Privacy Policy

1. Name and Address of the Controller

The entity responsible for data processing on this website is:

Email: [email protected]

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

2. Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Email: [email protected]

3. General Information on Data Collection on This Website

Data processing on this website is carried out by the website operator. When you visit this website, various personal data are collected. Personal data are data that identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.

How Do We Collect Your Data?

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Your data are collected when you provide them to us. This may include data entered into a contact form. Other data are automatically collected or processed after your consent when visiting the website by our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). These data are collected automatically as soon as you enter this website.

What Do We Use Your Data For?

Some data are collected to ensure the error-free provision of the website. Other data may be used to communicate with you or to analyze your user behavior.

Analysis Tools and Third-Party Tools

When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done using so-called analysis programs. Detailed information on these analysis programs can be found below.

Legal Basis for Processing Personal Data

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR and, where special data categories under Art. 9(1) GDPR are processed, Art. 9(2)(a) GDPR. In the case of explicit consent for transferring personal data to third countries, the processing is additionally based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is also based on § 25(1) TTDSG. Consent may be revoked at any time. If your data are required to fulfill a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. We also process your data if required to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.

Data Retention Period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you submit a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted after these reasons no longer apply.

Recipients of Personal Data

In the course of our business activities, we work with various external parties. This occasionally requires transferring personal data to these external entities. We only share personal data with external parties if necessary for contract fulfillment, if we are legally required to do so (e.g., sharing data with tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR in sharing data, or if another legal basis permits data sharing. When engaging processors, we share customer data solely based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

4. Hosting

This website is externally hosted. The personal data collected on this website are stored on the servers of the hosting provider(s). This may include IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

If specific consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, where consent covers the storage of cookies or access to user device information (e.g., device fingerprinting) under the TTDSG. Consent may be revoked at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfill their performance obligations and follow our instructions regarding these data.

We use the following hosting provider(s): Contabo GmbH, Aschauer Strasse 32a, 81549 Munich, Germany (https://contabo.com).

5. Provision of the Website and Creation of Log Files

Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. The following data are collected:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

The website operator has a legitimate interest in the technically error-free presentation and optimization of its website, as well as ensuring the security of its IT systems. For this, server log files must be recorded and stored for the duration of the session.

Data will be deleted as soon as they are no longer required for the purpose for which they were collected. In the case of data collection for website provision, this is the case when the respective session has ended. If the data are stored in log files, this will occur after no more than seven days. Longer storage is possible. In this case, IP addresses will be anonymized or altered so that the accessing client can no longer be assigned.

6. Contact Form

If you contact us via a contact form, your details from the form, including the contact data you provided, will be stored by us for the purpose of processing your inquiry and for follow-up questions. We do not share these data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, provided your request is related to the fulfillment of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this was requested; consent can be revoked at any time.

The data entered in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data ceases (e.g., after your request has been processed). Mandatory legal provisions—particularly retention periods—remain unaffected.

7. Inquiry via Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share these data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, provided your request is related to the fulfillment of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this was requested; consent can be revoked at any time.

The data sent to us through contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data ceases (e.g., after processing your request). Mandatory legal provisions—particularly legal retention periods—remain unaffected.

8. Newsletter

To send our newsletters, we use the open-source software Listmonk. Our newsletters are operated by us without transferring data to external service providers.

If you wish to subscribe to the newsletter offered on the website, we need your email address and information allowing us to verify that you own the specified email address and agree to receive the newsletter. No additional data are collected unless voluntarily provided. We use these data exclusively for sending the requested information and do not pass them on to third parties.

The processing of the data entered in the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR).

You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the 'Unsubscribe' link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data stored by us for the purpose of receiving the newsletter will be retained by us until you unsubscribe from the newsletter and deleted after you unsubscribe or after the purpose ceases. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion as part of our legitimate interest under Art. 6(1)(f) GDPR. Data stored for other purposes remain unaffected.

9. Contract Formation

We collect data when you conclude a contract with us. The data will be entered into our CRM system. We use the CRM tool Notion, provided by Notion Labs, Inc., 548 Market Street Suite 74567, San Francisco, CA 94104, United States ('Notion'). Processing by Notion is based on the additional data processing terms (https://www.notion.so/Data-Processing-Addendum-361b540101274b1fa7e16b90402b0d99). Further information on data protection at Notion can be found here: https://www.notion.so/de-de/help/gdpr-at-notion.

This data processing is necessary for contract performance (provision of a customer account) with you in accordance with Art. 6(1)(b) GDPR.

Data will be stored as long as you maintain a contractual relationship with us. Additionally, storage is possible within the framework of legal retention obligations.

Notion processes the data in the USA. Since the conclusion of the EU-US Privacy Framework, US companies can voluntarily comply with this program, making the data transfer to the USA equivalent to a transfer to a safe third country. Notion is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail).

10. Google Fonts (Local Hosting)

This website uses Google Fonts, provided by Google, to ensure consistent font presentation. The Google Fonts are installed locally. No connection to Google servers takes place, and no personal or other data are transmitted to Google.

Further information on Google Fonts can be found at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy.

11. Use of Firebase Authentication

Our application uses Firebase Authentication, a service provided by Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland, for user authentication and management.

The processing of these data is solely for providing authentication functionality and ensuring secure access to the application.

• Email address
• Phone number (if using phone authentication)
• Authentication token
• IP address

Processing is based on Art. 6(1)(b) GDPR (contract performance), as it is necessary to provide the functions of our application.

Firebase Authentication is part of Google Cloud. The collected data may be transferred to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.

Further information on data processing by Firebase can be found in Google's privacy policy: https://policies.google.com/privacy.

12. Rights of the Data Subject

You have the right to request confirmation from us about whether personal data concerning you are being processed. If this is the case, you have the right to access these personal data and the information listed in Art. 15 GDPR.

You have the right to request the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR).

You have the right to request the immediate deletion of personal data concerning you if one of the reasons listed in Art. 17 GDPR applies, e.g., if the data are no longer necessary for the intended purposes (right to erasure).

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you have objected to processing while it is under review.

You have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation if the processing is based on Art. 6(1)(e) or (f) GDPR (right to object). In this case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (Art. 21 GDPR).

You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit these data to another entity or have them transmitted (right to data portability).

To exercise your rights, please contact [email protected].

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR (Art. 77 GDPR). This right may be exercised with a supervisory authority in the Member State of your residence, workplace, or the place of the alleged infringement. In Berlin, the competent authority is: The Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, https://www.datenschutz-berlin.de.

13. Data Security

We implement technical and organizational security measures to protect personal data collected or stored by us, especially against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments.

When using our website, your personal data are encrypted using SSL/TLS technology to prevent unauthorized third-party access.