Imprint & privacy policy

1. General

1.1 Responsible

The data protection controller pursuant to Art. 4 No. 7, Art. 26 EU General Data Protection Regulation ("GDPR") is the
Geek Cell GmbH, Auf der Kaiserfuhr 5, 53127 Bonn, Germany

If you have any questions or comments about this Privacy Policy, data protection or data processing on this website in general, please contact us by e-mail at privacy@geekcell.io or by mail at the above-mentioned address.

1.2 Your Rights

In the following, we would like to inform you about your rights, which you can assert free of charge against the data controller in accordance with the statutory provisions:

• Revocation of your consent (Art. 7 (1) GDPR),
• Right to information about the processing of your personal data (Art. 15 GDPR),
• Right to rectification or deletion of your personal data (Art. 16 and Art. 17 GDPR),
• Right to restrict the processing of your personal data (Art. 18 GDPR),
• Right to data portability,
  
• Right to object to the processing of your personal data (Art. 21 GDPR).
  

If you are of the opinion that the processing of your personal data violates the GDPR or any other data protection law, you have the right to lodge a complaint with a data protection authority of your choice pursuant to Art. 77 (1) of the GDPR.

In order to assert your rights and claims, please contact us at the above-mentioned contact details of the Controller.

Please note that complete data security cannot be guaranteed by us when communicating by e-mail, so we recommend that you send confidential information to us by post.

1.3 Legal Basis

In principle, your data only will be processed if there is a legal basis for doing so. In the following, we will go into more detail about the individual legal bases for the respective data processing, but in general the following applies:

• Insofar as consent is obtained from the data subjects for data processing, Art. 6 (1) lit. a) GDPR is the corresponding legal basis.
• For the processing of personal data for the fulfillment of a contract or in the context of pre-contractual measures, the legal basis is Art. 6 (1) lit. b) GDPR.
• If the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis for the processing is Art. 6 (1) 1 lit. c) GDPR.
• If the processing is carried out to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interests, then the legal basis for the processing is Art. 6 (1) lit. f) GDPR.

1.4 Retention Period

Your data will be deleted, or its processing restricted in accordance with the statutory provision, in particular in accordance with Art. 17 and 18 GDPR. Your data will therefore generally be deleted, if it is no longer required for the intended purpose, unless otherwise stated in this privacy policy. Data processing beyond these purposes will only take place if this is necessary for other and legally permissible purposes or if we have to retain your data due to legal retention periods. In these cases, processing will be restricted, i.e. blocked, and your data will not be further processed for other purposes.

Legal storage obligations result, for example, from:

• § 257 (1) HGB (6 years for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) as well as from
• § 147 (1) AO (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

1.5 Recipients, third country transfers, linked third party sites

In the following, you will find information about the third parties and processors to whom we transfer personal data. If we use various third-party services on our website, we will go into more detail later. However, in principle these services are used to make the website functional, secure, and visually appealing as well as to optimize its content. In general, we transfer personal data to the following categories of third parties:

Telecommunications service providers, service providers for hosting and other services in connection with our website, public authorities, insofar as a legitimate request has been made, credit institutions and payment service providers for the processing of payments, billing service providers, printing and postal service providers, insurance companies, insurance brokers and experts for the examination and settlement of claims, external accountants, auditors, legal advisors, and auditors.

If we transfer your personal data to a third country or an international organization, you will be informed separately about the transfer and the underlying legal basis. The data transfer will be legally secured with standard contractual clauses according to Art. 46 GDPR or other appropriate transfer safeguards according to Art. 44 et seq. GDPR.

Insofar as we use data processors for data processing, they are of course bound by our instructions and are carefully selected, commissioned, and regularly monitored by us. The assignments are based on data processing agreements in accordance with Art. 28 GDPR. The processors do not process data for their own purposes.

In particular, processors include:

• IT service providers (maintenance and support),
• Telemedia service providers for the operation of IT systems (web hoster for the provision of online platforms, provider of cloud software and backup services),
• Service providers for the professional disposal of data waste.

Our website may contain links to third-party websites. Please note that we are not responsible for the processing of your personal data on these websites within the meaning of Art. 4 No. 7 GDPR, but the respective website operator. Therefore, please inform yourself in the privacy policies of the respective websites before disclosing personal data.

1.6 Data security

For reasons of data security, we use technical and organizational measures to protect your personal data against loss, manipulation, destruction, or other attacks by unauthorized persons. Our security measures are continuously adapted to the current state of the art. On our website, we use the technology of transport encryption (TLS) in the transmission of your personal data, which you can recognize by the "https".

2. Collection and processing of your personal data when using our website

2.1 Technical provision of website, hosting

This website is hosted by an external service provider (hoster). We would like to point out that the operation of our website and the servers are hosted by the provider commissioned by us, Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 in the USA. Further information on Webflow's privacy policy can be found at the following link (English): Global Privacy Policy | Webflow.

The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, meta and communication data, web page accesses and other data generated by a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
‍
Conclusion of a contract for commissioned processing
In order to ensure data protection-compliant processing, we have concluded a contract for commissioned processing with Webflow | Geek Cell GmbH, Auf der Kaiserfuhr 5, 53127 Bonn on the basis of Art. 28 DSGVO in conjunction with the EU standard contractual clauses.

2.2 Google Analytics, Google Tag Manager

We use Google Analytics and Google Tag Manager to analyze website usage. The data obtained from this is used to optimize our website as well as advertising measures. Google Analytics and Google Tag Manager are web analytics services provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data.

During your website visit, the following data is recorded, among others:

• The achievement of "website goals" (for example, contact requests and newsletter sign-ups)
• Your behavior on the pages (for example, clicks, scrolling behavior, and dwell time)
• Your approximate location (country and city)
• Your IP address (in shortened form, so that no clear assignment is possible)
• Technical information such as browser, internet provider, device and screen resolution
• Source of origin of your visit (i.e. via which website or which advertising medium you came to us)

This data is transferred to a Google server in the USA.

Google Analytics stores and Google Tag Manager store cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future website visits.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics.

2.3 Google Fonts

On our website we use the fonts Google Fonts of the company Google (service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Fonts is an interactive directory of more than 800 fonts provided by Google LLC free to use.

As an important component, Google Fonts serves to keep the quality of our website high. By using Google Fonts, we can use fonts without having to upload them to our own server. The Google fonts are automatically optimized for the web, which saves data volume and thus ensures faster loading times.

Google Fonts is supported by all major browsers and works reliably on most modern mobile operating systems.

The legal basis for the use of Google Fonts is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Legitimate interest is understood to be both legal and economic or ideal interests recognized by the legal system. Our legitimate interest in this case is to present our website in an aesthetically pleasing, consistent and secure manner as possible.

When using Google Fonts, no cookies are stored in your browser. The font files are requested through the Google domains fonts.googleapis.com and fonts.gstatic.com, which Google says are separated from all other Google services, including your Google account if you have one.

Google records the use of so-called CSS (Cascading Style Sheets) and the fonts used and stores this data securely. Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection. Google thus pursues the goal of fundamentally improving the loading time of websites by having the fonts already in the cache when millions of websites refer to the same fonts.

In addition, each Google Fonts request also automatically transmits information such as IP address, language settings, screen resolution, browser name and version to Google servers to ensure correct graphical display.

2.4 Amazon CloudFront

Our hosting service provider uses the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please compare the explanations under 2.1.

AWS is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO not to operate a content delivery network ourselves.You have the right to object to the processing. Whether the objection is successful is to be determined as part of a balancing of interests.

The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.Your personal data will be stored by AWS for as long as necessary for the purposes described.

For more information about opting out and opting in with respect to AWS, please visit: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

2.5 jsDelivr CDN

Our hosting service provider uses the Content Delivery Network (CDN) from jsDelivr.

A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, can be delivered more quickly with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you use must connect to the servers of the CDN. In this way, the CDN obtains knowledge that our website has been accessed via your IP address.The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

For more information, please see the privacy policy of jsDelivr:
https://www.jsdelivr.com/privacy-policy-jsdelivr-net

2.6 Contact

You can contact us by email to request a quote or conduct other correspondence.

In the context of email correspondence, we process your name, email address and the content of your inquiry (e.g. name of your company, position) as well as mandatory information that is absolutely necessary for the preparation of an offer. In the context of contacting by email, we process your personal data based on our legitimate interest in providing good customer service in accordance with Art. 6 (1) lit. f) GDPR or in accordance with Art. 6 (1) lit. b) GDPR if the contact is in connection with contractual performance obligations.

Your contact requests are deleted immediately after processing unless legal retention periods require further storage. After we have answered your inquiry, we archive it immediately so that it can only be viewed to a very limited extent. Purely informative inquiries, i.e., inquiries that do not lead to a contract or contain other content that must be retained, are deleted at the end of the year in which the inquiry was made. See "Retention Period" for more information.

Last update: January 2022.