saving, payment). Marketing/analytics tags (Meta Pixel, Google Tag, TikTok Pixel) remain inactive.
- Accept All: Activates additional cookies and tracking technologies mentioned in the Privacy Policy for marketing analytics.
- Independent of cookie choice: Our own strictly limited first-party anonymized aggregate operational/reach measurement (Section 2a) remains active for secure operation, abuse prevention, and internal quality analysis because it does not rely on non-essential cookies/local storage.
You can change your preferences at any time via the cookie banner or browser settings.
5. Data Retention
- First-party anonymized aggregate analytics logs: stored in monthly files and retained only as long as required for internal operational and performance analysis
- Short-lived technical anti-duplicate/anti-abuse state: up to 48 hours
- Account data: active duration + legal retention
- Newsletter subscribers: while subscribed; deleted within 30 days of unsubscribe; unconfirmed signups deleted after 14 days
- Blog pageview counters (aggregated, no IP, no identifier): up to 24 months
- Cookie preferences: 6 months
- Google Analytics data: 14 months (standard duration)
- TikTok Pixel data: up to 13 months
6. Data Security
We use TLS encryption (HTTPS) for secure transmission and implement technical and organizational safeguards to protect personal data from unauthorized access or loss.
7. Your Rights (Art. 15–22 GDPR)
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Data portability (Art. 20)
- Objection (Art. 21)
- Withdraw consent (Art. 7(3))
- Complain to a supervisory authority
Supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin
www.datenschutz-berlin.de
8. Social Media Links
Our website contains links to our profiles on external social media platforms (YouTube, TikTok, Instagram). These are regular hyperlinks that do not transmit any data when our site is loaded. Once clicked, the respective third-party privacy terms apply.
9. Changes
This Privacy Policy may be updated. The current version is available on this page.
Last updated: April 15, 2026