Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration below.

Data collection on this website

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the responsible body" in this data protection declaration.

How do we collect your data?

Your data is collected on the one hand by you communicating it to us. This can, for example, be data that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to demand the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this and other questions on the subject of data protection.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting takes place for the purpose of contract fulfilment with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). If a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil their performance obligations and will follow our instructions with regard to this data.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a contract required under data protection law that ensures that the host processes our website visitors' personal data only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

The responsible body is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate deletion request or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons have ceased to apply.

General Information on the Legal Bases for Data Processing on this Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special data categories pursuant to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), data processing is additionally based on § 25 (1) TTDSG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to fulfil a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Information on the legal bases applicable in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

In the course of our business activities, we work with various external bodies. In some cases, the transmission of personal data to these external bodies is also necessary. We only pass on personal data to external bodies if this is necessary as part of contract fulfilment, if we are legally obliged to do so (e.g. forwarding data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6 (1) (f) GDPR or if another legal basis permits the data transfer. When using order processors, we only pass on personal data of our customers on the basis of a valid contract on order processing. In the case of joint processing, a contract on joint processing is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time about this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data. You can contact us at any time. The right to restriction of processing exists in the following cases:

• If you contest the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to demand the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can demand the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to assert, defend or exercise legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or your web browser deletes them automatically.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g. cookies for handling payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested, or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies), are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of his services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. When deactivating cookies, the functionality of this website may be limited.

Consent via our cookie consent banner

This website uses its own (self-hosted) cookie consent banner to obtain your consent to the storage of certain cookies or the use of certain technologies on your terminal device and to document this in a data protection-compliant manner. On your first visit to the site, a banner appears via which you can consent to or reject the storage of certain cookie categories (necessary, analytics, marketing). Non-essential cookies are only set after your explicit consent. Your consent decision is stored exclusively locally in your browser (localStorage) – no personal data is transmitted to third parties and no server-side consent logs are created. You can revoke your consent at any time via the cookie settings button in the footer. The legal basis for obtaining consent is Art. 6 (1) (c) GDPR.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) (b) GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data sent by you to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Plugins and Tools

Google Fonts (local hosting)

This page uses so-called Google Fonts for the uniform display of fonts. The Google Fonts are installed locally; no connection to Google servers takes place. For more information about Google Fonts see https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=en.

Google Maps

This page uses the mapping service Google Maps, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, to display our company location. The map is loaded only after your explicit consent (by clicking the corresponding button); until then no connection to Google servers is established. Once loaded, your IP address and device information are transmitted to Google and typically forwarded to a Google server in the USA. When Google Maps is active, Google may use Google Fonts for the uniform display of typefaces — when Google Maps is called, your browser loads the necessary web fonts into your browser cache to display texts and fonts correctly. The legal basis is Art. 6 (1) (a) GDPR and § 25 (1) TTDSG. Data transfers to the USA are based on the EU-US Data Privacy Framework (Commission Adequacy Decision of 10 July 2023) and supplementarily on the Standard Contractual Clauses of the EU Commission. Details: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. Google is certified under the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active. You may revoke your consent at any time via the cookie settings. More information on Google's handling of user data: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use Google reCAPTCHA v3 on our contact form to defend against automated spam submissions. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The reCAPTCHA script is only loaded once you actively interact with the contact form or have consented in the cookie banner — no connection to Google servers takes place beforehand. Once loaded, reCAPTCHA analyses user behaviour based on various features (incl. IP address, mouse and keyboard input, time on page). The data may be transferred to Google servers in the USA. The legal basis for loading the script and subsequent processing is Art. 6 (1) (f) GDPR (legitimate interest in protecting our online service against abusive automated access) and § 25 (2) No. 2 TTDSG (strict necessity to provide a telemedia service explicitly requested by the user). Data transfers to the USA rely on the EU-US Data Privacy Framework and Standard Contractual Clauses.

Further information can be found in Google's privacy policy: https://policies.google.com/privacy

6. AI Chatbot and Lead Capture

An AI-powered chatbot is used on this website. Responses to your inquiries are processed using the Google Gemini API (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

The data you enter, along with your name, email address, and phone number (if provided), are automatically extracted and stored in Google Firestore (Firebase) to process your request and facilitate future contact. Firestore data is stored on servers in the 'eur3 (europe-west)' region within the European Union; individual administrative processes may, however, involve transfers to the USA.

The legal basis for this processing is Art. 6 (1) (b) GDPR (performance of a contract / pre-contractual measures) and our legitimate interest in providing efficient customer support (Art. 6 (1) (f) GDPR). We have concluded a data processing agreement (DPA) with Google in accordance with Art. 28 GDPR.

7. Email Delivery via Resend

When you submit the contact form on this website, the notification is delivered to our inbox via the email service provider Resend (Resend, Inc., 2261 Market Street #4493, San Francisco, CA 94114, USA). The data you provide in the form (name, email address, message, language preference) is transmitted to Resend for the duration of the delivery and stored briefly in log files there.

The legal basis is Art. 6 (1) (b) GDPR (handling your inquiry) and Art. 6 (1) (f) GDPR (legitimate interest in reliable email delivery). Data transfers to the USA rely on the EU-US Data Privacy Framework and, supplementarily, on the Standard Contractual Clauses of the EU Commission. We have entered into a data processing agreement (DPA) with Resend pursuant to Art. 28 GDPR.

For more information on Resend's data protection, see https://resend.com/legal/privacy-policy.

8. Data Transfers to Third Countries

When using individual services (in particular Google reCAPTCHA, Google Maps, Google Gemini, Firebase and Resend), your data may be transferred to countries outside the European Union, in particular to the USA.

Where data transfers to the USA take place, we rely on the European Commission's Adequacy Decision of 10 July 2023 regarding the EU-US Data Privacy Framework (DPF). In addition, we have concluded the Standard Contractual Clauses (SCC) of the EU Commission pursuant to Art. 46 (2) (c) GDPR with the respective providers. This ensures that a level of protection materially equivalent to European data protection law applies to your data.

A list of companies certified under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/.

9. Social Media, Messengers and Links

LinkedIn Link

This website contains a link to our LinkedIn company profile. This is a plain hyperlink, not an embedded feature. Data is only transmitted to LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) once you click the link. LinkedIn's privacy policy then additionally applies (https://www.linkedin.com/legal/privacy-policy).

WhatsApp Contact Button

This website contains a button that, when clicked, opens the WhatsApp application or WhatsApp Web (wa.me link). No data is transmitted to WhatsApp / Meta unless you actively click the button. When clicked, you are redirected to the WhatsApp infrastructure; your IP address, device information and, where applicable, your WhatsApp ID are transmitted to Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4, Ireland) and Meta Platforms, Inc. (USA). The Meta privacy policy then additionally applies (https://www.whatsapp.com/legal/privacy-policy-eea). The legal basis for providing the button is Art. 6 (1) (f) GDPR (facilitating contact).

Google Reviews

We display selected reviews from Google Maps / Google Business Profile. The content is fetched server-side via the Google Places API (Google Ireland Limited). No client-side connection to Google is established; your IP address is not transmitted to Google.