Privacy Policy

4.1 Description of processing

Our website is hosted by Netlify. When you visit the website, technically necessary data is processed to deliver the website content and to ensure stability and security (e.g., to prevent abuse and defend against attacks).

Netlify may process access logs, which can include the visitor’s IP address. Netlify indicates a retention of less than 30 days for access logs.

Reference: https://answers.netlify.com/t/can-access-logs-be-turned-off/34557

4.2 Purpose

Website delivery, ensuring operational security, troubleshooting, and prevention of misuse and fraud.

4.3 Legal basis

Article 6(1)(f) GDPR (legitimate interests in operating a secure, stable, and functional website).

4.4 Recipients / processing on behalf

Netlify processes data as a data processor. Netlify provides a Data Processing Agreement (DPA):

https://www.netlify.com/v3/static/pdf/netlify-dpa.pdf

Netlify also publishes a list of sub-processors:

https://www.netlify.com/legal/subprocessors/

4.5 International transfers (Netlify)

Netlify is a US provider. In its DPA, Netlify describes transfer mechanisms for restricted transfers (including the EU-US Data Privacy Framework and, where required, EU Standard Contractual Clauses (SCCs)).

Reference: https://www.netlify.com/v3/static/pdf/netlify-dpa.pdf

5.1 Description of processing

We use Plausible Analytics (Cloud) to analyze website usage statistically. According to Plausible, it does not use cookies and does not create persistent identifiers.

Reference: https://plausible.io/data-policy

When you access individual pages, the following information may be processed:

• the page visited (URL / page path)
• referrer (the website you came from)
• browser
• operating system
• device type
• country
• region
• city

Reference: https://plausible.io/data-policy

Plausible states that:

• location is derived from the IP address, after which the IP address is discarded and not stored, and
• the user agent is used to derive browser/OS/device, after which the full user agent is discarded.

Reference: https://plausible.io/data-policy

Plausible also states that visitor data is processed in the EU (cloud infrastructure in Germany).

Reference: https://plausible.io/dpa

5.2 Purpose

Audience measurement, statistical analysis of website usage, and improvement of our online offering (content, performance, usability).

5.3 Legal basis

Article 6(1)(f) GDPR (legitimate interests in analyzing and improving our website).

5.4 Recipients / processing on behalf

Recipient: Plausible Analytics as a data processor. Plausible provides a Data Processing Agreement (DPA):

https://plausible.io/dpa

5.5 Opt-out

You can disable Plausible tracking in your browser by using the opt-out via the plausible_ignore entry in localStorage (as documented by Plausible):

https://plausible.io/docs/excluding-localstorage

6.1 Contact via email

If you contact us by email, we process the data you provide (e.g., name, email address, message content).

• Purpose: Handling your request and communicating with you.
• Legal basis: Article 6(1)(b) GDPR (pre-contractual / contractual communication) or Article 6(1)(f) GDPR (legitimate interests in handling general enquiries).
• Retention: For as long as necessary to process your request; thereafter deletion unless statutory retention obligations apply.

6.2 Contact form and CRM processing (monday.com)

When you use our contact form, we process the following data:

• First name
• Last name
• Email address
• Subject
• Message content

Purpose: Processing and responding to your enquiry and managing communication through our customer relationship management (CRM) system.

Legal basis: Article 6(1)(b) GDPR (pre-contractual / contractual communication) or Article 6(1)(f) GDPR (legitimate interest in efficient enquiry management and documentation of communication).

Recipients / Processors: Enquiries submitted via the contact form are transmitted to and processed within our CRM system provided by monday.com Ltd.

We have concluded a Data Processing Agreement (DPA) with monday.com in accordance with Article 28 GDPR.

International data transfers: monday.com may process data on servers located outside the European Economic Area (EEA). Where personal data is transferred to third countries, appropriate safeguards are implemented in accordance with Articles 44 et seq. GDPR, such as:

• Adequacy decisions of the European Commission (where applicable), or
• EU Standard Contractual Clauses (SCCs).

Further information can be found in monday.com’s privacy documentation.

Retention: Your data will be stored for as long as necessary to process your enquiry and manage follow-up communication. Data will be deleted when no longer required, unless statutory retention obligations apply.