Information according to §5 TMG.

Privacy Policy

1. General

1.1 Responsible

The data protection controller pursuant to Art. 4 No. 7, Art. 26 EU General Data Protection Regulation ("GDPR") is the
Geek Cell GmbH, Auf der Kaiserfuhr 5, 53127 Bonn, Germany

If you have any questions or comments about this Privacy Policy, data protection or data processing on this website in general, please contact us by e-mail at [email protected] or by mail at the above-mentioned address.

1.2 Your Rights

In the following, we would like to inform you about your rights, which you can assert free of charge against the data controller in accordance with the statutory provisions:

• Revocation of your consent (Art. 7 (1) GDPR),
• Right to information about the processing of your personal data (Art. 15 GDPR),
• Right to rectification or deletion of your personal data (Art. 16 and Art. 17 GDPR),
• Right to restrict the processing of your personal data (Art. 18 GDPR),
• Right to data portability,
  
• Right to object to the processing of your personal data (Art. 21 GDPR).
  

If you are of the opinion that the processing of your personal data violates the GDPR or any other data protection law, you have the right to lodge a complaint with a data protection authority of your choice pursuant to Art. 77 (1) of the GDPR.

In order to assert your rights and claims, please contact us at the above-mentioned contact details of the Controller.

Please note that complete data security cannot be guaranteed by us when communicating by e-mail, so we recommend that you send confidential information to us by post.

1.3 Legal Basis

In principle, your data only will be processed if there is a legal basis for doing so. In the following, we will go into more detail about the individual legal bases for the respective data processing, but in general the following applies:

• Insofar as consent is obtained from the data subjects for data processing, Art. 6 (1) lit. a) GDPR is the corresponding legal basis.
• For the processing of personal data for the fulfillment of a contract or in the context of pre-contractual measures, the legal basis is Art. 6 (1) lit. b) GDPR.
• If the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis for the processing is Art. 6 (1) 1 lit. c) GDPR.
• If the processing is carried out to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interests, then the legal basis for the processing is Art. 6 (1) lit. f) GDPR.

1.4 Retention Period

Your data will be deleted, or its processing restricted in accordance with the statutory provision, in particular in accordance with Art. 17 and 18 GDPR. Your data will therefore generally be deleted, if it is no longer required for the intended purpose, unless otherwise stated in this privacy policy. Data processing beyond these purposes will only take place if this is necessary for other and legally permissible purposes or if we have to retain your data due to legal retention periods. In these cases, processing will be restricted, i.e. blocked, and your data will not be further processed for other purposes.

Legal storage obligations result, for example, from:

• § 257 (1) HGB (6 years for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) as well as from
• § 147 (1) AO (10 years for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

1.5 Recipients, third country transfers, linked third party sites

In the following, you will find information about the third parties and processors to whom we transfer personal data. If we use various third-party services on our website, we will go into more detail later. However, in principle these services are used to make the website functional, secure, and visually appealing as well as to optimize its content. In general, we transfer personal data to the following categories of third parties:

Telecommunications service providers, service providers for hosting and other services in connection with our website, public authorities, insofar as a legitimate request has been made, credit institutions and payment service providers for the processing of payments, billing service providers, printing and postal service providers, insurance companies, insurance brokers and experts for the examination and settlement of claims, external accountants, auditors, legal advisors, and auditors.

If we transfer your personal data to a third country or an international organization, you will be informed separately about the transfer and the underlying legal basis. The data transfer will be legally secured with standard contractual clauses according to Art. 46 GDPR or other appropriate transfer safeguards according to Art. 44 et seq. GDPR.

Insofar as we use data processors for data processing, they are of course bound by our instructions and are carefully selected, commissioned, and regularly monitored by us. The assignments are based on data processing agreements in accordance with Art. 28 GDPR. The processors do not process data for their own purposes.

In particular, processors include:

• IT service providers (maintenance and support),
• Telemedia service providers for the operation of IT systems (web hoster for the provision of online platforms, provider of cloud software and backup services),
• Service providers for the professional disposal of data waste.

Our website may contain links to third-party websites. Please note that we are not responsible for the processing of your personal data on these websites within the meaning of Art. 4 No. 7 GDPR, but the respective website operator. Therefore, please inform yourself in the privacy policies of the respective websites before disclosing personal data.

1.6 Data security

For reasons of data security, we use technical and organizational measures to protect your personal data against loss, manipulation, destruction, or other attacks by unauthorized persons. Our security measures are continuously adapted to the current state of the art. On our website, we use the technology of transport encryption (TLS) in the transmission of your personal data, which you can recognize by the "https".

2. Collection and processing of your personal data when using our website

2.1 Technical provision of website, hosting

This website is hosted by an external service provider (hoster). We would like to point out that the operation of our website and the servers are hosted by the provider commissioned by us, Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 in the USA. Further information on Webflow's privacy policy can be found at the following link (English): Global Privacy Policy | Webflow.

The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, meta and communication data, web page accesses and other data generated by a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
‍
Conclusion of a contract for commissioned processing
In order to ensure data protection-compliant processing, we have concluded a contract for commissioned processing with Webflow | Geek Cell GmbH, Auf der Kaiserfuhr 5, 53127 Bonn on the basis of Art. 28 DSGVO in conjunction with the EU standard contractual clauses.

2.2 Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers.You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases. The use of cookies is in part technically necessary for the operation of our website and is therefore permitted without the user's consent. We may also use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 (1) TTDSG and, if applicable, Art. 6 (1) (a) GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool.

2.3 CookieBot

 https://www.cookiebot.com/en/privacy-policy/

We use the service of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark to obtain your consent to the use of other relevant services via a consent banner and to log this consent in anonymized form and encrypted on servers in the EU (Art. 7 para. 1 GDPR). This is done as follows: 

When the user accesses one of the above-mentioned websites, the Cybot application is downloaded to the user's end device. The program data required for this originates from an Akamai server close to the user's location. The cookie banner is displayed to the user.  Akamai is a so-called content delivery network provider (CDN). The purpose of a CDN is to keep digital content as close as possible to the end user so that it reaches the user's browser as quickly as possible when a website is accessed. For data protection at Akamai, see https://www.akamai.com/de/legal/compliance/privacy-trust-center. 

Cybot itself only processes the IP addresses of visitors "in-memory". In-memory" refers to the temporary, volatile, non-persistent memory module on the application server that receives the network request from a user's device. All network requests contain the IP address of the requestor by default and only exist in memory until a response is sent back from the application server. As soon as the request is received by the application server and it is technically possible at the earliest possible time, the IP address is anonymized while still in the application server's memory without ever being persisted.

The IP address is anonymized by removing the last 16 bits from IPv4 addresses and by removing the last 96 bits from IPv6 addresses. The remaining numbers from the IP address (not personally identifiable) are then stored in Cybot's log along with the unique consent ID that we assign to each consent received. The unique ID is stored together with the consent string in a cookie in the browser at the same time and not on an Akamai server (whereby the consent string in turn tells the respective website which cookies and trackers may be set there).

Your selection will be stored for 12 months, after which the consent banner will open automatically to renew your consent. You can change and revoke your consent at any time using the button below (Art. 7 para. 3 GDPR).

2.4 Google Analytics, Google Tag Manager

We use Google Analytics and Google Tag Manager to analyze website usage. The data obtained from this is used to optimize our website as well as advertising measures. Google Analytics and Google Tag Manager are web analytics services provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data.

During your website visit, the following data is recorded, among others:

• The achievement of "website goals" (for example, contact requests and newsletter sign-ups)
• Your behavior on the pages (for example, clicks, scrolling behavior, and dwell time)
• Your approximate location (country and city)
• Your IP address (in shortened form, so that no clear assignment is possible)
• Technical information such as browser, internet provider, device and screen resolution
• Source of origin of your visit (i.e. via which website or which advertising medium you came to us)

This data is transferred to a Google server in the USA.

Google Analytics stores and Google Tag Manager store cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future website visits.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics.

2.5 Google Fonts

On our website we use the fonts Google Fonts of the company Google (service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Fonts is an interactive directory of more than 800 fonts provided by Google LLC free to use.

As an important component, Google Fonts serves to keep the quality of our website high. By using Google Fonts, we can use fonts without having to upload them to our own server. The Google fonts are automatically optimized for the web, which saves data volume and thus ensures faster loading times.

Google Fonts is supported by all major browsers and works reliably on most modern mobile operating systems.

The legal basis for the use of Google Fonts is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Legitimate interest is understood to be both legal and economic or ideal interests recognized by the legal system. Our legitimate interest in this case is to present our website in an aesthetically pleasing, consistent and secure manner as possible.

When using Google Fonts, no cookies are stored in your browser. The font files are requested through the Google domains fonts.googleapis.com and fonts.gstatic.com, which Google says are separated from all other Google services, including your Google account if you have one.

Google records the use of so-called CSS (Cascading Style Sheets) and the fonts used and stores this data securely. Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. Insofar as Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees by means of standard contractual clauses to maintain the EU level of data protection. Google thus pursues the goal of fundamentally improving the loading time of websites by having the fonts already in the cache when millions of websites refer to the same fonts.

In addition, each Google Fonts request also automatically transmits information such as IP address, language settings, screen resolution, browser name and version to Google servers to ensure correct graphical display.

2.6 Amazon CloudFront

Our hosting service provider uses the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please compare the explanations under 2.1.

AWS is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO not to operate a content delivery network ourselves.You have the right to object to the processing. Whether the objection is successful is to be determined as part of a balancing of interests.

The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.Your personal data will be stored by AWS for as long as necessary for the purposes described.

For more information about opting out and opting in with respect to AWS, please visit: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

2.7 jsDelivr CDN

Our hosting service provider uses the Content Delivery Network (CDN) from jsDelivr.

A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, can be delivered more quickly with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you use must connect to the servers of the CDN. In this way, the CDN obtains knowledge that our website has been accessed via your IP address.The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

For more information, please see the privacy policy of jsDelivr:
https://www.jsdelivr.com/privacy-policy-jsdelivr-net

2.8 DropInBlog

We use DropInBlog to properly provide the content of our website. DropInBlog is a service of DropInBlog, 412 N Main St, Suite 100, Buffalo, WY 82834, United States, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the provider's servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain security and functionality.

The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

2.9 Hubspot

We use HubSpot, a service provided by HubSpot Inc (USA), to analyze visits to our website. HubSpot uses cookies and similar technologies that enable your use of our website to be analyzed. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses and device identifiers. HubSpot will use this information on our behalf to evaluate the use of our online offer by users and to compile reports for us on the activities within our website. Usage profiles can be created from the processed data.

Further information on this processing activity, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool.The setting of cookies and the further processing of personal data described here only takes place with your consent. The legal basis for data processing is § 25 para. 1 TTDSG or Art. 6 para. 1 letter a GDPR.

This may also involve the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries". Further information on data protection at HubSpot can be found at the following link.

2.10 LinkedIn Insight Tags

We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (Ireland, EU). Information on the contact details of LinkedIn Ireland and the contact details of the LinkedIn Ireland data protection officer can be found in LinkedIn's data policy under the following link.

The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using. Such storage of information by the LinkedIn Insight tag or access to information that is already stored on your device and any further processing of personal data in connection with the LinkedIn Insight tag will only take place with your consent. The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is therefore Art. 6 para. 1 lit. a GDPR.

We can perform various functions via the LinkedIn Insight tag, which we describe in detail below. 

LinkedIn conversion tracking is an analysis function that is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. The IP addresses are shortened or (if they are used to reach members across devices) hashed. LinkedIn does not provide us with any personal data, but only offers reports (in which you are not identified) on the website target group and ad performance. This allows us to measure the effectiveness of LinkedIn ads for statistical and market research purposes.

3 Contact

You can contact us by email to request a quote or conduct other correspondence.

In the context of email correspondence, we process your name, email address and the content of your inquiry (e.g. name of your company, position) as well as mandatory information that is absolutely necessary for the preparation of an offer. In the context of contacting by email, we process your personal data based on our legitimate interest in providing good customer service in accordance with Art. 6 (1) lit. f) GDPR or in accordance with Art. 6 (1) lit. b) GDPR if the contact is in connection with contractual performance obligations.

Your contact requests are deleted immediately after processing unless legal retention periods require further storage. After we have answered your inquiry, we archive it immediately so that it can only be viewed to a very limited extent. Purely informative inquiries, i.e., inquiries that do not lead to a contract or contain other content that must be retained, are deleted at the end of the year in which the inquiry was made. See "Retention Period" for more information.

Last update: April 2024.