Privacy policy

Privacy policy

Privacy policy


 

1. Privacy Policy 1.1. Key Summary: When you use this website, certain information about you may be collected and processed. This includes any details that could directly or indirectly reveal your identity. Below, we outline the basics of how your data is handled. For a comprehensive breakdown of our practices, please review the complete privacy statement included in this document. 

1.2. Data collection on this website 1.2.1. Data Controller Information: The collection and processing of personal data on this platform is managed by the site operator. You can find the relevant contact details in the "Information About the Data Controller" section of this privacy notice. 

1.2.2. How We Collect Your Data: You provide some data directly—like contact form submissions. Other information (e.g., browser type, operating system, access times) gets collected automatically when you visit our site, either through technical processes or with your consent. 

1.2.3. Why We Process Your Data: We use some information to maintain seamless website operation. Other data helps us understand how visitors engage with our content for optimization purposes. 

1.2.4. Your Data Protection Rights: You maintain full control over your personal information. At any time, you may request: 

● A free copy of your stored data, including its sources, recipients, and processing purposes 

● Corrections to inaccurate records or deletion of your information 

● Withdrawal of previously given consent (affecting future processing only) 

● Restricted processing under specific circumstances 

You also retain the right to lodge complaints with regulatory authorities. For these requests or other privacy inquiries, please contact us directly. 

1.2.5. Third-Party Analytics and Tracking Services: During your visit to our site, we may perform statistical analysis of your browsing patterns using specialized digital analytics tools. 

For specific details about these tracking technologies and how they operate, please refer to the comprehensive privacy statement in the following section. 

2. Hosting 2.1. Framer: Provider is Framer B.V., Vijzelstraat 68-78, 1017 HL Amsterdam, Netherlands (hereinafter "Framer"). When you visit our website, Framer collects various log files, including your IP addresses. 

Framer is a platform for creating and hosting websites. Framer stores cookies or other recognition technologies required for displaying the site, providing specific website functions, and ensuring security (necessary cookies). 

For details, please refer to Framer’s privacy policy: https://www.framer.com/privacy. 

The use of Framer is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in a reliable and technically flawless presentation of our website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time. 

Data transfer to third countries (e.g., the USA) is based on the EU Commission’s Standard Contractual Clauses (SCC). Further details can be found in Framer’s privacy policy: https://www.framer.com/privacy. 

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF ensures compliance with European data protection standards for data transfers to the USA. For more information on Framer’s participation in the DPF, please visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TNFxAAO&status=Active. 

2.2. Starto: Provider is Strato AG, Pascalstraße 10, 10587 Berlin (hereinafter referred to as "Strato"). When you visit our website, Strato collects various log files, including your IP addresses. 

Strato is a service provider for web hosting and domain hosting. Strato stores technically necessary data required for the provision and security of the website. 

For details, please refer to Strato’s privacy policy: 

https://www.strato.de/datenschutz/. 

The use of Strato is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in a reliable and technically flawless presentation of our website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (German Telecommunications and Telemedia Data Protection Act), insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time. 

3. General information and required disclosures 3.1. Data protection: Protecting your personal data is very important to us. We treat your personal information confidentially and in accordance with applicable data protection laws and this privacy policy. 

When you visit this website, various types of personal data may be collected. Personal data refers to information that can be used to identify you personally. 

This privacy policy explains what data we collect, how we use it, and for what purposes. 

Please note that data transmission over the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of your data from third-party access is not possible. 

3.2. Note on the Responsible Authority: The responsible authority for data processing on this website is: 

[Name of the organization / person] [Address] [Contact details – e.g., phone number, email address] 

The responsible authority is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. 

3.3. Retention Period: We retain your personal data only for as long as it is necessary for the purposes for which it was collected. Unless a specific retention period is mentioned in this privacy policy, your data will be stored until the purpose for processing no longer applies. 

If you request deletion of your data or revoke your consent to data processing, we will delete your information—unless there are legal obligations (such as tax or commercial record-keeping requirements) that require us to retain it. In such cases, the data will be deleted once these obligations no longer apply. 

3.4. General Information on the Legal Basis for Data Processing on This Website: We process your personal data on different legal grounds depending on the purpose and nature of the data use, in accordance with the General Data Protection Regulation (GDPR). 

3.5. If you have given us your explicit consent, we process your data based on Art. 6(1)(a) GDPR. Where special categories of personal data as defined in Art. 9(1) GDPR are involved, processing is carried out under Art. 9(2)(a) GDPR.If you have also consented to the transfer of your data to countries outside the EU or EEA, this is done on the basis of Art. 49(1)(a) GDPR. 

If you have agreed to the use of cookies or similar technologies (such as device fingerprinting), processing is additionally carried out in accordance with § 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG). You may withdraw your consent at any time with future effect.If the processing is necessary for fulfilling a contract or carrying out pre-contractual measures, we rely on Art. 6(1)(b) GDPR. Where we are legally obligated to process your data, Art. 6(1)(c) GDPR applies. 

In some cases, data may also be processed based on our legitimate interests under Art. 6(1)(f) GDPR. Specific legal grounds for data processing are outlined in the relevant sections of this privacy policy. 

3.6. Notice Regarding the Transfer of Personal Data to Third Countries Without Adequate Data Protection and to US Providers Without DPF Certification: This website uses tools and services provided by companies located in countries outside the European Economic Area, where data protection laws may not offer the same level of security as within the EU. This includes certain US-based providers that are not certified under the EU-US Data Privacy Framework (DPF). 

If you consent to the use of such services, your personal data may be transmitted to and processed in these countries. Please note that in jurisdictions lacking strong data protection standards, authorities may gain access to your data without effective legal remedies being available to you. 

Generally, the United States is considered a secure third country from a data protection perspective. Transferring data to the US is permissible if the recipient is certified under the DPF or can provide appropriate safeguards. 

Further details about any data transfers to third countries—including information on recipients—can be found in the relevant parts of this privacy policy. 

3.7. Disclosure of Personal Data to Third Parties: As part of our business operations, it may be necessary to share personal data with external partners or service providers. This is done only under well-defined and legally compliant circumstances. 

We only pass on personal data to third parties when it is necessary for the fulfillment of contractual obligations, when required by law (e.g., to tax or regulatory authorities), when we have a legitimate interest under Art. 6(1)(f) GDPR, or when another legal basis permits such disclosure. 

If external service providers process data on our behalf (data processors), we ensure that this is done strictly under a valid data processing agreement that complies with applicable data protection laws. 

In cases where data is processed jointly with other entities, we enter into a joint controller agreement in accordance with Art. 26 GDPR. 

3.8. Withdrawal of Consent to Data Processing: Some data processing operations require your explicit consent. You have the right to withdraw any consent you have given at any time with future effect.Please note that withdrawing your consent does not affect the lawfulness of any data processing carried out prior to the withdrawal. 

3.9. Right to Object According to Article 21 GDPR: If your personal data is being processed based on Article 6(1)(e) or (f) of the GDPR, you have the right to object to the processing at any time for reasons arising from your particular situation. This also applies to profiling based on those provisions. 

The specific legal basis on which we process your data can be found in the relevant sections of this privacy policy. 

If you object, we will stop processing your affected personal data—unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (Article 21(1) GDPR). 

You also have the unrestricted right to object at any time to the use of your data for direct marketing purposes. This also applies to profiling, insofar as it is related to such direct advertising. If you object, your personal data will no longer be used for marketing purposes (Article 21(2) GDPR). 

3.10. Right to Lodge a Complaint with the Supervisory Authority: If you believe that the processing of your personal data violates the General Data Protection Regulation (GDPR), you have the right to file a complaint with the competent supervisory authority. This is particularly applicable in the member state where you have your habitual residence, your workplace, or where the alleged infringement occurred. 

This complaint right is without prejudice to any other administrative or judicial remedies you may pursue. 

3.11. Right to Data Portability: You have the right to receive any personal data that we process automatically based on your consent or in the performance of a contract, in a commonly used, machine-readable format. Upon your request, we can also transfer this data directly to another controller, provided this is technically feasible. 

3.12. Your Rights: Access, Correction & Deletion: Under applicable legal provisions, you have the right to freely obtain information about your personal data stored by us at any time. This includes details about the origin of the data, to whom it has been disclosed, and the specific purpose of processing. Additionally, under certain conditions, you may request the correction of inaccurate information or the complete erasure of your data. For questions regarding this matter or to exercise your rights, please feel free to contact us. 

3.13. Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data. To exercise this right, you may contact us at any time. This right exists under the following circumstances: 

1. Disputing Data Accuracy: If you contest the accuracy of your personal data stored by us, we generally require time to verify this. During the verification period, you have the right to demand the temporary restriction of processing. 

2. Unlawful Processing: If your data has been or is being processed unlawfully, you may request the restriction of processing instead of erasure. 

3. Data Needed for Legal Claims: If we no longer need your data, but you require it to establish, exercise, or defend legal claims, you may request the restriction of processing instead of deletion. 

4. Pending Interest Balancing: If you have objected under Art. 21 (1) GDPR, a balancing of your interests against ours must be conducted. Until the outcome is determined, you have the right to restrict the processing of your data. 

Important: Once processing is restricted, your data may only be processed (beyond storage) if: 

- You explicitly consent, 

- It is necessary for the establishment, exercise, or defense of legal claims, 

- It is required to protect the rights of another natural or legal person, 

- It is in the public interest of the EU or a member state. 

3.14 TLS/SSL Encryption for Secure Data Transfer: 

To protect sensitive information – such as inquiries – we use TLS/SSL encryption technology on our site. This security measure ensures that all data you transmit to us is protected against unauthorized access during transfer. 

An active encryption can be identified by two distinct features in your browser: 

- The page address starts with "https://" instead of "http://". 

- A closed padlock symbol appears in the browser's address bar. 

Once TLS/SSL encryption is enabled, the data you submit cannot be viewed or altered by unauthorized third parties. 

3.15 Objection to Unsolicited Advertising Email: 

The use of contact data published in compliance with legal notice requirements for sending unsolicited advertising or informational materials is hereby explicitly prohibited. This applies particularly to unwanted spam emails or similar forms of bulk advertising communication. 

In the event of unauthorized transmission of unsolicited advertising via our contact details, we expressly reserve the right to take legal action, including but not limited to injunctive relief and claims for damages. 

4. Data Collection on This Website 

4.1. Use of Cookies: Our website uses cookies – small text files stored on your device that cause no harm. These are either temporary (only during your visit) or persistent (until you delete them). Temporary cookies are automatically removed when you close your browser. 

Cookies may originate from us (first-party cookies) or third-party providers (third-party cookies). The latter enable services like payment processing or analytics tools. 

Cookie Functions: 

● Essential: Enable core features. 

● Analytics: Collect anonymized usage data for optimization. 

● Marketing: Personalize ads based on your interests. 

Legal Bases: 

● Essential Cookies: Under Art. 6 (1) (f) GDPR (legitimate interest in functionality). 

● All Other Cookies: Only with your consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG). Consent can be revoked at any time. 

Control Options: 

You can manage cookies in your browser settings to: 

● Allow them case-by-case, 

● Block them globally, 

● Enable automatic deletion upon closing. 

Note: Without essential cookies, the website may not function properly. 

For details on specific cookies used, refer to this privacy policy. 

4.2 Contact Form Data Processing: When you submit a message via the contact form, we store your details (including name, email, message) to process your inquiry and address any follow-up questions. We do not share this data with third parties without your consent. 

Legal Bases: 

● Art. 6 (1) (b) GDPR, if your request relates to a contract or pre-contractual measures (e.g., request for a quote). 

● Art. 6 (1) (f) GDPR (legitimate interest in efficient communication) in all other cases. 

● If consent was obtained: Art. 6 (1) (a) GDPR (revocable at any time). 

Your data will be retained until: 

● You request deletion, 

● You revoke your consent, 

● The storage purpose no longer applies (e.g., after processing is completed). 

Exception: Legal retention obligations (e.g., tax regulations) remain unaffected. 

4.3 Data Processing for Email or Phone Inquiries: When you contact us via email or phone, we store and process the data you provide (e.g., name, contact details, inquiry content) to address your request. We do NOT share this information with third parties without your consent. 

Legal Bases: 

● Art. 6 (1) (b) GDPR, if your inquiry relates to a contract or its preparation (e.g., contract negotiations). 

● Art. 6 (1) (f) GDPR (legitimate interest in efficient customer communication) in other cases. 

● If consent was obtained: Art. 6 (1) (a) GDPR (revocable at any time). 

Your data will be retained until: 

● You request deletion, 

● You withdraw your consent, 

● The storage purpose no longer applies (e.g., after final processing). 

Exception: Statutory retention periods (e.g., commercial or tax law requirements) remain unaffected. 

4.4 Communication via WhatsApp: For quick and direct communication, we use WhatsApp Business. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

How We Protect Data: 

● End-to-end encryption: Your messages are readable only by you and us – even WhatsApp cannot access them. 

● Metadata: WhatsApp receives access to sender, recipient, and timestamp of communication. 

Important: WhatsApp shares personal data with Meta (USA). For details on data processing, visit: 

https://www.whatsapp.com/legal/#privacy-policy. 

Legal Bases: 

● Art. 6 (1) (f) GDPR (legitimate interest in efficient customer communication). 

● With consent: Art. 6 (1) (a) GDPR (revocable at any time). 

Data Retention: 

We retain your messages until: 

● You request deletion, 

● You withdraw consent, 

● The purpose expires (e.g., after processing). 

Exception: Legal retention obligations remain unaffected. 

Data Transfer to the USA: 

■ Based on EU Standard Contractual Clauses (https://www.whatsapp.com/legal/business-data-transfer-addendum). 

■ WhatsApp is certified under the EU-US Data Privacy Framework (DPF) (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000011sfnAAA&status=Active). 

5. Social Media: 5.1. Integration of LinkedIn Features: Our website uses features of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. 

What Happens During Use: 

● When accessing a page containing LinkedIn elements (e.g., „Share“ button), your browser connects to LinkedIn’s servers. 

● LinkedIn receives your IP address and may link your visit to your profile if you’re logged in (especially when clicking interactive buttons). 

● Note: We have no access to data collected by LinkedIn or its usage. 

Legal Basis: 

● Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (your consent, revocable at any time). 

Data Transfer to the USA: 

Based on EU Standard Contractual Clauses. Details: 

https://www.linkedin.com/help/linkedin/answer/a1343190. 

For more information on data processing, see LinkedIn’s privacy policy: 

https://www.linkedin.com/legal/privacy-policy. 

6. Analysis tools and advertising: 

6.1. Analytics with Google Analytics: 

Our website uses Google Analytics, a service provided by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. 

Data Collected: 

Usage Statistics: Page views, session duration, operating system, geographic origin. 

User Interactions: Clicks, scrolling behavior, mouse movements (optionally enabled). 

AI Enhancements: Google employs machine learning to analyze and model datasets. 

Recognition Technologies: 

● Cookies or device fingerprinting. 

● No User ID Tracking: Data remains anonymized. 

Data Transfer to the USA: 

Google transfers data to servers in the USA, based on EU Standard Contractual Clauses (https://business.safety.google/adscontrollerterms/sccs/). 

Legal Basis: 

● Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (your consent, revocable at any time). 

Certification

Google is certified under the EU-US Data Privacy Framework (DPF), ensuring compliance with European data protection standards in the USA: 

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active. 

IP Anonymization in Google Analytics: We have enabled IP anonymization for Google Analytics. 

This means your IP address is truncated by Google within the EU/European Economic Area (EEA) before being transferred to the USA. Only in exceptional cases (e.g., technical issues) is the full IP address sent to a US server and anonymized immediately. 

Data Usage by Google: 

● Analyzing your use of our website, 

● Generating reports on website activities, 

● Providing additional service-related analytics for us. 

Important: Your transmitted IP address is not merged with other Google data (e.g., from Google accounts). 

6.3 Browser Plugin to Disable Data Collection: 

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: 

https://tools.google.com/dlpage/gaoptout?hl=en. 

This plugin blocks Google Analytics from tracking your website visits. 

For more information on how Google handles user data, refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. 

7. Newsletter: 

7.1. Newsletter Data Processing: 

To subscribe to our newsletter, you must provide your email address. Additionally, we require proof that you own this address and have explicitly consented to receiving the newsletter (via a double opt-in process). Optional data (e.g., name or interests) can be provided voluntarily – these are used to personalize content. 

The newsletter is distributed via specialized third-party providers, whose data protection practices are detailed in the following sections. 

7.2. HIER KOMMT UNSER NEWSLETTER PROVIDER HIN 

7.3. Newsletter for Existing Customers 

If you purchase goods or services from us and provide your email address, we may use it for newsletters – provided we have notified you in advance. In such cases, you will only receive ads for our own similar offerings. You can cancel the newsletter at any time via a link included in each edition. 

Legal Basis: Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) German Unfair Competition Act (UWG). 

After unsubscribing, we store your email in a blocklist to prevent future mailings. The data is used solely for this purpose and not merged with other information. This protects your interests and our legitimate interest in legal compliance (Art. 6 (1) (f) GDPR). Storage is indefinite, but you may object if your interests prevail. 

8. eCommerce and payment providers: 

8.1 Processing of Customer and Contract Data: 

We collect and use personal customer data and contract-related information to initiate, execute, and adjust contractual relationships. Usage data generated through the use of our website (e.g., access times) is processed only to the extent necessary for providing our services or fulfilling contractual obligations. 

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures). 

Customer data is deleted after the termination of the business relationship and once any applicable statutory retention periods have expired. Legal obligations to retain data (e.g., under tax or commercial law) remain unaffected. 

8.2. Data Transfer Upon Contract Conclusion for Services & Digital Content: 

We transfer personal data to third parties only if necessary for contract fulfillment – e.g., to your bank for payment processing. 

Further data sharing (e.g., for advertising) occurs only with your explicit consent. Without your approval, we do not share your data for third-party marketing. 

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures). 

9. Audio and video conferencing: 

9.1. Data Processing for Online Conferences: 

To communicate with our customers, we use online conferencing tools. The tools we use are listed below. When you communicate with us via video or audio chat, your personal data is processed by us and the respective provider. 

Collected data includes: 

● Information you provide to use the tools (e.g., email address, phone number). 

● Metadata about the conference: duration, participation period, number of participants, contextual information. 

● Technical data: IP addresses, MAC addresses, device IDs, device type, operating system, client version, camera type, microphone/speaker data, connection type. 

Stored content: 

All content shared during use is stored on the providers’ servers – e.g., cloud recordings, chat messages, voicemails, uploaded photos/videos, files, whiteboards. 

Note: 

We have no full control over the providers’ data processing. Their privacy policies are authoritative. For details, refer to the privacy policies of the tools listed below. 

Legal basis: 

Art. 6 (1) (f) GDPR (legitimate interest in efficient communication). If consent is given: Art. 6 (1) (a) GDPR. 

9.2. Purpose and Legal Bases 

The conference tools are used to communicate with prospective or existing contractual partners or to provide specific services to our customers (Art. 6 (1) (b) GDPR). 

Additionally, the use of these tools serves to simplify and expedite communication with us or our company (legitimate interest under Art. 6 (1) (f) GDPR). If consent has been obtained, the use of the respective tools is based on this consent, which can be revoked at any time with future effect. 

9.3. Storage Duration: 

Data collected directly by us through video and conference tools is deleted from our systems once you request deletion, revoke your consent to storage, or the purpose for storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. 

We have no control over the retention period of data stored by the conference tool operators for their own purposes. For details, please contact the providers of the tools directly. 

9.4. Conference Tools Used: 

Zoom: The provider of this service is Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://explore.zoom.us/en/privacy/. 

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses (SCCs). Details can be found here: https://explore.zoom.us/en/privacy/.