PRIVACY POLICY

Last updated: 15 July 2026

1. Controller

The controller responsible for the processing of personal data on this website is:

Sandra Benning
Zittelstr. 10
80796 Munich
Germany

Phone:Email:

2. Purpose of this website

This website serves as a digital portfolio and business card for Sandra Benning.
It provides photographs, professional information, contact details and a downloadable
sedcard for model agencies, bookers, casting professionals and prospective clients.

The website does not provide visitor accounts, public login functions, online purchases,
contact forms, newsletter subscriptions or comment functions.

3. Hosting and server log files

This website is hosted by:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany

When this website is accessed, technical connection and access data may be processed
automatically. This may include:

  • the requested page or file;
  • the date and time of access;
  • the referrer URL;
  • the browser type and browser version;
  • the operating system and device type;
  • the HTTP status code;
  • the amount of data transferred; and
  • the IP address in anonymised form.

The processing is necessary to deliver the website, maintain its technical stability,
identify errors and protect the website against misuse and attacks.

The legal basis is Article 6(1)(f) GDPR. The legitimate interest is the secure,
stable and reliable operation of the website.

According to the information provided by IONOS for its webhosting services,
IP addresses in access logs are anonymised and the corresponding visitor data
is generally retained for up to eight weeks.

IONOS processes data on behalf of the website operator in accordance with
Article 28 GDPR.

4. Website security

This website uses the Wordfence Security service to protect the WordPress installation
against malware, unauthorised access, brute-force attacks and other security threats.

The provider is:

Defiant, Inc.
1700 Westlake Ave N, Suite 200
Seattle, WA 98109
United States

For security purposes, Wordfence may process information such as:

  • IP addresses;
  • requested URLs and file paths;
  • date and time of requests;
  • browser and request headers;
  • login attempts;
  • blocked or suspicious requests; and
  • information relating to detected malware or security incidents.

This processing is carried out to detect, prevent, block and investigate attacks
and unauthorised access.

The legal basis is Article 6(1)(f) GDPR. The legitimate interest is protecting
the website, its data and its technical infrastructure.

Security information may be stored locally within the WordPress installation.
Depending on the Wordfence functions enabled, security-related information may
also be transmitted to Defiant, Inc. in the United States.

Where personal data is transferred to the United States and no applicable adequacy
decision covers the relevant processing, the transfer is protected by the European
Commission’s Standard Contractual Clauses.

Wordfence security records are retained only for as long as necessary to detect,
prevent or investigate security incidents. Live Traffic records are limited to
security-relevant events and are retained for no longer than 30 days.

5. Cookies and similar technologies

This website does not use cookies or similar technologies for advertising,
marketing, analytics, profiling or personalised content.

There are no public visitor accounts or login areas. Cookies required for the
administration of WordPress are used only when authorised administrators log
into the protected website administration area.

Wordfence does not use frontend cookies for ordinary visitors in its standard
configuration. The optional country-blocking bypass function, which could set
a frontend cookie, is not used on this website.

No consent management platform or cookie banner is currently used because the
website does not integrate any services that require prior consent.

6. Locally hosted fonts

The fonts used on this website are stored locally on the website server and are
delivered directly from this domain.

No connection to Google Fonts or another external font provider is established
solely for the purpose of displaying the fonts.

The legal basis is Article 6(1)(f) GDPR. The legitimate interest is providing
a consistent and technically reliable presentation of the website.

7. Contact by email or telephone

If you contact Sandra Benning by email or telephone, the information you provide
will be processed in order to respond to your enquiry.

This may include:

  • your name;
  • your email address or telephone number;
  • your agency, company or organisation;
  • the content of your enquiry; and
  • information relating to a potential booking, representation or cooperation.

Where the enquiry relates to a possible booking, representation or contractual
relationship, the legal basis is Article 6(1)(b) GDPR.

For other professional enquiries, the legal basis is Article 6(1)(f) GDPR.
The legitimate interest is responding to legitimate business and professional enquiries.

The information will be deleted when the enquiry has been fully resolved and
there is no further contractual or legal reason to retain it. Statutory retention
obligations remain unaffected.

Please note that ordinary email communication may not be fully secure. Sensitive
or confidential information should not be sent by unencrypted email.

8. Sedcard downloads

Sandra Benning’s sedcard is available on this website as a downloadable PDF.
No registration or personal information is required to download it.

When the PDF is accessed, the same technical server information described in
the section “Hosting and server log files” may be processed.

The legal basis is Article 6(1)(f) GDPR. The legitimate interest is making
professional portfolio information available to agencies, bookers and prospective clients.

9. External link to Instagram

This website contains a normal external link to Sandra Benning’s Instagram profile.

No Instagram feed, social media plugin, tracking pixel or other Instagram content
is embedded on this website. Loading this website therefore does not establish
a connection to Instagram through this link.

A connection to Instagram is established only when you actively click the link.
You will then leave this website. Any subsequent processing of personal data is
governed by the terms and privacy information of the Instagram provider.

10. Recipients of personal data

Personal data may be received by:

  • Sandra Benning as the website operator;
  • IONOS SE as the hosting provider;
  • Defiant, Inc. as the provider of Wordfence Security;
  • technical service providers where necessary for maintenance or security; and
  • public authorities where disclosure is required by law.

Personal data is not sold, rented or disclosed to advertisers.

11. Retention of personal data

Personal data is retained only for as long as necessary for the purpose for which
it was processed.

The relevant retention period is determined in particular by:

  • technical and security requirements;
  • the duration of a professional enquiry or potential contractual relationship;
  • the need to investigate attacks or misuse;
  • statutory accounting, tax and commercial retention obligations; and
  • the establishment, exercise or defence of legal claims.

Data will be deleted or anonymised when it is no longer required and no statutory
obligation prevents its deletion.

12. Your rights

Subject to the applicable legal requirements, you have the following rights:

  • the right of access under Article 15 GDPR;
  • the right to rectification under Article 16 GDPR;
  • the right to erasure under Article 17 GDPR;
  • the right to restriction of processing under Article 18 GDPR;
  • the right to data portability under Article 20 GDPR; and
  • the right to object under Article 21 GDPR.

Where processing is based on consent, you may withdraw that consent at any time
with effect for the future.

To exercise your rights, please contact:

13. Right to object

Where personal data is processed on the basis of Article 6(1)(f) GDPR, you have
the right to object to the processing on grounds relating to your particular situation.

Following an objection, the personal data will no longer be processed unless
compelling legitimate grounds for the processing exist which override your interests,
rights and freedoms, or unless the processing is necessary for the establishment,
exercise or defence of legal claims.

14. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority.

The supervisory authority responsible for private-sector organisations based in
Bavaria is generally:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany

15. Secure transmission

This website uses SSL/TLS encryption to protect data transmitted between your
browser and the website.

An encrypted connection can generally be recognised by the
https:// prefix and the lock symbol displayed by the browser.

16. Automated decision-making

No automated decision-making or profiling within the meaning of Article 22 GDPR
takes place on this website.

17. Changes to this Privacy Policy

This Privacy Policy may be updated if the website, the services used or the
applicable legal requirements change.

The version currently published on this website applies.

Sandra Benning

Classic Model

For Bookings & Inquiries

Copyright 2026 © Sandra Benning

imprint privacy policy