Privacy & Cookie Policy

Last updated: 10 January 2026

1. Controller

The controller responsible for processing your personal data on Oakfyn.com is:

Blackfyn LLC
16192 Coastal Highway, Delaware 19958, USA
Email: info@oakfyn.com
Phone: +49 172 3673593

Data Protection Officer (DPO):
If we have appointed a DPO, you can reach them at: willi.kellich@oakfyn.com. Otherwise, please contact us at info@oakfyn.com.

2. Scope of this Policy

This Privacy & Cookie Policy explains how we process personal data when you:

  • visit Oakfyn.com,
  • contact us (e.g., email/contact form),
  • book a consultation via scheduling links (e.g., "Enter the Future of Finance"),
  • interact with embedded content or third-party services.

This notice is provided in accordance with the GDPR transparency obligations.

3. Personal Data We Process

3.1 Website access data (server logs)

When you access our website, our systems may automatically process:

  • IP address (often in truncated form where feasible),
  • date/time of access,
  • requested pages/files,
  • referrer URL,
  • browser type/version, operating system,
  • device identifiers and technical log data.

Purpose: website delivery, stability, security, abuse prevention.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Retention: typically 30 days unless required longer for security investigations.

3.2 Contact requests (email / contact form)

If you contact us, we process data you provide, e.g.:

  • name, company, email, phone,
  • message content and attachments,
  • metadata needed to respond.

Purpose: handling inquiries and pre-contractual communication.
Legal basis: Art. 6(1)(b) GDPR (steps prior to entering a contract) and/or Art. 6(1)(f) GDPR (legitimate interest in responding).
Retention: for the duration necessary to handle the request and comply with legal retention obligations.

3.3 Consultation booking (Scheduling / Calendly)

If you book a consultation via our booking CTA, you may be redirected to or interact with a scheduling service (commonly Calendly). In that case, scheduling data may include:

  • name, email, meeting time,
  • meeting topic/details you enter,
  • time zone and scheduling metadata.

Purpose: appointment scheduling and managing client communications.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.

Calendly provides a GDPR Data Processing Addendum and describes controller/processor roles in its legal documentation.

3.4 Cookies and similar technologies

We may use cookies and similar technologies to:

  • operate the site (strictly necessary),
  • remember preferences,
  • measure usage (analytics),
  • support marketing (where used).

Legal basis:

  • strictly necessary cookies: Art. 6(1)(f) GDPR (legitimate interest), and where applicable national rules,
  • non-essential cookies (analytics/marketing): Art. 6(1)(a) GDPR (consent) via cookie banner/consent tool.

4. Analytics, Tracking, and Marketing (only if enabled)

If we use analytics or marketing tools, we do so only under the legal basis required (typically consent) and we will provide the tool name(s) in the cookie banner/consent manager and/or in a cookie list.

(Consulting-industry practice typically separates "strictly necessary" from "performance/analytics" and "marketing" cookies and provides clear user controls.)

5. Recipients and Processors

We may share personal data with:

  • hosting and infrastructure providers,
  • IT/service providers supporting website operation and security,
  • scheduling providers (for booking),
  • professional advisors (legal/accounting) where necessary,
  • authorities/courts where legally required.

All processors act under appropriate contractual safeguards (Art. 28 GDPR), where applicable.

6. International Data Transfers

Some service providers may process data outside the EEA. Where required, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses) and implement additional measures where necessary.

7. Data Retention

We keep personal data only as long as necessary for:

  • the purposes described in this policy,
  • statutory retention obligations,
  • establishing, exercising, or defending legal claims.

8. Your Rights

Subject to legal requirements and limitations, you have the right to:

  • access, rectification, erasure,
  • restriction of processing,
  • data portability,
  • object to processing based on legitimate interests,
  • withdraw consent at any time (without affecting prior processing).

To exercise rights: email info@oakfyn.com.

9. Complaints

You also have the right to lodge a complaint with a supervisory authority (e.g., in your EU member state of residence/work). The European Commission provides general information on GDPR rights and how to exercise them.

10. Security

We apply appropriate technical and organizational measures to protect personal data, considering the state of the art, implementation costs, nature/scope/context, and risks.

11. Changes to this Policy

We may update this policy to reflect legal, technical, or business changes. The "Last updated" date will be amended accordingly.