Privacy Policy

Last updated: April 1, 2026

1. Data Controller

BumTable
Alexander Lemeshov
Kornacherstraße 4
97421, Schweinfurt
Germany
Email: [email protected]

2. Overview

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your personal data when you visit our website and use our services, in compliance with the EU General Data Protection Regulation (GDPR/DSGVO) and the German Federal Data Protection Act (BDSG).

3. Data We Collect

3.1 Waitlist Sign-Up Data

When you sign up for our waitlist, we collect the following information:

  • Email address (required) β€” to contact you about launch updates
  • First name (optional) β€” to personalize our communication
  • Role preference (required) β€” lender, borrower, or both
  • City (optional) β€” to understand regional demand
  • Country (optional) β€” to understand international interest

Legal basis: Art. 6(1)(a) GDPR β€” your explicit consent when submitting the form.

3.2 Automatically Collected Data

When you visit our website, the following data is automatically collected by our web server:

  • IP address (anonymized)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referring URL

Legal basis: Art. 6(1)(f) GDPR β€” legitimate interest in ensuring the functionality and security of our website.

4. Cookies and Local Storage

4.1 Essential Storage

We use browser localStorage (not cookies) for the following essential purposes:

  • Language preference (bumtable_lang) β€” stores your selected language (EN/DE/RU) so it persists across visits
  • Cookie consent (bumtable_consent) β€” stores your cookie/consent preferences

These are strictly necessary for the website to function and do not require consent under Art. 5(3) of the ePrivacy Directive.

4.2 Third-Party Services

We load the following resources from third-party servers:

  • Google Fonts (fonts.googleapis.com) β€” to display the Inter typeface. Google may receive your IP address. Google's Privacy Policy
  • Three.js (cdnjs.cloudflare.com) β€” to render 3D animations. Cloudflare may receive your IP address. Cloudflare's Privacy Policy

Legal basis: Art. 6(1)(a) GDPR β€” your consent via our cookie/consent banner.

5. Purpose of Data Processing

We process your personal data for the following purposes:

  • To manage your waitlist registration
  • To send you updates about BumTable's launch (only if you opted in)
  • To analyze aggregated, anonymous demand by region
  • To ensure website functionality and security

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared with:

  • Hosting providers β€” our infrastructure providers process data on our behalf under a Data Processing Agreement (DPA)
  • Legal obligations β€” if required by law or court order

7. Data Retention

Your waitlist data is stored until:

  • You request deletion (see Section 8)
  • The purpose for which it was collected is fulfilled
  • We are legally required to delete it

Server logs are automatically deleted after 7 days.

8. Your Rights (GDPR Art. 15–22)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) β€” obtain confirmation and a copy of your data
  • Right to rectification (Art. 16) β€” correct inaccurate data
  • Right to erasure (Art. 17) β€” request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18) β€” restrict processing of your data
  • Right to data portability (Art. 20) β€” receive your data in a machine-readable format
  • Right to object (Art. 21) β€” object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) β€” withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected].

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Access controls and authentication
  • Regular security updates
  • Data minimization β€” we only collect what is necessary

10. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

The supervisory authority relevant for this website operator is:

Bayerisches Landesamt fΓΌr Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
E-mail: [email protected]
Website: https://www.lda.bayern.de/de/index.html

11. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top reflects the latest revision. We encourage you to review this page periodically.

← Back to Home