Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Where this Privacy Policy refers to “we”, “us” or “our”, this refers to the controller named above.

No data protection officer has been appointed, as there is currently no legal obligation to do so under the applicable statutory provisions.

2. General information on data processing

Personal data means any information relating to an identified or identifiable natural person, for example name, address, email address, telephone number or IP address.

Personal data is processed exclusively in accordance with the applicable data protection laws, in particular the GDPR. The type and scope of processing depend on how the website is used, for example when merely visiting the pages, using forms, or consenting to analytics and marketing cookies.

3. Hosting and server log files

This website is hosted by Hetzner Online GmbH.

When this website is accessed, certain information is automatically collected by the web server and stored in so-called server log files. This may include in particular:

• IP address of the requesting device
• date and time of access
• requested URL and file
• amount of data transferred
• referrer URL
• browser and operating system used
• name of the internet service provider

This processing is carried out for the purpose of technically providing the website, ensuring stability and security, and defending against misuse and attack attempts.

The legal basis is Art. 6(1)(f) GDPR. The legitimate interest lies in the secure and uninterrupted operation of the website.

Server log files are generally deleted after 30 days unless retention is required in an individual case for security-related analysis.

A data processing agreement with Hetzner is in place where legally required.

4. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. An encrypted connection can usually be recognized by the fact that the browser address line begins with “https://” and a lock symbol is displayed in the browser bar.

5. Cookies and consent management (Cookiebot)

This website uses cookies and comparable technologies. Cookies are small text files that are stored on your device and may contain information.

Some of these technologies are technically necessary to provide the core functions of the website, for example navigation or security. Other cookies are used for statistical, analytical or marketing purposes and are only used if you have consented to them.

The Cookiebot service of Usercentrics A/S is used to manage consent. Via the cookie banner or cookie settings, you can choose which categories of cookies you wish to consent to, for example “Necessary”, “Preferences”, “Statistics” or “Marketing”.

Cookiebot records the consents granted, including consent status, timestamp, pseudonymous identifier, browser and device settings, in order to ensure legally required proof of consent.

• Technically necessary cookies are used on the basis of Art. 6(1)(f) GDPR.
• Statistics and marketing cookies are only set on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

You can revoke or adjust your consent at any time with future effect via the cookie settings on the website.

6. Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is used to manage website tags through an interface. The service itself generally does not create its own user profiles and usually does not store detailed usage data. However, other services, such as Google Analytics, Google Ads or the Pinterest Tag, may be loaded through Google Tag Manager and these services may process personal data themselves.

Insofar as Google Tag Manager is not used exclusively for technically necessary tags, it is used on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

A transfer of data to companies within the Google group in third countries, in particular the United States, cannot be ruled out if corresponding services are integrated via Google Tag Manager.

7. Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited.

Google Analytics 4 makes it possible to analyze the use of the website. The following data may in particular be processed:

• pages and files accessed
• interactions such as clicks, scrolling or form use
• session duration and repeat visits
• technical information about the device and browser used
• approximate location data based on the IP address
• referrer URL
• online identifiers such as cookie IDs

Google Analytics is only loaded on this website after consent has been given via Cookiebot. The legal basis is Art. 6(1)(a) GDPR.

Google processes the collected data on our behalf in order to evaluate the use of the website, compile reports and provide further services related to website and internet usage.

In Google Analytics 4, the IP address is generally processed only in truncated form. The specific configuration, for example retention periods or privacy-friendly settings, should be reviewed regularly.

Data may be transferred to Google servers outside the EU, in particular to the United States. Google relies on appropriate safeguards for such transfers, for example standard contractual clauses or certifications. Nevertheless, the level of data protection in the third country may differ from the level within the EU.

The data stored in Google Analytics is automatically deleted after a configured retention period. A retention period of 14 months is common, but the actual period configured in the Google Analytics account is decisive.

8. Google Ads remarketing and conversion tracking

This website uses Google Ads features, in particular conversion tracking and remarketing. The provider is also Google Ireland Limited.

Conversion tracking makes it possible to determine whether a user performs a specific action on the website after clicking on a Google ad, for example submitting a contact form. Remarketing allows users to be shown targeted advertising on other websites within the Google advertising network after visiting this website.

For this purpose, cookies and comparable identifiers, click histories, page views, interaction data and conversions may be processed.

Google Ads remarketing and conversion tracking are used only after you have given your consent via Cookiebot. The legal basis is Art. 6(1)(a) GDPR.

Here too, personal data may be transferred to the United States. Google refers to standard contractual clauses and other safeguards. However, an EU-equivalent level of data protection cannot be guaranteed in all cases.

The storage period of cookies and advertising identifiers depends on the retention periods specified by Google and configured in your account.

9. Pinterest Tag

This website uses the Pinterest Tag. The provider for users in the European Economic Area is Pinterest Europe Ltd.; group companies of Pinterest, especially in the United States, may also be involved in the processing.

The Pinterest Tag is used to analyze and measure the success of advertising campaigns and to build audiences for interest-based advertising on Pinterest. In particular, online identifiers, device and browser information, page views, interaction events and conversion data may be processed.

The Pinterest Tag is used only after consent has been given via Cookiebot. The legal basis is Art. 6(1)(a) GDPR.

A transfer of personal data to the United States is possible. Pinterest refers to appropriate safeguards, for example standard contractual clauses. Nevertheless, the level of data protection in the third country may differ from the level required under EU law.

Further information on data processing by Pinterest and on your settings and objection options can be found in Pinterest’s privacy notices.

10. Contact via Heyflow and email

Interactive forms provided by Heyflow are used on this website for contact requests. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany, email: support@heyflow.com, commercial register: HRB 161040, Local Court of Hamburg. Heyflow is a tool for creating and processing digital forms.

If you contact us via a Heyflow form, the data you enter will be processed. This includes in particular:

• name
• contact details such as email address and phone number
• company details, where provided
• details regarding the project or inquiry
• any other information you voluntarily provide in the form

The processing is carried out for the purpose of handling and responding to your inquiry, initiating pre-contractual measures and, where applicable, performing a contractual relationship.

• The legal basis is Art. 6(1)(b) GDPR insofar as the inquiry is aimed at concluding or performing a contract.
• In all other cases, processing is based on Art. 6(1)(f) GDPR.

The information submitted via the form is forwarded to the email inboxes used by us and is also processed or stored in Google Sheets insofar as this is necessary for the internal handling and organization of inquiries. Heyflow acts as a processor in this context; a data processing agreement has been concluded with the provider. Where Google Sheets is used, further processing takes place via services of Google Ireland Limited and Google LLC.

Inquiries are stored only for as long as necessary to process them. Inquiries that do not lead to a contractual relationship are generally deleted after 12 months. Where statutory retention obligations exist, the relevant data is retained for the duration of the respective legal periods.

If you contact us directly by email, the personal data transmitted will likewise be processed for the purpose of handling your inquiry. Depending on the content of the inquiry, the legal basis is Art. 6(1)(b) or Art. 6(1)(f) GDPR.

11. Locally integrated fonts (Google Fonts)

This website uses web fonts that are integrated locally on the server. According to the current setup, when pages are accessed no fonts are loaded from Google servers or other external font services.

This enables a privacy-friendly display of the website without personal data, such as the IP address, already being transmitted to external font services when the page is loaded.

The legal basis for the local integration of fonts is Art. 6(1)(f) GDPR. The legitimate interest lies in a technically consistent and visually appealing presentation of the online offering.

12. Recipients of personal data

Within the business, only those persons and departments receive access to personal data that require such access in order to fulfill the purposes described above.

In addition, data may be transferred to external service providers and recipients to the extent necessary, for example:

• Hetzner Online GmbH as hosting provider
• Heyflow as form service provider
• Google Ireland Limited and Google LLC in connection with Analytics, Ads, Tag Manager and Google Sheets
• Pinterest Europe Ltd. and Pinterest Inc. in connection with the Pinterest Tag
• email and IT service providers

Some of these service providers process personal data as processors and are contractually obligated to comply with the applicable data protection requirements.

13. Data transfers to third countries

Where services of providers with their registered office or group affiliation in third countries are used in connection with this website, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the United States. According to the current setup, this concerns in particular Google services, including Google Analytics, Google Ads, Google Tag Manager and the further processing of form data in Google Sheets, as well as the Pinterest Tag.

Where there is no adequacy decision of the European Commission for a third country, any transfer will only take place subject to compliance with the statutory requirements, for example on the basis of standard contractual clauses or other appropriate safeguards provided by the respective provider. Nevertheless, it cannot be completely ruled out that authorities in the third country may access data or that data subject rights may only be enforceable to a limited extent.

14. Retention period

Unless a more specific retention period is stated in this Privacy Policy, personal data will be deleted as soon as the purpose of the processing no longer applies and no statutory retention obligations prevent deletion.

Where retention obligations exist under commercial or tax law, the relevant data will be stored for the duration of the statutory periods, generally 6 to 10 years.

15. Rights of data subjects

Within the framework of the applicable legal provisions, you have the following rights with regard to your personal data:

• right of access
• right to rectification of inaccurate or incomplete data
• right to erasure, insofar as no statutory retention obligations apply
• right to restriction of processing
• right to data portability
• right to object to certain processing activities
• right to withdraw consent with effect for the future

Where processing is based on Art. 6(1)(e) or Art. 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. Where personal data is processed for direct marketing purposes, you have the right to object to such processing at any time.

16. Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

The supervisory authority primarily responsible for the controller’s registered office is:

The current contact details are available on the official website of the supervisory authority.