Privacy Policy

This policy governs all of our personal data subjects, based on the EU-GDPR ( regulations.

Table of Contents

  1. Definitions
    1.1 Provider
    1.2 Users
    1.3 Personal data
  2. Data Collected
    2.1 Cookies
    2.2 Forms
    2.3 Accounts
    2.4 Purchases
    2.5 Client Services
  3. Purpose and Deletion
  4. Your Rights
  5. Data Protection
  6. Third-Party Processors
  7. Policy Updates

1. Definitions

1.1 Provider (also we, us and our) is operated by Mr. Sven Tolle, Nicolaistr. 18, 28195 Bremen, Germany.

1.2 Users (also you, your and yours)
All people visiting, requesting quotes, contacting us, accepting offers as well as placing orders and managing services.

  • Visitors: Just browsing, no interaction
  • Contacts: Submitted forms, registered
  • Clients: Placed order (logged in only)

1.3 Personal Data
Any Data that can be used to personally identify a person, such as..

  • First and Last name
  • Company name
  • Email address (Business email at company)
  • Billing address (Company billing address)
  • Payment data (Processed externally only, we don’t ever see your full payment data)
  • IP address (Full IP’s are processed by our firewall and during online purchases only, otherwise it’s anonymised)

2. Data Collected

  • No third-party or other user-level analytics are used on our website, all we use is a general statistic.
  • All server and error log files are anonymised.

Visitors: Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
Contacts: Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
IP (VAT regulations), Device type, OS, Browser, Screen resolution, Referrer, Access time and target

2.1 Cookies

Our website uses cookies. Cookies are small text files, saved by our web server to your web browser’s storage. They can contain text or numbers, such as session identifiers or site settings you may have applied. We use them to make your browsing expierience more secure, stable and to allow our Contacts and Clients to log into their accounts. None of these cookies are used to track users and they are only valid for one session. You can disable cookies for this site through your browser’s options. Please note that you may not be able to log in or submit forms without cookies.

2.2 Forms

We treat all Visitor, Contact and Client data as strictly confidential. Information submitted to us via the Quote or Contact forms will not be shared to any outside party. Our system stores this data only as long as it takes to submit the message and automatically purges it from the server after that. From there, your information enters into our encrypted email archive where it’s stored for as long as the law requires us to and it will be automatically deleted after that.

Visitors: No data
Contacts: All submitted form data
Clients: All submitted form data

2.3 Accounts

We don’t allow public accounts. Contacts looking to become Customers can request an account by using the contact or quote request form. We may reject or create new accounts at our own discretion. If an account is being denied, all of the data you’ve submitted will be deleted rightaway. Otherwise the account will be available for the client until our services seize or the client wishes to delete the account.

2.4 Purchases

If we accept business customers to purchase our services online, we require the following information to process the payments and to fulfill legal obligations, such as recording the customer’s IP address for VAT purposes.

  • Name
  • Company name
  • Email address (Professional email at company)
  • Billing address (Company billing address)
  • Payment data (Processed externally only, we don’t ever see your full payment data)
  • IP address

2.5 Client Services

While conducting administrative Services on our client’s websites we don’t collect any visitor data. If we’re asked to fix something and we happen to see any personal data stored on that site, we’re instructed and have personally signed an agreement not to copy, store or share this information in any way.

When we take website backups, we make sure they’re encrypted first so even if our file storage was comprimised, it wouldn’t give an attacker anything of value.

We deploy a web application firewall on all websites we manage. It sits locally on the client’s server and scans all traffic against a defined set of security rules. Only when breaking one of these rules, which wouldn’t happen to regular visitors, we share this IP address and other (non-personal) data with our firewall vendor (see: Third-Party Processors) so they may protect other people from known malicious IP addresses. In general, all data sent to this vendor will be deleted by them (and us) after 90 days. However, since IP addresses don’t stop being malicious on a schedule, this period may be extended in some cases. We firmly believe this is in any way to be considered legitimate interest for us, our clients and all of their website’s visitors as security is simply not optional. We understand the impact of this and we’re doing everything we can to minimise the effect on regular users, it should be next to none. Should anyone come into contact with our firewall for no apparent reason, we will gladly file a request to remove their IP address from the blocking lists.

Here’s our Legitimate Interest Assessment for this purpose: Download PDF

3. Purpose and Deletion

We only collect and process data that’s absolutely required to provide our services and to manage people’s (including your own) enquiries to us.

  • We collect only the minimum required data to conduct our services, it’s never shared without your consent.
  • We collect web browsing data to maintain the security of our website. It will be deleted after 30 days.
  • Applicable law requires us to maintain a record (6-10 years) of all mission-critical communications.

All deletion schedules occur automatically and without notice.

4. Your Rights

  • Enquire about the personal data we have stored about you.
  • Have your personal information deleted or anonymised.
  • Revoke your consent to process your personal data.

All Privacy enquiries will be completed within 30 days. We will ask users to verify their identity before sending out any private data.

Send any Privacy-related enquiry through our contact form, email, call us or send us a letter.

Should you be unable to resolve your privacy related issue with us directly, you may file a complaint at the respective local authority:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Arndtstraße 1
27570 Bremerhaven

T: 0421 3612010
E: (PGP Key)

5. Data Protection

The key component in dealing with sensitive data is encryption. We use TLS encryption exclusively on the website, form submissions are sent to us using secure connections and our data storage is also encrypted. We use Two-Factor Authentication where ever possible. Our systems are checked for malware several times a day and our backups are also securely encrpyted. We’re destined to continue our efforts to protect user and usage data in order to comply with legal requirements (GDPR) and industry standards at all times. However, we’re unable to guarantee 100% security (as that simply doesn’t exist). We advise users to evaluate their risks and proceed at their own discretion.

If a Data breach occurs

Should all preventative measures fail and a data breach occurs, we will take the following actions.

– Detailed notification (within 72 hours) of the authorities, insurance companies and all users affected.
– In-depth security assessment, finding and and fixing the security hole.
– Distributing new encryption keys and passwords as well as new TLS certificates for the website.

6. Third-Party Processors

We keep our third party dependency to a minimum. All of the companies listed below delare full compliance with the EU-GDPR guidelines and we have agreements with them to form a legal base for collecting and processing such data.

Our web hoster is (Neue Medien Münnich) DE – Privacy policy
Our firewall vendor is WordFence (Defiant Inc.) USA – Privacy policy
Our payment gateway is Stripe (Stripe Inc.) USA/DE – Privacy policyPrivacy Shield Policy
Our billing system is debitoor (debitoor GmbH) DE – Privacy policy