Privacy Policy

1. Data Controller (Verantwortlicher)

The party responsible for the processing of personal data on this website is:

2. Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to Access (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data.
• Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR): You have the right to request the deletion of your personal data, under certain conditions.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of how we process your data.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data based on our legitimate interests.
• Right to Withdraw Consent (Art. 7 GDPR): Where we process data based on your consent, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority. The responsible supervisory authority for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

3. Data Collection on Our Website

a) Server Log Files

When you visit our website, our hosting provider automatically collects and stores information in server log files. This includes browser type, operating system, referrer URL, hostname, time of request, and an anonymized IP address. The basis for this data processing is our legitimate interest (Art. 6(1)(f) GDPR) in the secure and error-free provision of our website.

b) Cookies

Our website uses cookies. We use essential cookies necessary for the website to function, based on our legitimate interest (Art. 6(1)(f) GDPR). Non-essential cookies for analytics and performance are only used after you have given your explicit consent. The legal basis for storing and accessing information through non-essential cookies is your consent (§ 25 (1) TTDSG), and the basis for subsequent data processing is also your consent (Art. 6(1)(a) GDPR). You can manage your preferences at any time via the “Manage Cookie Preferences” link in our footer.

c) Contact Forms and Email Contact

When you contact us via a form or email, the information you provide is processed to handle your request, based on pre-contractual measures or our legitimate interest (Art. 6(1)(b) or Art. 6(1)(f) GDPR). This data is processed in our CRM system, HubSpot.

d) Newsletter

If you subscribe to our newsletter, we process your name and email address based on your consent (Art. 6(1)(a) GDPR), confirmed via a double opt-in procedure. For managing subscriptions and sending emails, we use HubSpot and Woodpecker.co. You can unsubscribe at any time via the link in each email.

4. Third-Party Services and Analytics

a) Hosting and Security: Cloudflare

Our website uses services from Cloudflare, Inc. (USA) for content delivery and security. This is based on our legitimate interest (Art. 6(1)(f) GDPR). Data may be transferred to the USA under the EU-U.S. Data Privacy Framework.

b) CRM and Analytics: HubSpot

We use the integrated software solution from HubSpot, Inc. (USA) for our CRM, forms, and, with your consent, website analytics. The legal basis is your consent (Art. 6(1)(a) GDPR) for analytics and our legitimate interest or pre-contractual measures for form processing. Data processing may occur in the USA under the EU-U.S. Data Privacy Framework.

c) Website Analytics: Google Analytics

If you provide consent, we use Google Analytics from Google Ireland Limited. We have activated IP anonymization. The legal basis is your consent (Art. 6(1)(a) GDPR). Data may be transferred to the USA under the EU-U.S. Data Privacy Framework.

d) Email Outreach: Woodpecker.co

For follow-up email communication based on your consent, we use services from Woodpecker.co S.A. (Poland). All data processing occurs within the European Union.

5. Social Media Links

Our website includes simple external links to our social media profiles. No data is transmitted to these platforms upon loading our page. Data is only transferred when you actively click on a logo. The data protection policies of the respective platform operator then apply.

• Facebook & Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy Policy
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy Policy
• YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy
• TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Privacy Policy

6. Data Security

We use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access.

7. Data Retention

We store your personal data only for as long as necessary for the purposes for which it was collected, or as required by law (e.g., commercial or tax retention periods).

8. Data Protection Officer (DPO)

We are not legally required to appoint a Data Protection Officer (DPO). For all data protection inquiries, please use the contact details provided in Section 1.

Note: Please update this section based on your final determination of the 20-person threshold.

9. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements. The new privacy policy will apply to your next visit.