Privacy Policy

Data processing on this website is carried out by the website operator. The controller’s contact details can be found in the section “Information on the Controller”.

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse user behaviour.

You have the right to obtain information about your stored personal data, request rectification or deletion, restrict processing, object to processing, and withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority.

Behringstraße 1
70565 Stuttgart
Germany

Unless a more specific retention period has been specified in this Privacy Policy, personal data will remain with us only as long as necessary to fulfil the purposes for which it was collected or as required by statutory retention obligations.

We process personal data on the following legal bases:

Consent may be withdrawn at any time with effect for the future.

We are not legally required to appoint a data protection officer.

We only share personal data with third parties if this is necessary for the fulfilment of our contractual obligations, if we are legally obliged to do so, if you have given your consent, or if we have a legitimate interest.

Recipients may include:

Personal data submitted via contact inquiries or email (e.g. contact details, project-related information) may be structured and documented in Notion.

Notion acts as a processor within the meaning of Art. 28 GDPR. A Data Processing Agreement (DPA) has been concluded:
https://www.notion.so/Data-Processing-Addendum-3614dd47c4a24c8d8c3a6c6b6a59d5c2

Data may be processed in third countries, in particular the USA. Appropriate safeguards are in place, in particular EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

When you book an appointment via Calendly, the data you enter (e.g. name, email address, preferred date and time, optional message) is transmitted to Calendly and processed there.

Calendly acts partly as a processor and partly as an independent controller. Data may be processed outside the EU, in particular in the USA. Appropriate safeguards are in place, in particular EU Standard Contractual Clauses.

The legal basis for using Calendly is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient scheduling).

If personal data is transferred to recipients outside the European Union or the European Economic Area (EEA), this is done only in compliance with Art. 44 et seq. GDPR.

Transfers take place on the basis of adequacy decisions by the European Commission or by using EU Standard Contractual Clauses in accordance with Art. 46 GDPR, supplemented by appropriate technical and organisational measures.

You may withdraw consent you have given at any time. The lawfulness of data processing carried out before the withdrawal remains unaffected.

If data processing is based on Art. 6(1)(f) GDPR, you have the right to object at any time for reasons arising from your particular situation. If the objection concerns direct marketing, the data will no longer be processed for such purposes.

You have the right to lodge a complaint with a data protection supervisory authority.
Competent authority:

You have the right to receive personal data that we process automatically based on your consent or in fulfilment of a contract in a structured, commonly used and machine-readable format.

Within the framework of applicable law, you have the right at any time to obtain information about your stored personal data, its origin and recipients, and the purpose of processing, as well as the right to rectification or erasure.

You have the right to request restriction of processing of your personal data under the conditions set out in Art. 18 GDPR.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content.

The use of contact data published as part of the legal notice obligation for sending unsolicited advertising is hereby objected to.

This website uses cookies. Cookies are small data packets that do not cause damage to your device.

Technically necessary cookies are used on the basis of Art. 6(1)(f) GDPR. Other cookies (e.g. for analytics) are only used with your consent pursuant to Art. 6(1)(a) GDPR and § 25 TDDDG.

A detailed list of cookies and storage technologies used is available in the cookie settings.

Provider:
Papoo Software & Media GmbH
Auguststraße 4
53229 Bonn
Germany

CCM19 stores consent-related data (e.g. consent status, timestamp, pseudonymous identifier) to fulfil legal obligations.

The hosting provider automatically collects and stores information in server log files, including:

This data is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR.

If you contact us by email or phone, your inquiry and the personal data resulting from it will be stored and processed for the purpose of handling the request.

Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

Inquiries may be internally documented using secure project management and documentation tools.

Google Tag Manager is used to manage website tags. It does not itself create user profiles or store cookies.

Provider: Google Ireland Limited, Dublin, Ireland.
Legal basis: Art. 6(1)(a) GDPR.

This website uses Google Analytics to analyse user behaviour.

IP anonymisation is activated. Your IP address is truncated within the EU before transmission.

Legal basis: Art. 6(1)(a) GDPR.

We use Matomo for web analytics.

Matomo may be operated in a cookieless configuration with anonymised IP addresses, in which case processing is based on Art. 6(1)(f) GDPR.
If cookies are used, processing is based on Art. 6(1)(a) GDPR.

Provider:
Sendinblue GmbH (Brevo)
Köpenicker Straße 126
10179 Berlin
Germany

When you subscribe, your email address and consent information are processed. Subscription takes place using the double opt-in procedure.

Legal basis: Art. 6(1)(a) GDPR.

A Data Processing Agreement has been concluded with Brevo:
https://www.brevo.com/legal/termsofservice/#data-processing-agreement

You may unsubscribe at any time via the link in the newsletter.

We store personal data only for as long as necessary to fulfil the respective processing purpose or as required by statutory retention obligations.

In particular:

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures are continuously reviewed and adapted in line with technological developments.

This website may contain links to external third-party websites. We have no influence on the content and data protection practices of these websites.

The respective provider is always responsible for the processing of personal data on the linked websites.

If you submit an application, we process the personal data provided solely for the purpose of carrying out the application process.

Legal basis: § 26 BDSG and Art. 6(1)(b) GDPR.

If no employment relationship is established, the data will be deleted after six months unless statutory retention obligations apply or you have given consent for longer storage.

We reserve the right to update this Privacy Policy to reflect changes in our data processing activities or legal requirements.

The current version is always available on this website.