Privacy Policy

01Controller

Email: [email protected] · Phone: +49 341 3542867-0

Please direct any privacy-related requests to the email address above.

02Principles

We process personal data sparingly and only to the extent necessary to operate this website and to handle your enquiries. This website uses no tracking, analytics or advertising services and embeds no social media plugins. Fonts are served locally from our server; no connections to third-party font services (e.g. Google Fonts) are established when you visit the site.

03Hosting and server log files

This website is operated on a server managed by us at: Hetzner Online GmbH, data center in Falkenstein, Germany. Where required, a data processing agreement pursuant to Art. 28 GDPR is in place with the provider.

When you access the website, the web server automatically processes technical access data (IP address, date and time, requested URL, referrer, user agent, status code). This log data serves operational security, error analysis and the defence against attacks. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in secure operation). Log data is generally deleted or anonymised after no more than 14 days; in the event of security-relevant incidents, individual entries may be retained longer until clarification.

04Cloudflare (CDN, DNS and protection services)

We use Cloudflare, provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as a reverse proxy between your browser and our server and processes technical connection data including your IP address in order to deliver content efficiently and to fend off attacks (e.g. DDoS). Cloudflare may set technically necessary security cookies for this purpose (e.g. __cf_bm, cf_clearance).

The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in security and availability). A data processing agreement including EU standard contractual clauses is in place with Cloudflare; Cloudflare is also certified under the EU-US Data Privacy Framework.

05Cookies

This website uses technically necessary cookies only:

• CSRF security cookie (csrf_cookie_name): set only on pages with a contact form, protects the form against cross-site request forgery, has a lifetime of approx. 2 hours and contains no data that allows us to identify you.
• Cloudflare security cookies (see section 04), where set by Cloudflare to protect the website.

Legal bases: Section 25 (2) no. 2 of the German TDDDG and Art. 6 (1)(f) GDPR. No consent-requiring cookies or tracking mechanisms are used — which is why this website does not display a cookie banner.

06Contact and briefing form

If you contact us via a form on this website, we process the data you enter (name, company/organisation, email address, optional phone number, your message and, where applicable, the selected request/situation category) to handle your enquiry. On request, you will receive an automatic confirmation of receipt to the address provided.

The legal basis is Art. 6 (1)(b) GDPR (pre-contractual measures or performance of a contract), otherwise Art. 6 (1)(f) GDPR. To protect against abuse, the form automatically performs server-side spam checks (including a honeypot field and time and frequency checks); your IP address is processed briefly for this purpose (Art. 6 (1)(f) GDPR).

Form messages are sent via Microsoft 365 (Exchange Online) provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, with whom a data processing agreement is in place. Processing generally takes place within the EU (EU Data Boundary); where data is transferred to Microsoft Corporation (USA) in individual cases, this is based on the EU-US Data Privacy Framework and supplementary standard contractual clauses.

We store your enquiry data until processing is complete; statutory retention obligations (e.g. Section 257 HGB, Section 147 AO) remain unaffected.

07Email contact and encrypted communication

You can also contact us directly by email; in an emergency via [email protected]. For confidential content we provide a PGP key on the contact page — we recommend transmitting sensitive information in encrypted form only.

08Job applications

We process application data to conduct the application procedure (Art. 6 (1)(b) GDPR, Section 26 BDSG). After completion of the procedure, application documents are deleted no later than six months thereafter, unless you have consented to longer storage (talent pool). We recommend the encrypted route via our PGP key for transmission.

09Recipients and processors

Recipients of personal data are exclusively the service providers named in this policy (hosting provider, Cloudflare, Microsoft) acting as processors pursuant to Art. 28 GDPR. Data is not shared for advertising purposes. Disclosure to authorities only takes place where we are legally obliged to do so.

10Transfers to third countries

Processing generally takes place within the EU. Where transfers to the USA occur in individual cases at Cloudflare or Microsoft, they are based on the adequacy decision for the EU-US Data Privacy Framework and, in addition, on EU standard contractual clauses.

11Storage period

We store personal data only for as long as necessary for the purposes stated or as required by statutory retention obligations. The data is then deleted or anonymised.

12Your rights

You have the following rights vis-à-vis us regarding your personal data: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and withdrawal of consent with effect for the future (Art. 7 (3)).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular in the member state of your habitual residence or at the controller\'s registered office.

13No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

14Data security

This website is transmitted with end-to-end TLS encryption (HTTPS). Our systems are hardened according to current security standards and access is restricted to the necessary minimum.

15Validity of this policy

We adapt this privacy policy whenever changes to the website or legal requirements make this necessary. The version published here applies. Last updated: June 2026.