Privacy Policy

2.1 Processing of Personal Data and Other Terms

Data protection applies to the processing of personal data.

“Personal data” means all data that can identify you personally. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using.

Such data is processed whenever “something happens to it.” For example, when your browser transmits your IP address to our provider and it is automatically stored there – that already constitutes processing (according to Art. 4 No. 2 GDPR) of personal data (as defined in Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable Regulations / Laws – GDPR, BDSG and TDDDG

The scope of data protection is governed by laws – in particular:

• the General Data Protection Regulation (GDPR) as an EU regulation
• the Federal Data Protection Act (BDSG) as a national law
• the Telecommunications and Telemedia Data Protection Act (TDDDG), which complements the GDPR where cookies or similar technologies are used.

2.3 Data Controller

The controller responsible for data processing on this website is the entity that, alone or jointly with others, determines the purposes and means of processing personal data.

2.4 Data Protection Officer

We have appointed a Data Protection Officer for our company:

2.5 How Data Is Generally Processed on This Website

Certain data (such as IP addresses) are automatically collected when you visit our website. These data are mainly required for the technical provision and secure operation of the website.

If we process additional personal data or collect other data, we will inform you accordingly or request your consent.

Other personal data are deliberately shared by you, for example when you use our contact form. You can find detailed information about this below.

2.6 Your Rights

The GDPR grants you comprehensive rights, such as the right to receive free information about the origin, recipients and purpose of your stored personal data.

You also have the right to request rectification, restriction or deletion of this data and to lodge a complaint with the competent data protection authority. Any consent you have given can be withdrawn at any time with effect for the future.

Details on your rights and how to exercise them can be found in Section 6 of this Privacy Policy.

2.7 Our View on Data Protection

For us, data protection is more than just a legal obligation.

Personal data has great value, and careful handling of such data should be a matter of course in today’s digital world. Furthermore, as a website visitor, you should be able to decide what happens to your data, when, and by whom.

Therefore, we commit to complying with all legal requirements, collecting only the data necessary for us, and treating it confidentially.

2.8 Data Sharing and Deletion

We only share personal data where there is a legal basis for doing so and only to the extent necessary – for example when we work with processors under a data processing agreement pursuant to Art. 28 GDPR (e.g. hosting provider, technical service providers, CRM provider).

We delete your data once the purpose and legal basis for processing no longer exist and there are no other legal obligations preventing deletion (e.g. commercial or tax retention periods). For more details, see Art. 17 GDPR.

2.9 Hosting and Technical Service Providers

This website is hosted on servers of our hosting provider:

The personal data collected on this website are stored on Mittwald’s servers – including automatically collected log files (see below) and any other data you provide via forms.

We also work with our digital agency neusta for development, maintenance and technical operation of the website. neusta may have access to personal data in the course of providing these services and acts as a processor under our instructions.

External hosting ensures the secure, fast and reliable provision of our website and serves to fulfil contractual obligations towards potential and existing customers.

The legal basis for processing is Art. 6 (1)(b) GDPR (contract performance) and Art. 6 (1)(f) GDPR (legitimate interest in secure and efficient website operation). Where consent is required for the storage of or access to information on the user’s device (e.g. cookies), § 25 (1) TDDDG and Art. 6 (1)(a) GDPR apply.

We have concluded data processing agreements with our hosting provider and technical service providers.

2.10 Legal Bases

Processing personal data always requires a legal basis. Article 6 (1) GDPR provides the main options:

• (a) Consent
• (b) Contract performance or pre-contractual measures
• (c) Legal obligation
• (d) Vital interests
• (e) Public interest / exercise of official authority
• (f) Legitimate interests, except where overridden by your interests or fundamental rights and freedoms.

In the following sections, we specify the exact legal basis for each type of processing.

3.1 Data Collection When Accessing the Website (Server Log Files)

When you access the website, information is automatically stored in so-called server log files. This includes:

• browser type and version
• operating system used
• referrer URL
• hostname of the accessing computer
• time of the server request
• IP address

These data are temporarily required to ensure that our website is displayed permanently and without errors. They serve in particular the following purposes:

• system security
• system stability
• error detection and correction
• establishing a connection to the website
• proper display of the website

Data processing is carried out in accordance with Art. 6 (1)(f) GDPR, based on our legitimate interest in ensuring the website’s functionality and security.

Wherever possible, these data are stored in a pseudonymized form and deleted after their intended purpose is achieved. If the server log files allow identification of the data subject, the data are stored for a maximum of 14 days, unless a security-related incident requires longer storage.

There is no merging of this data with other data sources.

3.2 Cookies

3.3 Data Processing Through User Input

3.4 Cookie-Consent Tool (Consent Management Platform)

To ensure that only cookies and tools that require consent are activated after you have given your consent, we use a consent management platform (CMP). This tool stores your consent or refusal and documents it in compliance with data protection regulations.

For this purpose, a connection to the CMP provider’s servers is established and a cookie is stored in your browser to assign your choices.

Legal basis: Art. 6 (1)(c) GDPR (legal obligation to obtain and document consent) and Art. 6 (1)(f) GDPR (legitimate interest in legally compliant consent management).

The consent data are stored for as long as necessary for documentation purposes and will then be deleted, unless statutory retention obligations require longer storage.

4.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies that allow analysis of how visitors use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

We use IP anonymisation, which shortens your IP address before transmission within EU/EEA countries. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The data collected are used to evaluate visitor behaviour, compile reports and improve our online offering.

Legal basis: your consent under Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. You can withdraw your consent at any time via the cookie-consent tool.

We have concluded EU Standard Contractual Clauses (SCCs) with Google to ensure an adequate level of data protection.

Further information: https://policies.google.com/privacy

4.2 Odoo CRM

We use Odoo as our customer relationship management (CRM) system:

In Odoo we store contact and customer data that arise, for example, from contact forms, e-mails, telephone calls or contractual relationships (e.g. name, contact data, company, communication history, contract data).

Legal bases:

• Art. 6 (1)(b) GDPR (contract performance and pre-contractual measures)
• Art. 6 (1)(f) GDPR (legitimate interest in efficient customer and lead management)

Data are stored for as long as necessary for the relevant purpose (e.g. contract performance, customer support) and as long as legal retention obligations exist.

Further information: https://www.odoo.com/privacy

4.3 Meta (Facebook) Pixel

We use the Meta Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

This tool helps us measure the effectiveness of Meta ads (e.g. Facebook / Instagram) by tracking user actions after viewing or clicking an ad (conversions).

The collected data (e.g. IP address, browser information, referrer URL, time of visit, actions on the website) can be stored and processed by Meta and may be linked to your Meta account and used for Meta’s own advertising purposes.

Legal basis: your consent under Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. You can withdraw your consent at any time via the cookie-consent tool.

Data processing by Meta may take place in the USA. Meta is certified under the EU–US Data Privacy Framework. Further information: https://www.facebook.com/about/privacy/