Privacy
The person responsible within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Markus Erhard
Am Eichenwäldchen 18
D-77830 Bühlertal
General information on data processing and legal basis
We process personal data only on the basis of applicable legal provisions. Depending on the nature of the processing, we rely on the following legal bases under the GDPR. This privacy policy is based on the EU General Data Protection Regulation (GDPR), referred to in German as Datenschutz-Grundverordnung (DSGVO).
- Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent, e.g. for the use of analytics cookies or newsletter delivery.
- Contract performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.
- Legal obligation (Art. 6(1)(c) GDPR): Where we are required by law to process data, e.g. due to tax or commercial retention obligations.
- Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary to protect our legitimate interests and your interests or fundamental rights do not override them, e.g. for the secure operation of our website.
In addition, national data protection regulations apply, in particular the German Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).
Your rights as a data subject
You have the following rights towards us in relation to your personal data:
- You can request confirmation from us as to whether we are processing personal data about you and, if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 GDPR.
- According to Article 16 GDPR, you have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.
- You have the right to demand that we delete your personal data immediately, provided that one of the reasons listed in Article 17 GDPR applies.
- You have the right to request the restriction of processing if one of the conditions listed in Article 18 GDPR is met
- As far as the requirements of Article 20 GDPR are met, you have the right to request data transfer.
- Under Art. 21 GDPR, you have the right to object at any time to the processing of your personal data where that processing is based on Art. 6(1)(f) GDPR, i.e. where it rests on a balancing of interests. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
- Insofar as we process your data on the basis of a consent that you have given us, you can revoke this consent at any time. The revocation does not affect the legality of the processing carried out on the basis of the consent up to the revocation, i.e. the revocation affects the permissibility of the processing of your personal data only after it has been explained to us.
- You also have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR (Article 77 GDPR). You can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged violation. You can find an overview of the supervisory authorities in Germany here: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
Collecting general information when visiting our website
Nature and purpose of processing
When you access our website, that is, if you do not register or otherwise provide information, it will automatically collect information from a general nature. This information (server log file) includes, for example, the type of web browser, the domain name of your Internet service provider, your IP address and the like.
They are processed in particular for the following purposes:
- Ensure a hassle-free connection to the site,
- Ensuring a smooth use of our website,
- Evaluation of system security and stability as well as
- for further administrative purposes.
We do not use your information to draw conclusions about you. We may carry out statistical evaluations to optimise our website and the underlying technology.
Legal Base
Processing is carried out in accordance with Article 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.
Recipient
Recipients of the data may be technical service providers who act as processors for the maintenance and maintenance of our website.
Storage Duration
The data will be deleted as soon as it is no longer necessary for the purpose of the survey. This is basically the case for the data used to serve the web page when that particular session is over.
Is provision of data mandatory?
The provision of the aforementioned personal data is not legally nor contractually required. Without the IP address, however, the service and functionality of our website is not guaranteed. Additionally, individual services may not be available or limited. For this reason, a contradiction is excluded.
International Applicability and Data transfers
If personal data is transferred to service providers in third countries (especially the USA), this will only be done in compliance with appropriate safeguards in accordance with Article 44 et seq. GDPR, for example via:
- EU-U.S. Data Privacy Framework (DPF) or
- EU Standard Contractual Clauses
National Data Protection Regulations in Germany
In addition to the General Data Protection Regulation (GDPR), additional national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG), which contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, data processing for other purposes, as well as data transfer and automated decision-making, including profiling. In addition, the data protection laws of the individual federal states may also apply.
Note on the applicability of the GDPR and the Swiss Data Protection Act (DSG)
This privacy policy provides information in accordance with both the Swiss Data Protection Act (DSG) and the GDPR. For reasons of clarity and due to the expanded scope of application, the terms of the GDPR are used in this notice. This particularly applies to the terms "processing" of personal data, "legitimate interest," and "special categories of data," which are referred to in the Swiss Data Protection Act as "processing" of "personal data," "overriding interest," and "personal data worthy of particular protection." The legal meaning of these terms continues to be governed by the definitions of the Swiss Data Protection Act within the scope of application of the Swiss Data Protection Act (DSG). International Data Transfer
Data Processing in Third Countries
If personal data is transferred to a third country outside the European Union (EU) or the European Economic Area (EEA) – for example, when using third-party services or if this is expressly mentioned in the privacy policy – this is always done in compliance with the legal requirements.
For transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which is recognized as a secure legal framework by the EU Commission's adequacy decision of July 10, 2023. In addition, we have concluded standard contractual clauses with the respective service providers that comply with the EU Commission's requirements and contractually ensure the protection of your data.
Through this two-tiered safeguard – the DPF as the main protection mechanism and the standard contractual clauses as an additional measure – we guarantee comprehensive protection of your data. Should the legal situation regarding the DPF change, the standard contractual clauses will automatically apply as a fallback option. This ensures that your data continues to be adequately protected even in the event of future legal or policy changes.
WordPress as a Content Management System (CMS)
WordPress.com provides hosting and software for creating, publishing, and managing websites, blogs, and other online offerings. The service is offered by Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. Data processing is based on our legitimate interest pursuant to Article 6 (1) (f) GDPR. Further information can be found on the website: https://wordpress.com and in the privacy policy at: https://automattic.com/de/privacy/. You can view a data processing agreement at https://wordpress.com/support/data-processing-agreements/. For data transfers to third countries, the Data Privacy Framework (DPF) and standard contractual clauses provided by WordPress are used.
Registration on our website
Nature and purpose of processing
When registering for the use of our personalized services, some personal information will be collected, such as name, address, contact and communication information (e.g., telephone number and e-mail address). If you are registered with us, you can access contents and services that we only offer to registered users. Registered users also have the option of changing or deleting the data specified during registration at any time. Of course, we also provide you with information about the personal data we hold about you at any time.
Legal basis
The processing of the data entered during registration takes place on the basis of the user's consent (Article 6 (1) (a) GDPR).
If the registration serves the fulfillment of a contract of which the data subject is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.
Recipient
The recipient of the data may be a technical service provider who acts as a processor for the operation and maintenance of our website.
Storage Duration
In this context, data will only be processed as long as the corresponding consent has been obtained. Thereafter, they will be deleted, as far as no legal storage requirements preclude. To contact us in this regard, please use the contact details given at the beginning of this Privacy Policy.
Is provision of data mandatory?
Your personal information is provided voluntarily, solely on the basis of your consent. Without the provision of your personal data, we can not grant you access to our content and services.
Provision of paid services
Nature and purpose of processing
To provide paid services, we request additional data, such as: Payment details to complete your order.
Legal basis
The processing of the data required for the conclusion of the contract is based on Article 6 (1) (b) GDPR.
Recipient
Recipients of the data may be processors.
Storage Duration
We store this data in our systems until the legal retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax requirements.
Is provision of data mandatory?
The provision of your personal data is voluntary. Without the provision of your personal data, we can not grant you access to our content and services.
Contact
Nature and purpose of processing
The data you enter will be stored for the purpose of individual communication with you. This requires a valid e-mail address and your name. This serves to assign the request and the subsequent answering of the same. The specification of additional data is optional.
Legal basis
The processing of the data entered into the contact form is based on a legitimate interest (Article 6 (1) (f) GDPR).
By providing the contact form, we would like to make it easy for you to contact us. Your details will be stored for the purpose of processing the request and for possible follow-up questions.
If you contact us to request an offer, the processing of the data entered in the contact form for the implementation of pre-contractual measures (Article 6 (1) (b) GDPR) will be carried out.
Recipient
Recipients of the data may be processors.
Storage Duration
Data will be deleted no later than 6 months after processing the request.
If there is a contractual relationship, we are subject to the statutory retention periods according to HGB and delete your data after these deadlines.
Is provision of data mandatory?
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, your e-mail address and the reason for the request.
Inquiry by phone
Type and purpose of processing
As part of our website, it is possible to contact us by phone. In the course of this, personal data is transmitted to us and processed. These are in particular:
- First name, last name
- Telephone number
- Payment data
- Contract data
- Reason for your Call
Legal basis
Due to the express request of the user via telephone and / or the request for a telephone call back, the legal basis for the processing of the data is Article 6 (1) (f) GDPR. If the establishment of contact by phone is also aimed at concluding and / or executing a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.
Recipient
Recipients of the data may be processors.
Storage Duration
The data are stored for the duration of the purpose for which they were collected and deleted as soon as they are no longer required or are not subject to any further statutory retention requirements (e.g. 10 years according to AO, 6 years according to HGB).
Provision mandatory or required
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address and the reason for the request.
Handling of applicant data
Our website offers the option to apply for positions with us, e.g. via a contact form, by e-mail or by post. We process the data submitted during the application process – in particular application documents, contact details and interview notes – solely for the purpose of handling your application. All parties involved are bound by confidentiality.
The legal basis is § 26 BDSG in conjunction with Art. 6(1)(b) GDPR (pre-contractual measures) and, where explicit consent has been given, Art. 6(1)(a) GDPR.
Storage Duration
In the event of a rejection or withdrawal of an application, your data will be deleted no later than 6 months after the conclusion of the application process. This serves as a safeguard in the event of potential legal disputes. In the case of a successful application, the data will be transferred to the personnel file.
Admission to the applicant pool
If we are unable to offer you a suitable position, your data may be added to our applicant pool with your explicit consent. You may withdraw your consent at any time. Unless otherwise required by law, applicant pool data will be deleted no later than two years after inclusion.
Use of Font Awesome (local hosting)
For a consistent and attractive display of fonts, we use Font Awesome on this website. The integration is done locally, so no connection is established to the servers of Fonticons, Inc.
Further information on data protection at Font Awesome can be found in the privacy policy at: https://fontawesome.com/privacy.
Use of Google Fonts (local hosting)
For a consistent display of fonts, this website uses Google Fonts. The fonts are embedded locally on our server, so no connection to Google's servers is established.
Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Reviews
We have displayed the reviews and customer opinions on the website from external sources such as Google, Facebook, Yelp, Trustpilot and other portals with rating options. We cannot guarantee that these reviews are only from our customers.
SSL encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Change to our privacy policy
We reserve the right to amend this privacy policy to always comply with the current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. Your new visit will be subject to the new privacy policy.
Last update: April 30th 2026
Comments
Users can leave comments on our website. In addition to the comment content, the time of submission and the chosen username are stored. This serves to ensure proper operation and the traceability of contributions, as we as the website operator may be held liable for unlawful content even if it was created by users.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Providing your data when using the comment function is voluntary. Without this information, the comment function cannot be used.
Storage Duration
Comments and the associated data remain on our website until the commented content is completely removed or deletion is required for legal reasons.
Subscribing to comments
As a registered user, you have the option to subscribe to comments and receive e-mail notifications when new contributions are posted. After signing up, you will receive a confirmation e-mail (double opt-in). The subscription can be cancelled at any time via the unsubscribe link in the notification e-mails. The data stored in connection with the subscription will be deleted upon cancellation, unless it has been stored for other purposes, such as newsletter delivery. The legal basis is Art. 6(1)(a) GDPR (consent).