This is a courtesy translation. The German version is legally binding.

Privacy Policy

Version 2, dated 23 January 2026

1. Purpose of this policy

In this policy, we, the provider (see Legal Notice), explain what personal data is collected on this website, why it is collected, how it is processed and ultimately deleted, and what rights data subjects have. Personal data is data that can be used to identify a natural person.

2. Legal basis

The processing of personal data is based on the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Depending on the purpose of processing, we rely on the following legal bases pursuant to Art. 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR) — When you have given us your explicit consent to processing.
  • Contract performance (Art. 6(1)(b) GDPR) — When processing is necessary for the performance of a contract or pre-contractual measures.
  • Legal obligation (Art. 6(1)(c) GDPR) — When we are legally obliged to process data.
  • Legitimate interest (Art. 6(1)(f) GDPR) — When processing is necessary for our legitimate interests, provided your interests do not override them.

3. Controller

The provider of this website (see Legal Notice) is responsible for data collection on this website, unless otherwise stated.

4. Hosting

4.1 External service provider

We do not operate ("host") this website on our own servers in our own premises, but on servers that we rent from an external service provider ("host"). This external hosting offers advantages for availability (e.g. shorter response times, faster data transfer rates) and reliability (e.g. RAID arrays) of the website. However, it also means that most of the personal data collected on this website is stored on the host's servers. When selecting the host, we ensured that it is a reputable company and that the servers we rent are located in a data centre in Germany. We have also concluded a data processing agreement with the host pursuant to Art. 28 GDPR. The host is: Amazon Web Services Inc. P.O. Box 81226 Seattle, WA 98108-1226, USA.

4.2 Encrypted connection (SSL)

When you use this website, data is exchanged between your device (e.g. desktop computer, laptop, tablet, smartphone) and the website servers. Each time you click a link or submit a form, you generate a request to which the server responds. Due to the architecture and operation of the internet, requests (from you to us) and responses (from us to you) are routed through various nodes. It is practically impossible to know in advance which route requests and responses will take, and who operates the various nodes. Therefore, you should assume that requests and responses, and thus potentially personal data, could be read or even manipulated by third parties, even if this is prohibited by law.

Secure Socket Layer (SSL) is a widely used technology that encrypts requests and responses between a device and a server ("end-to-end encryption"), protecting them from unauthorised reading or manipulation. This website is accessible via SSL connections. With regard to protecting personal data from unauthorised access, we recommend ensuring that you use the SSL connections we offer when using this website. Most browsers display a symbolic closed padlock in the address bar when an SSL connection is being used. If in doubt, consult your browser's documentation. The website facilitates the use of SSL connections by automatically redirecting requests via non-SSL connections to the corresponding SSL connection.

4.3 Server log files

Each time you access this website, information is automatically stored in so-called server log files, which your browser transmits automatically. These are:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Message indicating whether the retrieval was successful
  • Browser type and version
  • Operating system used
  • Referrer URL (the previously visited page)

This data is required for technical reasons to deliver the website correctly and to ensure stability and security. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). This data is not merged with other data sources. The data is automatically deleted after a maximum of 30 days.

4.4 Cookies

This website does not use cookies for tracking or analysis purposes. No cookies are set that track your user behaviour or store personal data.

5. Personal data

5.1 Contact form and emails

The following personal data is collected via the contact form: name, email address. The same applies to emails you send us. We collect this data so that we can reply to you by email. We store personal data until your enquiry has been fully processed or you request deletion. Email messages are stored on the host's servers in Ireland.

5.2 Third-party data processors

We use the following third-party providers to process personal data, with each of whom we have concluded a data processing agreement pursuant to Art. 28 GDPR:

  • Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) — We use Google Workspace for email communication, contact data management and document storage. Personal data such as name, email address and communication content may be processed on Google servers.
  • Papierkram.de (odacer finanzsoftware GmbH, Poststraße 2, 63654 Büdingen, Germany) — We use Papierkram.de for creating quotes and invoices and managing contact data. Personal data such as name, address, email address and billing data may be processed.

5.3 Google Fonts

This website uses so-called Google Fonts for uniform font display, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). When you access a page, your browser loads the required fonts directly from Google servers. Your IP address is transmitted to Google in the process. According to Google, no cookies are stored and data is not used for personalised advertising. For more information, please see Google's Privacy Policy. The legal basis for use is Art. 6(1)(f) GDPR (legitimate interest in uniform presentation).

6. Data transfer to third countries

Some of the service providers we use are located outside the European Union or the European Economic Area, particularly in the USA (Amazon Web Services, Google). Data transfer to these third countries is based on:

  • EU-US Data Privacy Framework — For companies certified under this agreement, there is an adequacy decision by the EU Commission.
  • Standard Contractual Clauses (SCCs) — Contract clauses approved by the EU Commission that ensure an adequate level of data protection.

When selecting our service providers, we ensure that they offer appropriate guarantees for the protection of personal data.

7. Disclosure of data

We do not sell your personal data to third parties. Your data is only disclosed in the cases described in this privacy policy, in particular:

  • To the service providers mentioned in sections 4 and 5 as part of data processing
  • When we are legally obliged to do so (e.g. to authorities)
  • To enforce our rights, particularly in case of legal violations

8. Your rights

Data subjects have the following rights:

  • Right of access — Obtain information about where the data comes from and to whom it may have been disclosed.
  • Right to rectification — Have incorrect data corrected.
  • Erasure or restriction of processing — Have data deleted or at least have its processing stopped.
  • Data portability — Receive data in a common, machine-readable format or have it transferred to a third party.
  • Right to object — Object to processing in general and for advertising purposes in particular.
  • Right to lodge a complaint with supervisory authorities — In case of GDPR violations.

To exercise your rights, please contact the controller or, in case of complaints about GDPR violations, one of the supervisory authorities.

9. Updates to this privacy policy

This privacy policy is updated as needed to ensure it always reflects the functional and technical circumstances and the current legal situation. The version number and date of the current version are stated below the title of this privacy policy. Website users who have consented to the storage of their email address will be notified by email of updates to this privacy policy.