PRIVACY POLICY

We process personal data only insofar as this is necessary to provide this website, respond to inquiries, initiate or fulfill contractual relationships, and to analyze and market our website. The information obligations and typical contents of a privacy policy primarily follow from Article 13 GDPR.

Unless stated otherwise, we base the processing of personal data on one of the following legal bases: Consent pursuant to Art. 6(1)(a) GDPR, for example for cookies, tracking, and embedded third party content, where consent is required. Contract or pre contractual measures pursuant to Art. 6(1)(b) GDPR, for example for quote requests, customer login, file uploads, or support via chat. Legitimate interests pursuant to Art. 6(1)(f) GDPR, for example for technically necessary provision of the website, IT security, and error analysis. In addition, in Germany, the placing and reading of information on end user devices, for example cookies, is generally governed by the TTDSG. Tracking and marketing technologies are typically subject to prior consent and are controlled via a consent banner.

We provide a customer area with login and the option to upload files. In doing so, we process in particular: Account data, for example email, name, login credentials, password hash Usage data, for example login timestamps, technical logs Content data, for example uploaded files and related metadata The purpose is to provide the customer area and deliver our services. The legal basis is Art. 6(1)(b) GDPR. Storage period: We generally store this data for the duration of the contractual relationship and beyond only to the extent that statutory retention obligations apply or the data is necessary to assert, exercise, or defend legal claims.

We provide a chat feature on the website that uses AI functionality. When you use the chat, we process the content you enter and technical metadata in order to respond and provide the service. We use the OpenAI API for AI processing. The content you enter is transmitted to OpenAI and processed there. OpenAI states that data submitted via the API is not used to train the models by default unless you explicitly opt in. OpenAI also states that abuse monitoring logs for API usage may be retained for up to 30 days by default, unless a longer retention period is legally required. The legal basis is Art. 6(1)(b) GDPR (provision of the chat service) or Art. 6(1)(f) GDPR (quality assurance and abuse prevention, where applicable). Note: Please do not submit special categories of personal data or confidential information in the chat unless it is necessary.

We use Google Analytics 4 to understand how visitors use the website. Google Analytics is only loaded after you provide analytics consent via the cookie banner. In Germany, prior consent is generally required for non essential analytics technologies.

We disclose personal data only if this is necessary to fulfill the purposes, you have consented, or there is a legal obligation. Service providers may include in particular: Hetzner, Cloudflare, Monday, Google, OpenAI. Some of these providers may process data outside the EU or EEA, in particular in the United States. Where required, we rely on appropriate safeguards such as EU Standard Contractual Clauses or an adequacy decision, for example under the EU US Data Privacy Framework.

We generally store personal data only as long as necessary for the respective purposes. Thereafter, the data is deleted unless statutory retention obligations apply. Server logs: typically short term; with Hetzner, the default is 7 days unless configured otherwise. Inquiries and CRM data: generally for the duration of processing and beyond to the extent necessary for documentation, follow up communication, or legal obligations. Customer account and file uploads: generally for the duration of the contractual relationship.

Under the GDPR, you have the following rights, depending on the specific case: Right of access (Art. 15 GDPR) Right to rectification (Art. 16 GDPR) Right to erasure (Art. 17 GDPR) Right to restriction of processing (Art. 18 GDPR) Right to data portability (Art. 20 GDPR) Right to object to processing based on legitimate interests, in particular to direct marketing (Art. 21 GDPR) Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR) You also have the right to lodge a complaint with a data protection supervisory authority.

We implement appropriate technical and organizational security measures to protect your data against loss, misuse, and unauthorized access. This includes encrypted transmission via TLS.

We will update this privacy policy if the website, the tools we use, or legal requirements change.