1. An overview of data protection
General information: The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you.
Data recording on this website: The data on this website is processed by the operator of the website. Contact information is available in the section “Information about the responsible party”.
How do we record your data? We collect your data when you provide it to us, for example via a contact form. Other data are recorded automatically or after your consent by our IT systems (e.g., web browser, operating system, time of access).
What are the purposes we use your data for? Some data are collected to ensure error-free provision of the website. Other data may be used to analyze user behavior. If contracts can be concluded or initiated via the website, data may also be processed for contract offers, orders, or other inquiries.
What rights do you have? You have the right to access, rectification or erasure, to revoke consent, to restrict processing, and to lodge a complaint with a supervisory authority.
Analysis tools and tools provided by third parties: Your browsing patterns may be statistically analyzed. Details are provided below.
2. Hosting and Content Delivery Networks (CDN)
We host the content of our website with the following provider:
External hosting: Personal data collected on this website are stored on the servers of the host. These may include IP addresses, contact requests, metadata and communications, contract information, contact information, names, and website access.
External hosting serves contract fulfillment (Art. 6(1)(b) GDPR) and our legitimate interest in secure and efficient provision (Art. 6(1)(f) GDPR). If consent is obtained, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG.
We use: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.
Data processing: We have concluded a DPA.
Cloudflare: We use Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare provides a global CDN and DNS and analyzes traffic to secure and optimize delivery.
Legal basis is Art. 6(1)(f) GDPR. Data transfer to the US is based on SCCs. Details: cloudflare.com/privacypolicy
Cloudflare is certified under the EU-US DPF. More information: dataprivacyframework.gov/participant/5666
Data processing: We have concluded a DPA with Cloudflare.
3. General information and mandatory information
Data protection: We treat your personal data confidentially and in accordance with statutory regulations. Complete protection from third-party access is not possible.
Information about the responsible party: preplify UG (Haftungsbeschränkt) i.G., Phone: +4915171055741, E-mail: datenschutz@preplify.de.
Storage duration: Personal data are stored until the purpose no longer applies, unless statutory retention obligations apply.
Legal bases: Depending on the case, processing is based on Art. 6(1)(a), (b), (c) or (f) GDPR and, if applicable, Art. 9(2)(a) GDPR and § 25(1) TDDDG.
Recipients: We share data only when required for contract fulfillment, legal obligations, legitimate interests, or another legal basis. For processors, we use DPAs.
Revocation of consent: You can revoke consent at any time without affecting prior processing.
Right to object (Art. 21 GDPR): You may object to processing based on Art. 6(1)(e) or (f) GDPR and to direct advertising at any time.
Right to lodge a complaint: You may lodge a complaint with a supervisory authority.
Right to data portability: You can request data in a machine-readable format or direct transfer where technically feasible.
Information, rectification and erasure: You have rights to access, rectification and erasure.
Right to restriction of processing: You may request restriction under certain conditions.
SSL/TLS encryption: We use SSL/TLS to protect confidential transmissions.
Encrypted payment transactions: Payment data are transmitted exclusively via encrypted connections.
Rejection of unsolicited e-mails: We object to the use of published contact information for unsolicited advertising.
4. Recording of data on this website
Cookies: Cookies may be required for website functionality. Necessary cookies are stored based on Art. 6(1)(f) GDPR; if consent is obtained, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. You can manage cookies in your browser.
Consent with Usercentrics: We use Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany) to obtain and document consent.
This includes consent status, IP address, browser/device info, visit time and geolocation. A cookie is stored to associate consents.
Legal basis is Art. 6(1)(c) GDPR. We have concluded a DPA.
Server log files: Browser type/version, operating system, referrer URL, hostname, time of request and IP address are recorded. Legal basis is Art. 6(1)(f) GDPR.
Contact form: Data from the contact form are processed to handle inquiries. Legal bases are Art. 6(1)(b), (f) GDPR or consent (Art. 6(1)(a) GDPR).
Requests by e-mail, phone or fax: Requests are processed and stored as needed for handling. Legal bases as above.
Registration: Registration data are processed for use of the service and deleted after the relationship ends, unless retention obligations apply.
5. Analysis tools and advertising
Google Tag Manager: Provider is Google Ireland Limited. The Tag Manager integrates tools and may collect IP addresses. Legal basis is Art. 6(1)(f) GDPR or consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG).
Google Tag Manager is certified under the EU-US DPF. More information: dataprivacyframework.gov/participant/5780
Google Analytics: Provider is Google Ireland Limited. Analytics uses cookies/device fingerprinting to analyze behavior. Legal basis is consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG).
IP anonymization is enabled. Transfers to the US are based on SCCs. Details: business.safety.google/adscontrollerterms/sccs
Browser plugin for opt-out: tools.google.com/dlpage/gaoptout?hl=en. Further info: support.google.com/analytics/answer/6004245?hl=en.
Google Ads: Provider is Google Ireland Limited. Legal basis is consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). Transfers to the US are based on SCCs.
Google is certified under the EU-US DPF. More information: dataprivacyframework.gov/participant/5780
6. Newsletter
Newsletter data: We require your e-mail address and confirmation of ownership and consent. Additional data are voluntary.
Legal basis is consent (Art. 6(1)(a) GDPR). You may revoke consent at any time, e.g., via the unsubscribe link.
After unsubscribe, data are deleted; a blacklist may be maintained to prevent future mailings (legitimate interest under Art. 6(1)(f) GDPR).
7. Plug-ins and Tools
Google Fonts: Fonts are loaded from Google. Legal basis is Art. 6(1)(f) GDPR or consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). More info: developers.google.com/fonts/faq and policies.google.com/privacy?hl=en
Google is certified under the EU-US DPF. More information: dataprivacyframework.gov/participant/5780
Cloudflare Turnstile: Used to prevent abuse and spam. Data such as IP address, time on site, or mouse movements may be processed. Legal basis is Art. 6(1)(f) GDPR or consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG).
SCCs: cloudflare.com/cloudflare-customer-scc; Privacy policy: cloudflare.com/cloudflare-customer-dpa
Cloudflare is certified under the EU-US DPF. More information: dataprivacyframework.gov/participant/5666