1) Introduction and Contact Details of the Controller
1.1 We are delighted that you are visiting our website and thank you for your interest. In the following, we will inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Welp-IT UG (haftungsbeschränkt), Am Schwanhof 6, 35037 Marburg, Germany, Tel .: +49 151 23377759, Email: [email protected]. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser bar.
3) Hosting & Content Delivery Network
3.1 DigitalOcean
For hosting our website and displaying the site's content, we utilize the system of the following provider: DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013, USA.
All data collected on our website is processed on the provider's servers.
We have entered into a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
3.2 Cloudflare
We utilize a Content Delivery Network provided by the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA.
This service allows us to deliver large media files such as graphics, page content, or scripts through a network of regionally distributed servers more quickly. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have entered into a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
We have entered into a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.
4) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings. If individual cookies used by us also process personal data, processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a user-friendly and effective design of the site visit. You can configure your browser to inform you about the setting of cookies and to individually decide on their acceptance or to exclude the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contact
5.1 HubSpot
This website uses a live chat system provided by the following provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
The processing of personal data transmitted via chat is carried out either in accordance with Art. 6 Para. 1 lit b GDPR, because it is necessary for the initiation or performance of a contract, or in accordance with Art. 6 Para. 1 lit. f GDPR due to our legitimate interest in effectively supporting our site visitors. Your data transmitted via chat will be deleted, subject to conflicting statutory retention periods, once the relevant issue has been finally clarified.
Additionally, for the purpose of creating pseudonymized user profiles, further information may be collected and evaluated using cookies, which, however, do not serve your personal identification and are not merged with other data sets. If this information contains personal references, processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in statistically analyzing user behavior for optimization purposes. Setting cookies can be prevented through appropriate browser settings. However, this may restrict the functionality of our website. You can object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future. We have entered into a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.
5.2 Microsoft Teams
With the following information, we inform you about the data processing when using Microsoft Teams for video conferences. Microsoft Teams is a service provided by the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft processes personal data in the USA. Microsoft is also an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can obtain further information about the EU-US Data Privacy Framework at https://www.privacyshield.gov/ps/participant?id=a2zt0000000KzNaAAK.
Microsoft also uses so-called Standard Contractual Clauses (SCC) (Art. 46 para. 2 and 3 GDPR). These are a means provided by the European Commission to ensure an adequate level of data protection even when processing data in third countries. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft undertakes to comply with the standards and regulations of European data protection law.
You can find information about the decision and the Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
For further information about the Standard Contractual Clauses at Microsoft, please visit https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
You can view how Microsoft processes your data at https://privacy.microsoft.com/de-de/privacystatement.
5.3 When contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form is apparent from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided there are no statutory retention obligations.
6) Use of Customer Data for Direct Marketing
HubSpot
The dispatch of our email newsletters is carried out via this provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
Based on our legitimate interest in effective and user-friendly newsletter marketing, we transmit your data provided during newsletter registration pursuant to Art. 6 para. 1 lit. f GDPR to this provider so that they can handle the newsletter dispatch on our behalf.
Subject to your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical evaluation of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have entered into a data processing agreement with the provider to protect the data of our site visitors and prohibit disclosure to third parties.
7) Online Marketing
HubSpot
This website uses the software-based marketing service of the following provider for the provision and synchronization of various customer management services: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
The service enables the automated processing of feed activities, the control of advertising in deployed marketing channels, and the analysis of marketing campaign success, as well as central email marketing and contact management.
To fulfill various functions, cookies are used, which are small text files stored locally in the cache of your web browser on your device, allowing us to analyze your usage of the website. The cookies collect certain information, such as the IP address, location, and time of page access. All the processing described above, especially the setting of cookies to read information on the device used, is only carried out if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. Other legal bases for data processing that apply within specific service functions (such as the necessity of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR for newsletter delivery) remain unaffected.
We have concluded a data processing agreement with the provider to ensure the protection of our site visitors' data and to prohibit unauthorized disclosure to third parties.
8) Web Analytics Services
Matomo
This website uses a web analytics service provided by the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo").
To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of page usage within a short time window of up to 24 hours. The "config_id" of the page is a randomly set, time-limited hash of a limited set of visitor settings and attributes. The config_id or config hash is a character string calculated for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the page visitor to generate the "config_id".
If the information processed includes personal user data, processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes. To object to the processing of your visitor data for the future, we provide a separate option to object on our website.
If data collected with the Matomo technology (including your pseudonymized IP address) is transferred to and processed on servers in New Zealand for usage analysis purposes, we inform you that the European Commission has issued an adequacy decision for New Zealand, confirming compliance with European data protection standards for international data transfers.
If data is also transferred to the provider's servers and the web analytics service is not locally installed on our server, we have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and to prohibit unauthorized disclosure to third parties.
Google Tag Manager
We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing carried out until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued pursuant to the review procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection ceases to exist and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
Google Conversion Tag
We use Google Conversion Tag to track conversions. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing carried out until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued pursuant to the review procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection ceases to exist and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
Google Analytics
We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects can revoke their consent at any time by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing carried out until the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued pursuant to the review procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection ceases to exist and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
9) Tools and Others
Cookie Consent Tool
This website uses a "Cookie Consent Tool" to obtain effective user consent for consent-required cookies and cookie-based applications. The "Cookie Consent Tool" is displayed to users as an interactive user interface when the page is accessed, allowing consent for specific cookies and/or cookie-based applications to be given by checking boxes. By using the tool, all consent-required cookies/services are only loaded if the respective user gives the appropriate consent by checking the box. This ensures that such cookies are only set on the user's device if consent is given. The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is nevertheless processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website. Another legal basis for processing is also Art. 6 para. 1 lit. c GDPR. As controllers, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user's consent.
If necessary, we have concluded a data processing agreement with the provider to ensure the protection of our site visitors' data and to prohibit unauthorized disclosure to third parties.
Further information about the operator and the settings options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
10) Rights of the Data Subject
10.1 The applicable data protection law grants you the following rights concerning the processing of your personal data by the controller (rights to information and intervention), with reference to the specified legal basis for each exercise requirement:
Right to information according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent granted according to Art. 7 para. 3 GDPR;
Right to lodge a complaint according to Art. 77 GDPR.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
11) Duration of Personal Data Storage
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax retention periods).
If personal data is processed on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are legal retention periods for data processed on the basis of contractual or quasi-contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided they are no longer necessary for the performance of the contract or the initiation of a contract and/or there is no longer a legitimate interest on our part in the continued storage. If personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If personal data is processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise indicated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
12) Data Processing on Social Media
We maintain online presences within social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
12.1 Facebook
We maintain an online presence on Facebook. The platform is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook processes personal data. The privacy policy can be viewed at the following link: https://www.facebook.com/policy.php. To object to data processing, settings for advertisements are available: https://www.facebook.com/legal/terms/information_about_page_insights_data. According to an agreement pursuant to Art. 26 GDPR, we are jointly responsible with Facebook for processing the data of visitors to our profile. Information about which data is processed exactly can be found on the following page from Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can assert their rights both to us and to Facebook. However, according to our agreement with Facebook, we forward requests to Facebook. In this way, data subjects receive a faster response if they contact Facebook directly.
12.2 Instagram
We maintain an online presence on Instagram. The platform is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Instagram processes personal data. The privacy policy can be viewed at the following link: https://help.instagram.com/519522125107875.
12.3 LinkedIn
We maintain an online presence on LinkedIn. The platform is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn processes personal data. The privacy policy can be viewed at the following link: https://www.linkedin.com/legal/privacy-policy?_l=de_DE