Get in touch

Privacy Policy

1. Data privacy

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data includes any information that could personally identify you. For detailed information on data protection, please refer to our full Privacy Policy below.

Data Collection on This Website

Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice of the Controller" in this Privacy Policy.

How do we collect your data?

  • Some data is provided by you (e.g., information entered in a contact form).
  • Other data is collected automatically or with your consent by our IT systems when you visit the website (e.g., technical data such as browser type, operating system, or time of page access).

What do we use your data for?

  • Part of the data is collected to ensure error-free provision of the website.
  • Other data may be used to analyze user behavior.
  • If contracts can be initiated or concluded via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data? You have the right to:

  • Request information about the origin, recipients, and purpose of your stored personal data free of charge at any time.
  • Demand the correction or deletion of this data.
  • Revoke any consent given for data processing at any time.
  • Request the restriction of processing under certain circumstances.
  • File a complaint with the competent supervisory authority.

For further questions on data protection, you can contact us at any time.

2. Hosting

We host our website content with the following provider:

External Hosting

This website is externally hosted. Personal data collected on this site is stored on the host’s servers, which may include:

  • IP addresses
  • Contact requests
  • Metadata and communication data
  • Contract data
  • Names, website accesses, and other data generated via the website.

Legal basis:

  • Contract fulfillment (Art. 6(1)(b) GDPR) for our potential and existing customers.
  • Legitimate interest in secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
  • Consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG) if applicable (e.g., for cookie storage or device fingerprinting). Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill their performance obligations and follow our instructions regarding this data.

Host used: 

Google Cloud Platform (GCP) 
Google Ireland Limited Gordon House
Barrow Street Dublin 4
Ireland

Parent company: 

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA

Data Processing Agreement (DPA): We have concluded a DPA with the above provider, ensuring they process personal data solely on our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data is collected. This Privacy Policy explains:

  • What data we collect and why.
  • How and for what purpose this happens.

Note: Data transmission over the internet (e.g., email communication) may have security gaps. Complete protection against third-party access is not possible.

Notice of the Controller

The controller responsible for data processing on this website is: 

Oliver Scheffler
Bussardstr. 3a
49835 Wietmarschen-Lohne
Germany 

Phone: +49 1235 12345566 
Email: mail@flaschengeist.io

The controller is the natural or legal person who alone or jointly determines the purposes and means of processing personal data (e.g., names, email addresses).

Storage Duration

Unless a more specific storage period is stated in this Privacy Policy, your personal data will be retained until the purpose for processing no longer applies. If you assert a legitimate request for deletion or revoke consent, your data will be deleted unless we have other legally permissible reasons for storage (e.g., tax or commercial retention periods). In the latter case, deletion will occur after these reasons cease to apply.

Legal Bases for Data Processing

We process your data based on:

  • Consent (Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR for special categories of data).
  • Contract fulfillment (Art. 6(1)(b) GDPR).
  • Legal obligations (Art. 6(1)(c) GDPR).
  • Legitimate interests (Art. 6(1)(f) GDPR).
  • Transfer to third countries (Art. 49(1)(a) GDPR, if applicable).

If you consent to cookie storage or access to device information (e.g., device fingerprinting), processing is also based on § 25(1) TDDDG. Consent can be revoked at any time.

Recipients of Personal Data

We collaborate with external parties for business operations, which may require sharing personal data. We only disclose data if:

  • Necessary for contract fulfillment.
  • Legally required (e.g., tax authorities).
  • We have a legitimate interest (Art. 6(1)(f) GDPR).
  • Another legal basis permits the transfer.

When using processors, data is shared only under a valid DPA. For joint processing, a joint processing agreement is concluded.

Revoking Your Consent

Many data processing operations require your explicit consent, which you can revoke at any time. The legality of processing prior to revocation remains unaffected.

Right to Object (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time for reasons arising from your situation. We will then cease processing unless we demonstrate compelling legitimate grounds overriding your interests or for legal claims.

If your data is processed for direct marketing, you can object at any time. This includes profiling related to such marketing. After objection, your data will no longer be used for these purposes.

Right to Lodge a Complaint

If GDPR violations occur, you may file a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or the place of the alleged violation, without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data we process automatically (based on consent or contract) in a common, machine-readable format or to request its transfer to another controller, where technically feasible.

Access, Rectification, and Erasure

You have the right to:

  • Free information about your stored personal data, its origin, recipients, and purpose.
  • Rectification or erasure of this data.

Right to Restriction of Processing

You may request restriction of processing in the following cases:

  • If you contest the accuracy of your data (restriction applies during verification).
  • If processing is unlawful but you oppose erasure.
  • If we no longer need the data, but you require it for legal claims.
  • If you object to processing (Art. 21(1) GDPR) and an assessment is pending.

If processing is restricted, your data (except for storage) will only be used with your consent or for legal claims.

SSL/TLS Encryption

This site uses SSL/TLS encryption for security and to protect confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser’s address bar. When enabled, third parties cannot read data transmitted to us.

4. Data Collection on This Website

Server Log Files

The provider automatically collects and stores information in server log files, transmitted by your browser:

  • Browser type/version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other sources. Legal basis: Legitimate interest in error-free website operation (Art. 6(1)(f) GDPR).

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry (including personal data) will be stored and processed for handling your request. We do not share this data without your consent. Legal basis:

  • Contract fulfillment (Art. 6(1)(b) GDPR).
  • Legitimate interest in effective inquiry handling (Art. 6(1)(f) GDPR).
  • Consent (Art. 6(1)(a) GDPR), if applicable (revocable at any time).

Data you send via contact requests remains with us until you request deletion, revoke consent, or the purpose for storage no longer applies (e.g., after processing your request). Mandatory legal provisions (e.g., retention periods) remain unaffected.

5. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from YouTube (operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

When you visit a page with embedded YouTube, a connection to YouTube’s servers is established, informing them of the specific page visited. If logged into your YouTube account, YouTube can associate your browsing behavior with your profile. Prevent this by logging out.

We use YouTube in enhanced privacy mode, which according to YouTube:

  • Does not store personalization data for browsing history.
  • Does not set cookies for ad personalization.
  • Uses Local Storage elements (similar to cookies) for recognition.

After activating a video, additional data processing may occur beyond our control. Legal basis: Legitimate interest in an appealing online presentation (Art. 6(1)(f) GDPR) or consent (Art. 6(1)(a) GDPR; § 25(1) TDDDG for cookies/device access). Consent is revocable.

For more on YouTube’s privacy practices, see: https://policies.google.com/privacy.

EU-US Data Privacy Framework (DPF): Google is DPF-certified, ensuring compliance with European data protection standards for US data transfers. Details: https://www.dataprivacyframework.gov/participant/5780.

Key Adjustments for Clarity:

  1. Legal terms (e.g., GDPR, TDDDG, DPA) are retained but briefly explained where helpful.
  2. Active voice and concise phrasing improve readability (e.g., "We treat your data confidentially" vs. "Your data is treated confidentially by us").
  3. Structured headers guide the user through sections logically.
  4. Links to external policies (YouTube, DPF) are preserved for transparency.