Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This privacy policy applies to all personal data processing carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences such as our social media profiles.

The terms used are not gender-specific.

Table of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of the Online Offer and Web Hosting
• Use of Cookies
• Web Analytics, Monitoring and Optimization
• Presence on Social Networks
• Changes and Updates
• Definitions

Controller

Alexander Geißlinger
Am Buchberg 3
91413 Neustadt an der Aisch, Germany

Email: Signalslayered@gmx.de

Overview of Processing Activities

Types of Data Processed

• Contact data
• Content data
• Usage data
• Meta, communication and procedural data
• Log data

Categories of Data Subjects

• Users (website visitors)

Purposes of Processing

• Communication
• Security measures
• Reach measurement / analytics
• Provision of our online offer
• IT infrastructure
• Public relations

Applicable Legal Bases

Legal bases under the GDPR:

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the fundamental rights of the data subject.

National data protection regulations in Germany: In addition to the GDPR, the German Federal Data Protection Act (BDSG) and applicable state data protection laws apply.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in particular safeguarding the confidentiality, integrity and availability of data through access controls and encrypted transmission.

TLS/SSL encryption (HTTPS): All data transmitted via our website is encrypted using HTTPS, indicated in the browser address bar.

General Information on Data Storage and Deletion

We delete personal data in accordance with legal requirements as soon as the underlying consents are revoked or no further legal basis for processing exists.

Statutory retention periods under German law:

• 10 years – Books, records, annual financial statements (§ 147 AO, § 257 HGB)
• 8 years – Accounting documents, invoices (§ 147 AO, § 257 HGB)
• 6 years – Other business documents (§ 147 AO, § 257 HGB)
• 3 years – Contractual claims, statutory limitation period (§§ 195, 199 BGB)

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR (Art. 15–21):

• Right to object: You have the right to object at any time to processing of your personal data.
• Right to withdraw consent: You have the right to withdraw consent at any time.
• Right of access: You have the right to obtain confirmation and information about your processed data.
• Right to rectification: You have the right to have inaccurate data corrected.
• Right to erasure and restriction of processing.
• Right to data portability.
• Right to lodge a complaint with a supervisory authority.

Provision of the Online Offer and Web Hosting

We use Vercel Inc. as our hosting provider to deliver our online services.

• Data processed: Usage data, meta and communication data, log data (IP addresses, access times, browser type).
• Purpose: Provision of the online offer, security measures, IT infrastructure.
• Retention: Server log files are stored for a maximum of 30 days and then deleted.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Use of Cookies

We use cookies in accordance with legal requirements. Technically necessary cookies are used on the basis of legitimate interests. For analytical cookies, we obtain your consent, which can be withdrawn at any time.

• Session cookies (temporary): Deleted when you close your browser.
• Persistent cookies: Remain stored for up to 2 years.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR).

Web Analytics, Monitoring and Optimization

Web analytics is used to evaluate visitor flows on our online offer. We use IP masking (pseudonymization by shortening IP addresses) to protect users. No clear-text data such as names or email addresses are stored.

• Data processed: Usage data, meta and communication data.
• Purpose: Reach measurement, usage analysis, optimization of our offer.
• Security measures: IP masking (pseudonymization).
• Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Google Analytics: We use Google Analytics to measure and analyze usage of our online offer based on a pseudonymous user identification number. Google Analytics does not log or store individual IP addresses for EU users. All EU data is processed on EU-based servers before being forwarded.

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• Website: marketingplatform.google.com
• Privacy policy: policies.google.com/privacy
• Data processing agreement: business.safety.google/adsprocessorterms
• Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses.
• Opt-out: Google Analytics Opt-Out Plugin  |  Ad Settings

Presence on Social Networks

We maintain online presences on social networks. User data may be processed outside the EU, which may present challenges for enforcing user rights.

• Data processed: Contact data, content data, usage data.
• Purpose: Communication, feedback, public relations.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have entered into a joint controllership agreement with LinkedIn for Page Insights.

• Privacy policy: linkedin.com/legal/privacy-policy
• Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses.
• Opt-out: LinkedIn Opt-Out

Changes and Updates

We ask you to regularly review the content of this privacy policy. We will update this policy as soon as changes to our data processing activities make this necessary.

Definitions

• Personal data: Any information relating to an identified or identifiable natural person (name, identification number, location data, online identifier, etc.).
• Usage data: Information about how users interact with our online offer – page views, time spent, click paths, device information.
• Log data: Information about events in a system – timestamps, IP addresses, error messages, access times.
• Reach measurement: Evaluation of visitor flows on an online offer (web analytics) to identify usage patterns and optimize the service.
• Controller: The natural or legal person who determines the purposes and means of processing personal data.
• Processing: Any operation performed on personal data – collecting, storing, transmitting, deleting, etc.
• Profiling: Automated processing of personal data to analyze or predict personal aspects (interests, behavior, click patterns).