Privacy Policy

1. Data Controller

Advelta GmbH
Mergenthalerallee 73-75
65760 Eschborn
Germany

Phone: +49 6196 9994 151
Email:
Privacy:

Managing Director: Bastian Seipp
Commercial Register: HRB 141255, Amtsgericht Frankfurt am Main
VAT ID: DE459754950

2. Data We Collect

2.1 Contact Forms

When you contact us, we collect:

  • Name, email address, phone number (optional), company name (optional)
  • Your message content and attachments
  • IP address, timestamp, and browser information

Purpose: Responding to inquiries and customer support
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) / Consent (Art. 6(1)(a) GDPR)
Retention: 3 years or until resolved

2.2 Spam Protection

Cloudflare Turnstile verifies form submissions are from humans, not bots, by processing:

  • IP address and browser fingerprint
  • Interaction patterns and device characteristics

Purpose: Spam prevention
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Provider: Cloudflare, Inc., USA (EU-U.S. Data Privacy Framework certified)
Privacy policy: cloudflare.com/privacypolicy

Local Anti-Spam: Our server analyzes submissions locally (timing, content patterns, honeypots) without sharing data externally.

2.3 Website Analytics

We use Google Analytics 4 (with IP anonymization) to understand website usage:

  • Anonymized IP address, browser/device info, pages visited
  • Navigation patterns, referral sources, approximate location (city level)

Purpose: Website improvement
Legal basis: Consent (Art. 6(1)(a) GDPR) via cookie banner
Provider: Google Ireland Limited
Retention: 26 months
Opt-out: Browser Add-on or cookie settings

2.4 Server Logs

Our server logs: IP addresses, accessed URLs, timestamps, error messages.

Purpose: Security and troubleshooting
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Retention: 30 days

2.5 Email Communications

Email correspondence is stored for business records and service delivery.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) / Contract performance (Art. 6(1)(b) GDPR)
Retention: 3-10 years (German commercial and tax law: HGB §257, AO §147)

3. Cookies

Essential Cookies (No consent required):

  • Cookie consent preferences (12 months)
  • Session management and security tokens (session only)
  • Cloudflare: cf_clearance, __cf_bm (30 min – 1 year) for spam protection

Analytics Cookies (Requires consent):

  • Google Analytics: _ga, _gid, _gat (2 years / 24 hours / 1 minute)

Manage via browser settings or Google Analytics opt-out.

4. Data Retention
Contact forms3 years
Email correspondence3-10 years (legal requirements)
Server logs30 days
Analytics data26 months
Invoices/contracts10 years (German tax law)
5. Your GDPR Rights

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data / “right to be forgotten” (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability in machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time (Art. 7)
  • Lodge a complaint with supervisory authority (Art. 77)

Exercise your rights: Email
Response time: Within 1 month (Art. 12 GDPR)

Supervisory Authority (Hessen):
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Website: datenschutz.hessen.de

6. Third-Party Processors

Hetzner Online GmbH – Web hosting (Germany, EU)
Google Ireland Limited – Analytics (EU/USA, Standard Contractual Clauses)
Cloudflare, Inc. – Spam protection, CDN (USA, EU-U.S. Data Privacy Framework)

Data Processing Agreements (Art. 28 GDPR) are in place with all processors.

7. Data Security

We implement appropriate technical and organizational measures to protect your data (Art. 32 GDPR), including:

  • TLS encryption for data transmission (HTTPS)
  • Encrypted database storage
  • Access controls and authentication
  • Firewall and DDoS protection
  • Regular security updates and backups
  • Staff training and confidentiality agreements
  • Incident response procedures (Art. 33-34 GDPR)

While we use industry-standard security, no system is 100% secure. We will notify you of any data breach as required by law.

8. International Data Transfers

Data is primarily processed in Germany (EU). Some services transfer data to the USA:

  • Google Analytics: EU Standard Contractual Clauses, IP anonymization
  • Cloudflare: EU-U.S. Data Privacy Framework certification

Learn more: dataprivacyframework.gov

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects (Art. 22 GDPR). Spam detection is automated for security but does not affect your rights.

10. Changes to This Policy

We may update this policy to reflect legal changes or new services. Material changes will be announced via website notice or email.

Last Updated: January 21, 2026
Version: 1.0

11. Contact

Advelta GmbH
Mergenthalerallee 73-75
65760 Eschborn, Germany

Phone: +49 6196 9994 151
Email:
Privacy inquiries: