Let’s Talk

Privacy Policy

Privacy Policy

1. Controller & Data Protection Officer

Controller pursuant to the GDPR:
Philipp Bauer-Gauss
Strovolou 77, Strovolos Center, Office 301
2018 Nicosia, Cyprus

Contact for data protection matters:
Email: mcphil@21million.fun

2. Hosting

Our website is hosted by Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany. A Data Processing Agreement pursuant to Art. 28 GDPR is in place with Host Europe. When visiting the website, the server log files listed under section 3 are collected.

3. Server Log Files (Host Europe)

Each time our website is accessed, Host Europe automatically collects the following data and stores it in server log files:

  • IP address (anonymised after 7 days)
  • Date and time of access
  • Name of the accessed file
  • Referrer URL
  • Browser type and version
  • Operating system

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security and detection of misuse). The data is deleted after a maximum of 9 weeks.

4. Plugins & Tools Used

4.1 Elementor & Elementor Pro

We use the page builder “Elementor” (elementor.com, Israel). When editing the website in the backend, no personal data is transmitted to Elementor. No tracking scripts from Elementor are loaded on the live site.

4.2 Contact Form 7

Our contact forms are based on the “Contact Form 7” plugin. The data entered (name, email address, message, etc.) is forwarded to us exclusively by email and is not stored on the server (except in the email queue for a maximum of 24 hours). Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(a) GDPR (consent for optional fields).

4.3 Google reCAPTCHA v3 (for contact forms)

To protect our contact forms from bot abuse and reduce spam, some forms use “Google reCAPTCHA v3”. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

reCAPTCHA v3 operates in the background and evaluates various signals (e.g., mouse movements, time spent on the site, IP address, browser fingerprint) to calculate a risk score indicating whether the visitor is human or a bot. The following data is transmitted to Google:

  • IP address (anonymised)
  • Referrer URL
  • Information about operating system and browser
  • Time spent on the website
  • Mouse movements and keystrokes (anonymised)
  • Google cookies (if you were previously logged into Google)

The data is transmitted when the page containing the form loads; no “I’m not a robot” interaction is required.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing spam and misuse of our contact forms).
Storage period at Google: Google stores the data in anonymised form for statistical purposes; individual IP addresses are deleted or anonymised after a few weeks.
Google Privacy Policy: https://policies.google.com/privacy

Opt-out: You may prevent processing by reCAPTCHA by disabling JavaScript or using an ad/tracker blocker (e.g., uBlock Origin). In this case, however, the contact form cannot be submitted.

4.4 Polylang (Multilingualism)

Polylang stores only one technical cookie (“pll_language”) to remember the selected language. This cookie does not contain personal data. Storage period: 1 year. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in user-friendly multilingual functionality).

4.5 WP Fastest Cache

This plugin generates static HTML files of the website (caching). No personal data is stored or transmitted.

4.6 Robin Image Optimizer / SVG Support / OMGF / Simple Lightbox

These optimisation plugins process images and fonts exclusively on our own server. No data is transmitted to third parties.

4.7 Wordfence Security

Wordfence (Defiant Inc., USA) protects against attacks. In cases of suspicious activity (e.g., too many failed login attempts), the IP address may be temporarily transmitted to Wordfence servers in the USA. A Data Processing Agreement with Standard Contractual Clauses is in place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security).

4.8 Presto Player

If videos are embedded, they are either hosted locally or (in the case of YouTube/Vimeo) embedded using enhanced privacy mode (“nocookie” domain). No cookies are set before consent.

4.9 Yoast SEO

Yoast SEO runs entirely on the server. No data is transmitted to Yoast.

5. Cookies

Our website uses only technically necessary cookies:

  • pll_language – Stores the selected language (1 year)
  • wordpress_test_cookie – Checks whether cookies can be set (session)
  • wf_loginalerted_… – Wordfence security cookie (if login attempts are blocked)

No advertising, marketing, or tracking cookies are used.

6. Rights of Data Subjects

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at)

7. Updates & Amendments

Version of this Privacy Policy: 27 November 2025 We reserve the right to amend this policy in the event of legal or technical changes.

Zaplant Logo

Bitcoin for real life – Get your business ready for Bitcoin

Links

Zaplant Trading Limited

  • mcphil@21million.fun
  • Strovolou 77, Strovolos Center, Office 301, 2018 Nicosia
zypern

© 2025 Zaplant Ltd.

Privacy Policy Imprint