Privacy Policy

1. General information and definitions

This privacy policy is based on the terminology of the General Data Protection Regulation (GDPR). “Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on personal data, such as collection, storage, use, transmission or erasure.

As a rule, we only process personal data to the extent necessary to provide a functional website together with our content and services, or where a legal basis permits the processing. We are currently not required to appoint a data protection officer; for any data protection questions you can reach us using the contact details given in the imprint.

2. Legal bases for processing

Where we obtain consent for processing operations or rely on other legal bases, the following legal bases under the GDPR apply:

• Art. 6 (1) (a) GDPR (consent): where you have given us consent for a specific processing purpose.
• Art. 6 (1) (b) GDPR (contract): to perform a contract with you or to carry out pre-contractual measures, for example when handling an enquiry.
• Art. 6 (1) (c) GDPR (legal obligation): to fulfil legal obligations, such as commercial or tax retention periods.
• Art. 6 (1) (f) GDPR (legitimate interest): to safeguard our legitimate interests, provided your interests or fundamental rights do not override them, for example to operate the website securely and reliably.

3. Your rights as a data subject

With regard to the personal data concerning you, you have the following rights. An informal message to the contact details given in the imprint is sufficient to exercise them:

• Access (Art. 15 GDPR): you can request information about whether and which personal data we process about you.
• Rectification (Art. 16 GDPR): you can request the correction of inaccurate data or the completion of data concerning you.
• Erasure (Art. 17 GDPR): you can request the erasure of your data, provided no statutory retention obligations apply.
• Restriction (Art. 18 GDPR): you can request the restriction of the processing of your data.
• Data portability (Art. 20 GDPR): you can request to receive the data you have provided in a structured, commonly used and machine-readable format.
• Objection (Art. 21 GDPR): you can object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1) (f) GDPR.
• Withdrawal of consent (Art. 7 (3) GDPR): you can withdraw any consent given at any time with effect for the future. The lawfulness of processing carried out until withdrawal remains unaffected.

4. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.

The competent authority for us is the authority of our registered seat: the Saxon Data Protection Commissioner (Die Sächsische Datenschutzbeauftragte), Dresden. Contact details and the complaint form are available at www.saechsdsb.de. You may also contact the supervisory authority of your habitual residence.

5. Provision of the website and server log files (hosting)

This website is hosted by an external service provider (processor). The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel provides the infrastructure required to operate the website and processes the resulting data on our behalf.

Each time the website is accessed, the server automatically collects information transmitted by your browser in so-called server log files. These are, in particular: IP address, date and time of the request, the specific page or file accessed, the browser type and version used, the operating system and the previously visited page (referrer). This data is not merged with other data sources.

The processing serves exclusively the technically error-free, secure and stable operation of the website and the prevention of misuse. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest lies in the reliable provision of the website. The log files are stored for a short period only and then deleted, unless their further retention is required for security reasons.

We have concluded a data processing agreement with Vercel pursuant to Art. 28 GDPR. Processing in the USA (a third country) cannot be ruled out. Vercel Inc. is certified under the EU-US Data Privacy Framework; in addition, the European Commission's Standard Contractual Clauses pursuant to Art. 46 GDPR are used as appropriate safeguards.

6. SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL / TLS encryption. You can recognise an encrypted connection by the “https://” string in your browser's address bar and by the padlock symbol. When encryption is active, the data you transmit to us cannot be read by third parties.

7. Cookies and technically necessary storage

This website does not use any tracking, analytics or marketing cookies and does not integrate any advertising or statistics services (e.g. Google Analytics). For this reason, no consent banner (“cookie banner”) is required.

We use only technically necessary mechanisms, for example to store your language selection (e.g. a “NEXT_LOCALE” cookie) so that the website is displayed in the language you have chosen. This storage is strictly necessary for the operation you have expressly requested; the legal basis is § 25 (2) no. 2 TDDDG in conjunction with Art. 6 (1) (f) GDPR.

8. Contact and contact form

If you contact us via the contact form or by email, we process the data you provide in order to handle your enquiry. Via the contact form we collect: name, company (optional), email address, phone number (optional), the selected topic and your message. Mandatory fields are marked as such; providing further data is voluntary.

The legal basis is Art. 6 (1) (a) GDPR (your consent, which you give expressly before sending) and Art. 6 (1) (b) GDPR, where your enquiry is aimed at concluding or performing a contract.

To send the form message to our inbox, we use the service provider Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA) as a processor. The data you enter is transmitted to Resend and processed on our behalf (transfer to a third country, the USA, safeguarded by the EU-US Data Privacy Framework and Standard Contractual Clauses pursuant to Art. 46 GDPR). A data processing agreement pursuant to Art. 28 GDPR is in place with Resend.

To prevent automated misuse (spam), we use a hidden form field (“honeypot”) and a short, IP-based limit on submission frequency. The IP address used for this is processed only transiently in memory and is not stored permanently; the legal basis is Art. 6 (1) (f) GDPR (interest in the security and functionality of the service).

We store your enquiry and the associated data until the purpose of storage ceases to apply — for example because your enquiry has been conclusively handled — and no statutory retention obligations apply. You can withdraw any consent given at any time with effect for the future.

9. Fonts (locally hosted web fonts)

To display fonts consistently, this website uses web fonts. The fonts used are delivered locally from our hoster's server and are embedded at the time the website is built. When the website is accessed, no connection to third-party servers — in particular not to Google — is established, and no personal data is transmitted to third parties in this context.

10. Recipients and disclosure of data

Your personal data is only transferred to third parties where this is necessary to handle a contract or enquiry, where we are legally obliged to do so, or where we use processors (for example for hosting and email delivery) under an agreement pursuant to Art. 28 GDPR. We do not sell your data.

11. Storage period

Unless a more specific storage period is stated within this privacy policy, we process personal data only for as long as is necessary for the respective purpose or as required by statutory retention periods. Once the purpose ceases to apply and any periods have expired, the data is routinely deleted.

12. No automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.

13. Currency and amendment of this privacy policy

This privacy policy is currently valid and bears the date stated below. As our website develops further, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can be accessed on this page at any time.