Privacy Policy
1. General Information regarding Data Processing
1.1 Limitless Bold as Data Controller
The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:
Limitless Bold ppl GmbH
Brunoldstr. 1
16247 Joachimsthal
Germany
We are registered with the commercial register at the local court of Frankfurt am Main HRB 22387 FF, represented by the Managing Directors Janet Brönstrup & Charlotte Lazarovici.
We understand that our website may be visited by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. Our data processing activities are carried out in accordance with the EU General Data Protection Regulation (GDPR), we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.
1.2 Contact for Data Protection Matters
If you have any questions regarding data protection or the processing of your personal data, you can contact us at:
by mail:
Limitless Bold ppl GmbH
- Data Protection Matters -
Brunoldstr. 1
16247 Joachimsthal
Germany
by e-mail:
1.3 Your Rights/ Your data
In accordance with the statutory provisions, you as the data subject have the following rights:
-
the right to access,
-
the right to rectification or erasure,
-
the right to restriction of processing, and
-
the right to data portability.
If you have provided us with your personal data based on a consent, you could withdraw the consent at any time with effect for the future.
You may object to the processing of your personal data, if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.
To exercise these rights named above you may contact us at any time, for example by sending an email to contact@limitlessbold.com. You also have the right to lodge a complaint with a supervisory authority (State Commissioner for Data Protection Brandenburg).
Data of Minors
Our website and services are not directed to individuals under the age of 16.
We do not knowingly collect personal data from children or minors. If we become aware that personal data from a minor has been collected without appropriate consent from a parent or legal guardian, we will take reasonable steps to delete such data as soon as possible.
If you believe that a minor has provided personal data to us, please contact us.
1.4 Processing of Data, Purpose, and Legal Basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The legal basis for all our processing activities is based on Art. 6 (1) GDPR. You will receive further information in the context of the presentation of the individual processing activities.
1.5 Storing and Deleting Data
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.
1.6 Data Security
For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data will be transferred in encrypted form.
1.7 Transmission to Service Providers
We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR.
1.8 Data Processing by Third Parties / Data Processing outside the EU
We may use third party service providers that process your data for the purposes mentioned in this privacy policy. We process your personal data by using third party providers in the EU and the USA, where data protection standards applicable in the EU are ensured. For more information, please refer to our overview of processing activities below.
Some of the service providers we use may process personal data in countries outside the European Union or the European Economic Area, including the United States.
Where such transfers take place, we ensure that an adequate level of data protection is maintained by implementing appropriate safeguards in accordance with Art. 44 et seq. GDPR.
Such safeguards may include:
-
the use of Standard Contractual Clauses (SCCs) approved by the European Commission,
-
reliance on an adequacy decision issued by the European Commission (such as the EU-US Data Privacy Framework), or
-
other appropriate legal mechanisms permitted under applicable data protection law.
Further information regarding the specific safeguards applied may be obtained by contacting us.
1.9 Profiling and automated Decision Making
We do not use automated decision-making including profiling when processing data concerning our website or app.
2. Data processing on our Website
2.1 Server Logs / Web Server Security
Nature and purpose of data processing:
We collect data on each visit to our website https://www.limitlessbold.com/ ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used.
We use these server log files to ensure a trouble-free connection, usability, and functionality of our website and to evaluate the system safety and stability.
Legal basis:
When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.
Recipients:
The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.2 Cookies and Tracking Technologies
Our website may use cookies and similar technologies to ensure the functionality of the website and to analyze and improve our services.
Cookies are small text files that are stored on your device when you visit our website. They enable certain features, improve user experience, and allow us to analyze website usage.
We may use different types of cookies:
-
Essential cookies, which are required for the technical operation of the website.
-
Analytics or performance cookies, which help us understand how visitors interact with our website.
-
Marketing or tracking technologies, which may be used to measure the effectiveness of campaigns or interactions.
Where required by law, we will ask for your prior consent via a cookie banner before setting non-essential cookies. You may withdraw your consent at any time.
The legal basis for the use of essential cookies is Art. 6 (1) f GDPR (legitimate interest in providing a functional website). If cookies require consent, the legal basis is Art. 6 (1) a GDPR.
If analytics or marketing tools from third-party providers are used (for example analytics or marketing platforms), data may be processed by these providers in accordance with their respective privacy policies. Further details are provided when such services are implemented.
2.3 Agency Services
Nature and purpose of data processing:
We process personal data of our clients and their employees or candidates within the scope of our contractual services. Our services include, but are not limited to, conceptual and strategic consulting, HR and organizational consulting, recruiting and talent acquisition (including candidate sourcing, screening and communication), employer and employee branding, planning and execution of campaigns, development of and consulting on design, management of projects and processes, data analysis, training and workshops, as well as administrative and communication support.
We may process data such as customer names or addresses, contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), contract data (e.g. subject of contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. within the scope of evaluating and measuring the success of marketing measures).
Data subjects include our customers and our customers’ employees. The purpose of the processing is the provision of contractual services, billing, and the provision of our customer service.
Legal basis:
The legal basis of the processing is Art. 6 sec. 1 lit. b GDPR regarding the provision of contractual services and otherwise Art. 6 sec. 1 lit. f GDPR, our legitimate interest being the optimization of our communications and services.
Recipients:
The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.4 Processing of Personal Data on behalf of Clients
In the course of providing our consulting services, we may process personal data on behalf of our clients.
In such cases, Limitless Bold acts as a data processor within the meaning of Art. 28 GDPR and processes personal data solely on documented instructions of the respective client.
Where required by law, we enter into data processing agreements (DPAs) with our clients that define the subject and duration of processing, the nature and purpose of the processing, the type of personal data, and the categories of data subjects.
Clients remain responsible for the lawfulness of the data processing and for ensuring that appropriate legal bases for the processing of personal data exist.
2.5 Careers at Limitless Bold – Recruiting for Limitless Bold
Nature and purpose of data processing:
If you apply for a position at Limitless Bold, we process the personal data you provide to us as part of your application. This may include your name, contact details (such as email address or telephone number), CV, professional background, qualifications, and any other information you choose to share with us during the application process.
The purpose of the processing is to evaluate your application, communicate with you during the recruiting process, and make hiring decisions.
Please note that you may submit applications via different channels, such as email, professional networks (for example LinkedIn), or other communication channels.
Legal basis:
The legal basis for processing your personal data in the context of the application process is Art. 6 (1) b GDPR (pre-contractual measures) in conjunction with Section 26 BDSG.
Recipients:
Your data will be accessed only by those persons within Limitless Bold who are involved in the recruiting and decision-making process. Where necessary, service providers may process data on our behalf in accordance with Art. 28 GDPR.
Storage duration:
If your application is not successful, we will generally store your application documents for up to 6 months after the completion of the recruitment process, unless a longer retention period is required by law or you have given consent for a longer storage period.
2.6 Contacting us
Nature and purpose of data processing:
If you send us an email, your name, email address and other information you may provide, they are processed by us to work on your inquiry or to be able to contact you at a later time for follow-up questions.
Legal basis:
This data is processed only based on our legitimate interest to offer efficient communications channels to the public (Art. 6 sec. 1 lit. f. GDPR), or based on initiating a or communicating under an existing business relationship (legal basis Art. 6 sec. 1 lit. b. GDPR).
Recipients:
The recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
3. Data Processing on our Social Media Pages
We operate pages on the following social media channels:
-
LinkedIn: www.linkedin.com or mobile app by LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please refer to: https://www.linkedin.com/legal/privacy-policy
-
Wix: www.wix.com or services provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel, please refer to: https://www.wix.com/about/privacy
-
Calendly: www.calendly.com or mobile app by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA, please refer to: https://calendly.com/privacy
When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.
The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. When using LinkedIn, data may also be processed outside the EU.
3.1 Data Processing and Legal Basis
On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.
Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.
Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 sec. 11 lit. a, b GDPR) or based on legitimate interests in improving the services and presentation to the outside world (Art. 6 sec. 1 lit. f GDPR).
4 Changes to our privacy policy
We reserve the right to adapt this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g., when introducing new services. The current data protection declaration applies to every visit to the website.
Version 1.1 last updated 01.02.2026