AI Advisory
Strategy & Transformation AI Managed Services Vibe Coding Advisory AI Agents Advisory neuracamp.ai Frid.AI
AI Solutions
AI Search Optimization AI Speedboat® AI DisruptMe® Human-like AI Agents AI Readiness Check for Enterprise AI Readiness Check for Finance AI Lab Düsseldorf
AI Masterclasses
C-Level & Executive Training AI Business Officer AI Trainer / Consultant AI Agents & Adaptation
Events Blog
About
Company Partners Team
Contact
DE | EN

Legal

Privacy Policy

Comprehensive information on the processing of your personal data.

01 Data Controller and Contact Details

Data Controller within the meaning of the GDPR

ECODYNAMICS GmbH
Hamidreza Hosseini (Managing Director)
Rheinpromenade 9
40789 Monheim am Rhein
Germany

Phone: +49 (2173) 297 2024
Email: info@ecodynamics.de
Website: ecodynamics.io

Commercial Register: Düsseldorf District Court, HRB 105909
VAT ID: DE308551490

Data Protection Officer

We have not appointed a data protection officer as we do not meet the requirements of Art. 37 GDPR in conjunction with Section 38 BDSG (fewer than 20 persons regularly engaged in the automated processing of personal data, and no core activity involving large-scale processing of special categories of data). For data protection inquiries, please contact us directly at the address above with the subject line "Data Protection".

02 Scope and General Information

Scope

This privacy policy applies to all offerings and content of the website ecodynamics.io, including all subpages, language versions (DE/EN) and functionalities provided therein (hereinafter "Website"). It describes the nature, scope, purpose and legal basis of the processing of personal data in accordance with the following legislation:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
  • German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as amended
  • German Telecommunications Digital Services Data Protection Act (TDDDG), in particular Section 25 (storage of and access to information in end-user terminal equipment)
  • German Telemedia Act (TMG), where applicable

Personal Data

Personal data within the meaning of Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to that person. In the context of this website, this includes in particular:

  • Contact data (name, email address, phone number, company)
  • Technical data (IP address, browser type, operating system, referrer URL)
  • Usage data (pages visited, time of access, dwell time)

Responsibility for External Links

Our website contains links to external websites. The respective operator is solely responsible for compliance with data protection regulations on those external sites. We recommend that you review the privacy policies of linked websites separately.

03 Definitions

This privacy policy uses the following terms as defined in the GDPR:

  • Processing (Art. 4 No. 2 GDPR): Any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure or destruction.
  • Processor (Art. 4 No. 8 GDPR): A natural or legal person that processes personal data on behalf of the controller (e.g. our hosting provider Vercel or our CMS provider Sanity).
  • Consent (Art. 4 No. 11 GDPR): Any freely given, specific, informed and unambiguous indication of the data subject's wishes.
  • Pseudonymisation (Art. 4 No. 5 GDPR): The processing of personal data in such a manner that the data can no longer be attributed to a specific person without the use of additional information.
  • Third country: A country outside the European Economic Area (EEA) for which no adequacy decision pursuant to Art. 45 GDPR exists, unless other safeguards under Art. 46 GDPR apply.

04 Legal Bases for Processing (Overview)

We process your personal data exclusively on the basis of a lawful ground pursuant to Art. 6(1) GDPR. The following legal bases apply in connection with our website:

  • Art. 6(1)(a) GDPR (Consent): Where you have consented to the processing, e.g. by enabling statistics cookies via our cookie banner. You may withdraw your consent at any time with effect for the future.
  • Art. 6(1)(b) GDPR (Performance of a contract / pre-contractual measures): Where the processing is necessary for the performance of a contract or for pre-contractual measures, e.g. when processing your contact inquiry.
  • Art. 6(1)(c) GDPR (Legal obligation): Where the processing is necessary to comply with a legal obligation to which we are subject, e.g. tax retention obligations under German law (AO/HGB).
  • Art. 6(1)(f) GDPR (Legitimate interests): Where the processing is necessary for the purposes of our legitimate interests and your interests, fundamental rights and freedoms do not override. Our legitimate interests include the secure and performant provision of the website, protection against misuse, and optimisation of our services.

For the specific legal basis for each processing activity, please refer to the following sections.

05 Your Rights as a Data Subject

The GDPR grants you comprehensive rights as a data subject, which we explain in detail below. To exercise your rights, an informal notification to the address stated in Section 01 is sufficient. We will process your request without undue delay, and in any event within one month of receipt (Art. 12(3) GDPR). In complex cases or where there is a large number of requests, this period may be extended by a further two months, of which we will inform you in good time.

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process personal data concerning you. If so, you have the right to access such data and the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients, the envisaged storage period, the existence of a right to rectification, erasure or restriction, the right to lodge a complaint with a supervisory authority, the origin of the data (where not collected from you) and the existence of automated decision-making including profiling. You also have the right to receive a free copy of your data in a commonly used electronic format.

Right to Rectification (Art. 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data without undue delay. Taking into account the purposes of processing, you also have the right to have incomplete data completed.

Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to obtain the erasure of your personal data without undue delay where one of the following grounds applies: the data is no longer necessary for the purposes for which it was collected; you withdraw your consent and there is no other legal basis; you object and there are no overriding legitimate grounds; the data has been unlawfully processed; erasure is required to comply with a legal obligation. The right to erasure does not apply where processing is necessary for the exercise of the right to freedom of expression, compliance with a legal obligation, reasons of public interest, or the establishment, exercise or defence of legal claims.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing where you contest the accuracy of the data (for the duration of verification), where the processing is unlawful and you opt for restriction instead of erasure, where we no longer need the data but you require it for legal claims, or where you have objected (pending determination of whether our legitimate grounds override).

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format (e.g. JSON or CSV). You also have the right to transmit such data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.

Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (legitimate interests). We will then no longer process the data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent (e.g. statistics cookies), you may withdraw it at any time with effect for the future. Withdrawal can be made via our cookie banner (accessible via the "Cookie Settings" link in the website footer) or by informal notification to the address stated in Section 01. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Postfach 20 04 44
40102 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

06 Technical Architecture of the Website

To provide context for the following sections, we describe the technical architecture of our website and its data protection implications:

Static Site Generation (SSG)

This website is built using the open-source framework Astro as a statically generated website (Static Site Generation). This means that all HTML pages are pre-generated at deployment time and delivered as ready-made files via a content delivery network. Unlike dynamic web applications, no server-side processing of personal data takes place when serving regular page content. No databases are queried and no dynamic content is generated based on user data. This is a deliberate contribution to the principle of data minimisation (Art. 5(1)(c) GDPR).

Serverless Functions

For the processing of the contact form, a server-side function (Serverless Function) is used, which runs on the infrastructure of the hosting provider Vercel. This function is only invoked when the user actively submits the contact form and processes the submitted form data. Further details can be found in Section 10.

Data Protection by Design

The architecture of our website follows the principle of "Privacy by Design" (Art. 25 GDPR). Through the use of Static Site Generation, server-side processing of personal data is reduced to a minimum. Fonts are hosted locally (no loading from external servers), no embedded social media plugins are used, and web analytics are privacy-friendly, without cookies and without collecting personal data.

07 Hosting and Content Delivery Network

Vercel Inc. (Hosting Provider)

Our website is hosted and operated by:

Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723, USA

Vercel provides the technical infrastructure for hosting, delivery via a global edge network, and the execution of serverless functions.

Data Processing on Page Access

When you access our website, Vercel automatically collects and temporarily stores the following technical access data in server log files:

  • IP address of the accessing device (may be truncated)
  • Date and time of access (timestamp)
  • HTTP method and requested URL
  • HTTP status code of the server response
  • Amount of data transferred (in bytes)
  • Browser type and version (User Agent)
  • Operating system used
  • Referrer URL (previously visited page)
  • Location of the requesting edge node

This data is processed exclusively to ensure technical functionality, to detect and prevent attacks (e.g. DDoS), and for error analysis. No merging of this data with other data sources or profiling takes place.

Vercel Edge Network

Vercel operates a global edge network with server locations in the European Union, the USA, Asia and other regions. The website is delivered from the edge location geographically closest to the user to ensure fast loading times. For users within the EEA, requests are typically served via European edge locations. In individual cases (e.g. routing optimisation or failover), processing may occur via locations outside the EEA, particularly in the USA.

Legal Basis and Safeguards

The processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, performant and technically reliable provision of our website. Where personal data is transferred to the USA, this is safeguarded by Vercel's certification under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection pursuant to Art. 45(1) GDPR. In addition, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR are in place as supplementary safeguards. Server log data is automatically deleted by Vercel after a maximum of 30 days.

08 Content Management System (Sanity CMS)

Provider

For the management and delivery of dynamic editorial content (blog posts, events, team profiles, partner information) we use the content management system of:

Sanity AS
Trondheimsveien 2
0560 Oslo, Norway

Nature of Data Processing

The editorial content managed in Sanity is delivered via the Sanity Content API and a CDN (Content Delivery Network). Content retrieval takes place partly at the time of site generation (build time) and partly in the user's browser (client-side fetching). During client-side retrieval, the following technical data may be transmitted to Sanity servers:

  • IP address of the requesting device
  • Time of retrieval
  • Type of content retrieved (API endpoint)
  • User agent information

In addition, data submitted via the contact form is stored in Sanity (see Section 10).

Data Location and GDPR Compliance

Sanity stores and processes data primarily within the European Economic Area (EEA). Sanity is a Norwegian company; Norway is an EEA member state, ensuring an adequate level of data protection. Sanity provides a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR and commits to compliance with the GDPR.

Legal Basis

Art. 6(1)(f) GDPR (legitimate interest in the efficient management and delivery of website content) and Art. 6(1)(b) GDPR (insofar as contact form data is processed for pre-contractual communication).

09 Data Collection When Visiting the Website

Server Log Files

Each time you access our website, the hosting provider automatically collects information in server log files that your browser transmits. These server log files contain:

  • IP address of the accessing device
  • Date and time of access
  • Name and URL of the requested resource
  • Amount of data transferred
  • HTTP status code
  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)

Purpose of Processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's device. For this purpose, the IP address must remain stored for the duration of the session. Storage in log files serves to ensure the functionality of the website, to optimise content and to ensure the security of our IT systems (in particular to detect and prevent cyber attacks). No analysis of the data for marketing purposes takes place in this context.

Legal Basis and Storage Period

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest arises from the necessity of technical provision and IT security. No merging of this data with other data sources takes place. The data is automatically deleted after a maximum of 30 days, unless further retention is required for the investigation of specific security incidents.

10 Contact Form and Inquiry Processing

Data Collected

When you contact us via one of the contact forms provided on the website (contact page, homepage), the following data is collected and processed:

  • First name (required)
  • Last name (required)
  • Email address (required)
  • Company (required)
  • Phone number (optional)
  • Your message (required)
  • Time of submission (automatically recorded)
  • Confirmation of privacy consent (required checkbox)

Technical Processing

The form data is transmitted encrypted (HTTPS/TLS) to a serverless function on the Vercel infrastructure. There, server-side validation of the required fields and email format takes place. The data is then transferred via an authenticated API connection (Bearer Token) to the Sanity CMS and stored there as a contact submission document. The transmission between Vercel and Sanity is also encrypted (HTTPS/TLS). No form data is stored on the Vercel server beyond the processing duration of the serverless function.

Purpose of Processing

The processing serves to handle your contact inquiry, to contact you for the purpose you have specified, and where applicable, to initiate a business relationship.

Legal Basis

Art. 6(1)(b) GDPR if your inquiry aims at concluding a contract or is necessary for pre-contractual measures. Otherwise, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in the effective handling of business inquiries). Insofar as you have consented to data processing via the privacy checkbox, Art. 6(1)(a) GDPR also applies as a legal basis.

Disclosure to Third Parties

Your contact data is not disclosed to third parties. The data is accessible exclusively to ECODYNAMICS GmbH and its employees for the purpose of processing your inquiry.

Storage Period

The data is deleted once your inquiry has been fully processed and the purpose of storage ceases to apply. This is generally the case when the circumstances indicate that the matter in question has been conclusively resolved. Statutory retention obligations (e.g. under the German Commercial Code (HGB) or Fiscal Code (AO), typically 6 or 10 years for business correspondence) remain unaffected.

11 Cookies, Local Storage and Cookie Banner

Overview

Our website takes a differentiated approach to storing information on your end device. We distinguish between HTTP cookies and the Web Storage API (localStorage), which are subject to different legal requirements.

Technically Necessary Cookies

This website does not set its own HTTP cookies in the traditional sense. However, cookies may be set by the hosting provider Vercel in the course of technical delivery (e.g. for load balancing or bot detection). These cookies are technically necessary for the operation of the website and are set on the basis of Section 25(2) No. 2 TDDDG (strict necessity) and Art. 6(1)(f) GDPR. Consent is not required for these.

Local Storage (localStorage)

To store your cookie settings, we use the Web Storage API (localStorage) of your browser. The following data set is stored locally on your device:

  • Key: cookie-consent
  • Value: JSON object with the fields necessary (always true) and statistics (true/false, depending on your selection)
  • Storage location: Exclusively local in your browser (no server transfer)
  • Duration: Unlimited, until manually deleted by you or by reopening the cookie banner

Unlike HTTP cookies, localStorage entries are not automatically transmitted to the server with every page request. The information remains exclusively on your end device and serves solely to store your consent decision. The use of localStorage for this purpose is based on Section 25(2) No. 2 TDDDG, as storing your consent preference is strictly necessary for the provision of the service you have expressly requested.

Cookie Banner and Consent Management

On your first visit to our website, a cookie banner is displayed that informs you about the storage technologies used and offers you the following options:

  • "Accept all": Enables both necessary and statistics functions (Vercel Web Analytics and Google Analytics 4)
  • "Necessary only": Enables only the functions required for operation; neither Vercel Web Analytics nor Google Analytics are loaded

You can change your settings at any time by clicking the "Cookie Settings" link in the website footer. This resets your previous consent and displays the cookie banner again.

No Marketing Cookies

We do not use marketing cookies, tracking cookies, retargeting pixels or other advertising technologies. No cross-device tracking, fingerprinting or profiling for advertising purposes takes place.

12 Web Analytics

12.1 Vercel Web Analytics

For the statistical evaluation of website usage, we use Vercel Web Analytics, a privacy-friendly analytics service by Vercel Inc. This service is only loaded if you have actively consented to the use of statistics functions via the cookie banner. Without your express consent, no analytics script is loaded and no data is collected.

Vercel Web Analytics is characterised by the following privacy-friendly features:

  • No cookies: The service does not set cookies and does not use comparable tracking mechanisms
  • No personal data: No IP addresses, device IDs or other identifiers that enable identification of individual users are stored
  • No fingerprinting: No browser or device properties are collected for fingerprinting purposes
  • No cross-site tracking: Users are not tracked across different websites
  • Aggregated metrics only: Only anonymised, aggregated statistics are collected

The following anonymised, aggregated data is collected: page views, unique visitors, dwell time, country of origin, referring source, device type, and browser and operating system.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

12.2 Google Analytics 4

In addition, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics 4 is only loaded if you have actively consented to the use of statistics functions via the cookie banner.

Google Analytics 4 uses cookies and similar technologies to collect information about the use of our website. The following data is processed:

  • Page views and interactions on the website
  • Approximate location (based on anonymised IP address)
  • Technical information (browser, operating system, screen resolution)
  • Referring source and campaign parameters
  • Dwell time and bounce rates

IP anonymisation: Google Analytics 4 anonymises your IP address by default within the EU before any transfer to the USA takes place. A complete IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.

Data transfer to third countries: Google may transfer data to the USA. The transfer is based on the EU-US Data Privacy Framework (adequacy decision of the EU Commission pursuant to Art. 45 GDPR). For more information, please refer to Google's Privacy Policy.

Objection and opt-out: You can prevent data collection by Google Analytics at any time by changing your cookie settings via the link in the footer of our website. In addition, you can download the browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Consent can be withdrawn at any time with effect for the future.

13 Fonts

Self-Hosted Fonts (Open Sauce One)

This website uses the "Open Sauce One" font, which is stored locally on the infrastructure of our hosting provider and delivered from there (self-hosting). When accessing the website, font files are loaded directly from our servers. No requests are made to external font services (such as Google Fonts, Adobe Fonts or other CDNs). No data is transmitted to third parties in this context. This solution serves data protection, as no IP addresses or other personal data are transmitted to third-party providers.

14 External Links and Social Media

LinkedIn Links

Our website contains links (simple hyperlinks) to profiles on the platform LinkedIn, operated by:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland

These are expressly not embedded social media plugins, share buttons or similar technologies. When you visit our website, no data is automatically transferred to LinkedIn. Only when you actively click a LinkedIn link are you redirected to the LinkedIn platform, where LinkedIn's privacy policy applies. We recommend that you review LinkedIn's privacy policy.

Other External Links

Our website may contain links to external websites (e.g. to partner companies, events or trade media). The respective operators are solely responsible for data processing on those external sites. No automatic data transfer to these third-party sites takes place when you access our website.

15 SSL/TLS Encryption and Transport Security

All data transmissions between your browser and our website are encrypted via the HTTPS protocol using TLS (Transport Layer Security) in its current version. TLS certificates are automatically provided and renewed by our hosting provider Vercel. Encryption protects your data from unauthorised interception or manipulation during transport.

You can recognise an encrypted connection by the lock symbol in the address bar of your browser and the "https://" protocol designation. We recommend communicating with our website only via encrypted connections, particularly when transmitting personal data via the contact form.

This covers in particular:

  • The retrieval of all website pages and resources
  • The transmission of contact form data
  • The retrieval of dynamic content from the content management system
  • Communication with the analytics service (if enabled)

16 Data Processing Agreements and Sub-Processors

To provide our website, we engage the following processors within the meaning of Art. 28 GDPR. We have concluded the necessary data processing agreements (DPA) with all processors:

Vercel Inc. (Hosting and Infrastructure)

  • Provider: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA
  • Service: Website hosting, Edge Network, Serverless Functions, TLS certificates, server log files
  • Data: Server log data, IP addresses, contact form data (pass-through)
  • Safeguards: EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs)
  • DPA: Concluded pursuant to Art. 28 GDPR

Sanity AS (Content Management)

  • Provider: Sanity AS, Trondheimsveien 2, 0560 Oslo, Norway
  • Service: Content Management System, Content API, CDN for media content, data storage for contact inquiries
  • Data: Editorial content, contact form data, technical access data from API requests
  • Safeguards: Data storage within the EEA (Norway/EU), GDPR-compliant processing
  • DPA: Concluded pursuant to Art. 28 GDPR

No additional processors are currently engaged. Should we engage additional processors in the future, we will update this privacy policy accordingly.

17 Transfer of Personal Data to Third Countries

Overview

In the context of the data processing activities described in this privacy policy, personal data may be transferred to countries outside the European Economic Area (EEA), in particular to the USA.

USA (Vercel Inc.)

The transfer of personal data to Vercel Inc. in the USA is safeguarded by the following measures:

  • EU-U.S. Data Privacy Framework (DPF): Vercel Inc. is certified under the DPF. The European Commission adopted an adequacy decision for the DPF on 10 July 2023 (Implementing Decision (EU) 2023/1795), under which an adequate level of protection for personal data is ensured in the USA, provided the data importer is certified (Art. 45(1) GDPR).
  • Standard Contractual Clauses (SCCs): In addition, Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 are in place as supplementary safeguards in the event that the adequacy decision for the DPF should be invalidated (Art. 46(2)(c) GDPR).

Norway (Sanity AS)

Norway is an EEA member state and therefore not a third country within the meaning of the GDPR. Data processing by Sanity AS in Norway is directly subject to the provisions of the GDPR. No additional safeguards are required.

Schrems II Compliance

In light of the CJEU ruling of 16 July 2020, Case C-311/18 ("Schrems II"), we continuously review whether the safeguards in place for third-country transfers are appropriate and effective. Should the adequacy decision for the EU-U.S. DPF be invalidated by court decision, we will rely on the existing Standard Contractual Clauses and a Transfer Impact Assessment (TIA) evaluating the risk of the transfer.

18 Storage Duration and Deletion Concept

We process and store your personal data only for as long as necessary for the respective processing purpose or as required by statutory retention periods. The following storage periods apply in detail:

  • Server log files: Automatic deletion after a maximum of 30 days (by Vercel)
  • Contact form data: Deletion after final processing of the inquiry, unless statutory retention obligations apply. For business correspondence: 6 years (Section 257 HGB) or 10 years (Section 147 AO) after the end of the calendar year of the last relevant action.
  • Cookie settings (localStorage): Stored indefinitely on your end device until manually deleted by you (via the browser or via the "Cookie Settings" link on our website)
  • Vercel Web Analytics: Data is processed by Vercel in anonymised and aggregated form. As no personal data is stored, no specific deletion period for personal data applies.

After the respective processing purpose ceases to exist or statutory retention periods expire, data is routinely deleted or anonymised. This is carried out according to a documented deletion concept.

19 Data Protection by Design and by Default

Pursuant to Art. 25 GDPR, we implement technical and organisational measures designed to effectively implement data protection principles and to protect the rights of data subjects. Specifically, this includes:

Data Minimisation (Art. 5(1)(c) GDPR)

  • Use of Static Site Generation: No server-side processing of personal data during regular page access
  • No user accounts, no registration, no login
  • No use of external tracking services, social media plugins or advertising technologies
  • Self-hosting of fonts to avoid external requests
  • Minimal contact form fields, limited to the scope required for inquiry processing

Data Protection by Default (Privacy by Default)

  • Vercel Web Analytics is only loaded after express consent (opt-in)
  • The cookie banner defaults to "Necessary only" (statistics checkbox is unchecked by default)
  • LinkedIn links as simple hyperlinks without automatic data transfer

Integrity and Confidentiality (Art. 5(1)(f) GDPR)

  • End-to-end TLS encryption of all data transmissions
  • Authenticated API access to the content management system (Bearer Token)
  • Server-side validation of all form inputs
  • Automatic security updates by the hosting provider

20 Automated Decision-Making and Profiling

We do not employ any automated decision-making processes within the meaning of Art. 22 GDPR. No profiling takes place that produces legal effects or similarly significantly affects you. All decisions made in the context of contact inquiries or business initiation are made by natural persons.

21 Processing of Minors' Data

Our services are directed at businesses and business customers (B2B). They are not directed at children or minors. We do not knowingly collect personal data from persons under the age of 16. Should we become aware that personal data of a minor has been processed without the required consent of the legal guardian, we will delete such data without delay.

22 Changes to This Privacy Policy

We reserve the right to amend this privacy policy as needed, in particular in the event of:

  • Changes to the technical implementation of our website (e.g. introduction of new services or features)
  • Changes to the legal framework (e.g. legislative changes, new case law)
  • Recommendations or orders from the competent data protection supervisory authorities
  • Changes to our business processes

The current version published on our website shall apply. Material changes will be indicated in an appropriate manner. We recommend reviewing this privacy policy periodically for updates.

Last updated: March 2026

Legal Notice