Privacy policy

We process personal data to the extent necessary to operate the website, handle inquiries, initiate/perform contracts, ensure security, and, only with consent, for analytics and marketing.

• Legal bases (depending on the case): Art. 6(1)(b) GDPR (contract/steps prior to entering into a contract), Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(f) GDPR (legitimate interest, e.g. secure and stable operation, IT security, abuse/error detection, support), Art. 6(1)(a) GDPR (consent, e.g. analytics/marketing).
• Cookies/similar technologies: We comply with the legal requirements (in particular Section 25 TDDDG). Technically necessary technologies are used on the basis of Section 25(2) TDDDG; optional technologies (e.g. analytics/marketing) only with consent pursuant to Section 25(1) TDDDG.
• Recipients/service providers: We use service providers for hosting, database, CDN/media delivery, email delivery, live chat and, after consent, analytics/marketing. Where required, we conclude data processing agreements under Art. 28 GDPR.
• Transfers to third countries: For some providers, processing may take place outside the EU/EEA (e.g. the USA). Where required, transfers are based on an adequacy decision (e.g. EU-US Data Privacy Framework) and/or EU Standard Contractual Clauses; further information is available on request.
• Requirement to provide data: Providing personal data is generally neither legally nor contractually required. However, if information is needed to process inquiries or conclude/perform contracts, we may be unable to act without it.

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.

• Data processed: IP address, date/time, accessed content/URL, referrer URL, browser/device information and, where applicable, technical status/error information.
• Purposes: delivery of the website, operational security, abuse and error detection.
• Legal basis: Art. 6(1)(f) GDPR.
• Provider/recipient: DigitalOcean, LLC (hosting, processing on our behalf; possible third-country transfer, see section 2).

We do not create additional usage profiles for tracking purposes at application level. Technically necessary hosting logs may occur.

• Data processed (typical): contact details (e.g. name, email), communication content, quotation/order and contract data, and, where applicable, internal notes for processing.
• Purposes: handling inquiries, preparing quotations, contract processing, documentation and traceability.
• Legal bases: Art. 6(1)(b) GDPR (pre-contractual/contractual), Art. 6(1)(f) GDPR (efficient processing/documentation), where applicable Art. 6(1)(c) GDPR (retention obligations).
• Provider/recipient: DigitalOcean, LLC (managed database, processing on our behalf; possible third-country transfer, see section 2).

• Data processed: technically necessary access data (in particular IP address, date/time, requested file/URL, referrer URL, browser/device information).
• Purposes: fast and secure delivery and optimization of images/videos (performance/stability).
• Legal basis: Art. 6(1)(f) GDPR.
• Provider/recipient: Gumlet, Inc. (typically processing on our behalf; possible third-country transfer, see section 2).

Website visitors do not upload files; the CDN delivers only media provided by us.

• Data processed: information from your message (e.g. name, email address, content) and, where applicable, communication metadata.
• Purposes: responding to and handling your inquiry, and where applicable initiating/performing a contractual relationship.
• Legal bases: Art. 6(1)(b) GDPR (for pre-contractual/contractual inquiries), otherwise Art. 6(1)(f) GDPR (communication/support).
• Service providers/recipients: MailerSend, Inc. (technical delivery of form messages/transactional emails); Google (Google Workspace) for mailbox and email communication.

Third-country transfers: With MailerSend and Google, processing may also take place outside the EU/EEA (in particular the USA). Where required, transfers are based on an adequacy decision (e.g. EU-US Data Privacy Framework) and/or EU Standard Contractual Clauses; details see section 2.

• Activation: The chat is only loaded when you start it (e.g. by clicking the chat button).
• Data processed: chat content and, where applicable, voluntarily provided contact details; also technically necessary connection data (e.g. IP address, timestamps, device/browser information, page accessed).
• Purposes: customer service, answering questions, support.
• Legal bases: Art. 6(1)(b) GDPR (initiation/performance) or Art. 6(1)(f) GDPR (support).
• Provider/recipient: Smartsupp.com, s.r.o., Šumavská 31, 602 00 Brno, Czech Republic.

To assign an ongoing chat (e.g. after a reload), a pseudonymous identifier may be stored in local storage. Analytics or marketing functions are not used without consent.

We use cookies/similar technologies to operate the website and, only with your consent, for analytics and for measuring/optimizing advertising.

• Google Analytics (GA4): reach measurement and analysis of website usage to improve our offering.
• Google Ads: measurement of campaign success (e.g. conversion tracking) and, if enabled, optimization/delivery of ads (e.g. remarketing).

• Data (typical): online identifiers (e.g. cookie IDs), usage/event data (e.g. page views, interactions), device/browser information, referrer URL, and where applicable approximate location information (region). The IP address is also processed for technical communication.
• Provider/recipient: Google Ireland Limited; depending on configuration, data may also be transferred to Google LLC (USA) and affiliated companies.
• Transfers to third countries: Where data is transferred to the USA, this may (depending on provider status) be based on the EU-US Data Privacy Framework (DPF) and/or EU Standard Contractual Clauses (see section 2).
• Legal bases: use (storing/reading) of cookies/similar technologies in accordance with Section 25 TDDDG; subsequent processing of personal data based on your consent (Art. 6(1)(a) GDPR).
• Withdrawal/change: You can withdraw or adjust your consent at any time via the cookie settings with effect for the future (e.g. via a link/button in the footer). The lawfulness of processing up to the point of withdrawal remains unaffected.

Further information: Google's privacy policy: https://policies.google.com/privacy

We store personal data only as long as necessary for the respective purposes. We then delete or anonymize the data unless legal retention obligations or legitimate interests (e.g. asserting/defending legal claims) require further storage.

• Access data (hosting/CDN): generally only as long as required for operation, security and troubleshooting.
• Contact/support (email, form, chat): until final handling; beyond that only if a (pre-)contractual relationship arises or retention obligations apply.
• Quotation/customer data: during the cooperation and thereafter within the scope of legal obligations and/or as long as required for documentation or legal enforcement.

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, simply send a message to the contact address stated in section 1.