Privacy Policy

Privacy Policy in accordance with GDPR

1. General Information

The protection of your personal data is a central concern for us. We treat your data confidentially and in accordance with the legal data protection regulations and this privacy policy. Our website can usually be used without providing personal data. If personal data is collected, this is always done on a voluntary basis.

2. Responsible Party

The responsible party for data processing is the operator of this website. You can find the full contact details in the Legal Notice.

3. Your Rights

  • Information about stored personal data
  • Correction of incorrect data
  • Deletion of your data, unless legal retention obligations apply
  • Restriction of processing
  • Revocation of a previously given consent with effect for the future

4. Data Security

We implement comprehensive technical and organizational measures to protect your data as effectively as possible:

  • Our WordPress website communicates exclusively via encrypted connections (TLS 1.3) with our database.
  • Our online shop is managed exclusively via a fully encrypted Linux system with hardened security configuration. Measures include:
    • Full disk encryption (e.g. via LUKS)
    • Regular security updates and system hardening
    • Access exclusively via SSH with key pair authentication
    • Firewall rules and monitoring using intrusion detection tools

5. Server Log Files

When visiting our website, information is automatically stored in so-called server log files. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device
  • Time of the server request
  • IP address (anonymized)

These data cannot be assigned to specific individuals and are used solely for technical analysis and to optimize our offering.

6. Automatic Language Redirection / GeoIP Localization

To improve user experience, we use your IP address to determine your country of origin and automatically redirect you to the appropriate language version of our website.

Processed data:

  • IP address (temporarily for country detection)
  • Country of origin (stored in browser session)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)

Purpose: Automatic language selection and improved user experience

Storage duration: For the duration of the browser session

Third-party provider: ip-api.com (used solely for country detection)

You may override automatic redirection at any time by manually selecting a language from our language menu. More information about ip-api.com: https://ip-api.com/docs/legal

7. Contact Forms and Communication

If you contact us via a form, we collect the data you enter (e.g. name, email address, message) solely for processing your request. Data is transmitted securely via HTTPS.

Important note: Our reply will be sent via email. Please note that regular emails are usually transmitted unencrypted over the Internet, which means their contents can potentially be read by third parties.

Do not send sensitive information through the contact form. Upon request, we can provide a PGP key for encrypted communication.

8. Review System

Verified customers can leave reviews on our website. We store the following data:

  • Initials of your name (no full names)
  • Your review text
  • Date of submission

All reviews are stored exclusively on our local server. There is no transfer to third-party platforms.

9. Accounting and Order Processing

We use Lexware Office for invoicing and order processing. Data is transferred via the Germanized Pro plugin using an encrypted API. Processing is carried out in accordance with Art. 6 (1) lit. b GDPR for contractual purposes and in compliance with statutory retention obligations.

10. Newsletter

If you subscribe to our newsletter, we collect your email address and any additional optional information (e.g. name). Subscription is done via a double opt-in process. You may unsubscribe at any time via a link in the newsletter or by email. After unsubscribing, your data will be deleted unless retention obligations apply.

We use MailPoet (Automattic Inc.) to send newsletters. Data processing is based on a data processing agreement in accordance with Art. 28 GDPR. More information: https://automattic.com/privacy/

11. Google Analytics

This website uses Google Analytics with IP anonymization enabled. Data is processed to analyze website usage. You can prevent Google from collecting your data with this browser plugin: Disable Google Analytics.

More information: Terms of Use | Google Privacy Policy

12. Google Adsense

Our website uses Google Adsense to display advertisements. Cookies and web beacons may be used, transmitting usage data (including IP address) to Google servers in the USA.

More information: Google Cookie Policies | Google Privacy

13. Data Disclosure

Your personal data will only be shared if:

  • You have explicitly given consent (Art. 6 (1) lit. a GDPR)
  • The disclosure is necessary for contract performance (Art. 6 (1) lit. b GDPR)
  • We are legally obligated, e.g., to provide information to authorities (Art. 6 (1) lit. c GDPR, § 24 BDSG)

There is no general sharing of your data with third parties.

14. Prohibition of Unsolicited Advertising

The use of the contact details published in our legal notice for sending unsolicited advertisements is prohibited. We reserve the right to take legal action in the event of violations.