Privacy Policy

General Information

We, 9dots gmbh, together with our subsidiaries and sister companies (hereinafter collectively referred to as “the Company,” “we,” or “us”), take the protection of your personal data seriously and would like to inform you about data protection in our company.

Within the scope of our data protection responsibilities, the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) has imposed additional obligations on us to protect the personal data of data subjects (we refer to you as the data subject hereinafter also as “customer,” “user,” “you,” or “your”). “GDPR”) to ensure the protection of personal data of data subjects (we also refer to you as the data subject below as “customer,” “user,” “you,” “your,” or “data subject”).

Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes, in particular, the obligation to inform you transparently about the nature, scope, purpose, duration, and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement (hereinafter: “Privacy Policy”), we inform you about how we process your personal data:

• Processing of personal data in the context of general contact
• Processing of personal data in the context of responding to the hotel analysis
• Processing of personal data in connection with the use of the ROI calculator
• Processing of personal data in the context of order processing
• Processing of personal data in the context of using this website

Our privacy policy is modular in structure. It consists of a general section covering all processing of personal data and processing situations that arise each time a website is accessed (A. General information) and a specific section whose content relates only to the processing situation specified there, with reference to the respective offer or product, in particular the visit to websites as described in more detail here (B. Visiting websites).

To find the sections relevant to you, please refer to the following overview of the structure of the data protection information:

• Section A. General: This section is always relevant to you.
• Section B. Website and social media presence: This section is relevant to you if you use our website, including our social media presence.

1. General
2. Definitions

In accordance with Art. 4 GDPR, this privacy policy is based on the following definitions:

– “Personal data” (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or by reference to the physical, physiological, genetic, mental, economic, cultural, or social identity characteristics of that natural person. Identifiability may also be achieved by linking such information or other additional knowledge. The existence, form or embodiment of the information is irrelevant (photos, video or audio recordings may also contain personal data).

– “Processing” (Art. 4 No. 2 GDPR) means any operation or set of operations performed on personal data, whether or not by automated (i.e., technology-based) means. This includes, in particular, the collection (i.e., obtaining), recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning, combining, restricting, erasing or destroying personal data, as well as changing the purpose for which the data was originally collected.

– “Controller” (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

– “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the same group.

– “Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g., IT service providers). In terms of data protection law, a processor is not a third party.

– “Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by other clear affirmative actions, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is:

9dots gmbh
Rheinpromenade 2
40789 Monheim am Rhein

HRB 107848

Düsseldorf Local Court

Managing Directors: Martin Kemmer, Daniela Schade

Email: dsb@9dots.ai

Further information about our company can be found in the legal notice on our website https://9dots.ai/en/imprint.

3. Contact details of the data protection officer

If you have any questions or require further information on the subject of data protection, please do not hesitate to contact our company data protection officer. His contact details are:

Mr. Tobias Matussek

Exclusively by email:

dsb@9dots.ai

4. Legal basis for data processing

By law, any processing of personal data is prohibited in principle and only permitted if the data processing falls under one of the following justifications:

– Art. 6 (1) (a) GDPR (“Consent”): If the data subject has given his or her consent freely, in an informed manner and unambiguously by means of a statement or other clear affirmative action to the processing of personal data relating to him or her for one or more specific purposes;

– Art. 6 (1) (b) GDPR: If processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

– Art. 6 para. 1 sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);

– Art. 6 para. 1 sentence 1 lit. d GDPR: If processing is necessary to protect the vital interests of the data subject or of another natural person;

– Art. 6 para. 1 sentence 1 lit. e GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

– Art. 6 (1) sentence 1 lit. f GDPR (“Legitimate interests”): If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The storage of information in the end user’s terminal equipment or access to information already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:

– Section 25 (1) TDDDG: If the end user has given their consent on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 (1) sentence 1 lit. a GDPR;

– Section 25 (2) No. 1 TDDDG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network or

– Section 25 (2) No. 2 TDDDG: If the storage or access is strictly necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user.

We indicate the applicable legal basis for the processing operations we carry out below. Processing may also be based on several legal bases.

5. Data deletion and storage period

For the processing operations we carry out, we indicate below how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany, subject to any transfer in accordance with the provisions in A.(7) and A.(8).

However, storage may continue beyond the specified period in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal provisions to which we as the controller are subject (e.g., Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)). When the storage period prescribed by law expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for doing so.

6. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context and purpose of processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with further information on request. Please contact our data protection officer (see A.(3)).

7. Cooperation with processors

As with any large company, we also use external domestic and foreign service providers to handle our business transactions (e.g., in the areas of IT, logistics, telecommunications, sales, and marketing). These service providers act solely on our instructions and are contractually obligated to comply with data protection regulations in accordance with Art. 28 of the GDPR.

If personal data about you is passed on by us to our subsidiaries or passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing data processing agreements.

8. Conditions for the transfer of personal data to third countries

Within the scope of our business relationships, your personal data may be transferred to or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us (the legal basis is Art. 6 para. 1 lit. b or lit. f in conjunction with Art. 44 ff. GDPR). We will inform you of the respective details of the transfer at the relevant points below.

The European Commission has certified certain third countries as having data protection standards comparable to those of the EEA through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries to which personal data may be transferred, however, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This can be achieved through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 (1), (2) (c) of the GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates, or recognized codes of conduct. Please contact our data protection officer (see A.(3)) if you would like more information on this.

9. No automated decision-making (including profiling)

When establishing and executing our contractual relationship, you will not be subject to any decision based solely on automated processing – including profiling – in accordance with Art. 22 GDPR that has legal effect on you or significantly affects you in a similar manner.

10. No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are generally not under any legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should be the case in the context of the products we offer, as described below, you will be notified separately.

11. Legal obligation to transfer certain data

We may be subject to a specific legal or regulatory obligation to provide the lawfully processed personal data to third parties, in particular public authorities (Art. 6 para. 1 sentence 1 lit. c GDPR).

12. Your rights

You can exercise your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided in A.(2) above. As a data subject, you have the right:

– pursuant to Art. 15 GDPR, to request information about your data processed by us. In particular, you may request information about the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details;

– pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate data or the completion of your data stored by us;

– pursuant to Art. 17 GDPR, to request the erasure of your data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;

– pursuant to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;

– pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller (“data portability”);

– in accordance with Art. 21 GDPR, to object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless the objection is to direct marketing, we ask you to explain the reasons why we should not process your data as we have done when you exercise this right. In the event of your justified objection, we will review the situation and either stop or adjust the data processing or inform you of our compelling legitimate grounds for continuing the processing;

– in accordance with Art. 7 (3) GDPR, your consent once (even before the GDPR came into force, i.e. before May 25, 2018) – i.e., your voluntary, informed, and unambiguous declaration of intent, made through a statement or other clear affirmative action, that you consent to the processing of the personal data in question for one or more specific purposes – at any time, if you have given such consent. This means that we will no longer be allowed to continue processing the data based on this consent in the future and

– in accordance with Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority about the processing of your personal data in our company, for example with the data protection supervisory authorities responsible for us:

For 9dots GmbH and its subsidiaries/affiliated companies based in Monheim am Rhein:

LDI NRW
Kavalleriestraße 2 – 4
40213 Düsseldorf

Fax: 0211 38424 999
Email: poststelle@ldi.nrw.de

For subsidiaries/affiliated companies based in Langenwolschendorf:

TLfDI -Datenschutzbeauftragter-
Häßlerstraße 8
99096 Erfurt

Tel.: +49 361 57 311 2980
Fax: +49 361 57 311 2904
Email: datenschutzbeauftragter@datenschutz.thueringen.de

13. Changes to the privacy policy

As part of the ongoing development of data protection law and technological or organizational changes, our privacy policy is regularly reviewed for any necessary adjustments or additions. You will be informed of any changes in particular on our German website at

https://9dots.ai/en/data-privacy. This privacy policy is valid as of June 2025.

1. Visiting websites
2. Explanation of function

Information about our company and the services we offer can be found at www.9dots.ai and the associated subpages (hereinafter collectively referred to as “websites”). When you visit our websites, your personal data may be processed.

2. Personal data processed

When you use our websites for informational purposes, we collect, store, and process the following categories of personal data:

“Log data”: When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:

– the page from which the page was requested (so-called referrer URL)

– the name and URL of the requested page

– the date and time of the request

– the description of the type, language and version of the web browser used

– the IP address of the requesting computer, which is shortened so that it can no longer be traced back to a specific person

– the amount of data transferred

– the operating system

– a message indicating whether the request was successful (access status/HTTP status code)

– the GMT time zone difference

“Contact form data”: When contact forms are used, the data transmitted through them is processed.

– First name

– Last name

– Email

– Company (optional)

– Phone number (optional)

– Country

– the time of transmission

In addition to the purely informational use of our website, we offer a subscription to our newsletter, which informs you about product developments, press releases, developments, and trends in the hotel industry. If you subscribe to our newsletter, we collect, store, and process the following “newsletter data”:

– the page from which the page was requested (so-called referrer URL)

– the date and time of the request

– the description of the type of web browser used

– the IP address of the requesting computer, which is shortened so that it can no longer be traced back to a person

– the email address

– the date and time of registration and confirmation

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons to your email address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively in pseudonymized form, i.e., the IDs are not linked to your other personal data, and direct personal references are excluded.

3. Purpose and legal basis of data processing

We process the personal data specified above in accordance with the provisions of the GDPR, other relevant data protection regulations, and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

The processing of log data is for statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 sentence 1 lit. a or lit. f GDPR).

The processing of contact form data is carried out for the purpose of processing customer enquiries (legal basis is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR).

Newsletter data is processed for the purpose of sending the newsletter. By subscribing to our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a GDPR). We use the double opt-in procedure for registration for our newsletter. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and, if necessary, to clarify any possible misuse of your personal data. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter email, by emailing [company email address], or by sending a message to the contact details provided in the legal notice.

If the processing of the data requires the storage of information in your terminal equipment or access to information already stored in the terminal equipment, § 25 para. 1, 2 TDDDG is the legal basis for this.

4. Duration of data processing

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. With regard to the use and storage duration of cookies, please refer to point A.(5) and the cookie policy B.(6).

Third parties used by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order.

For more information on the storage period, please refer to A.(5) and the cookie policy under B.(6).

5. Transfer of personal data to third parties; legal basis

The following categories of recipients, who are usually processors (see A.(7)), may have access to your personal data:

– Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors;

– Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;

– Persons employed to carry out our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 (1) (b) or (f) GDPR.

For information on ensuring an adequate level of data protection when transferring data to third countries, see A.(8).

Furthermore, we will only disclose your personal data to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

6. Use of cookies, plugins, and other services on our website

a) Cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using on your hard drive by means of a characteristic string and stored there, and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offering as user-friendly and effective as possible, i.e. more pleasant for you.

Cookies may contain data that enables the device used to be recognized. However, some cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, cookies are divided into:

– Technical cookies: These are strictly necessary to navigate the website, use basic functions, and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which websites you have visited.

– Performance cookies: These collect information about how you use our website, which pages you visit, and, for example, whether errors occur during website use; they do not collect any information that could identify you—all information collected is anonymous and is only used to improve our website and find out what interests our users;

– Advertising cookies, targeting cookies: These are used to offer website users tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;

– Sharing cookies: These are used to improve the interactivity of our website with other services (e.g., social networks); sharing cookies are stored for a maximum of 13 months.

The legal basis for cookies that are strictly necessary to provide you with the service you have expressly requested is § 25 para. 2 no. 2 TDDDG. Any use of cookies that is not strictly necessary for this purpose constitutes data processing, which is only permitted with your express and active consent in accordance with Section 25 (1) TDDDG in conjunction with Article 6 (1) (a) GDPR. This applies in particular to the use of performance, advertising, targeting, or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
b) Cookie policy
For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please refer to our Cookie Policy B.6.
c) Social media plugins
We do not use social media plugins on our websites. If our websites contain icons from social media providers (e.g., LinkedIn, Instagram, Facebook), we use these solely for passive linking to the pages of the respective providers.
d) Cookiebot

7. Use of hotel analysis

a) Performance of hotel analysis
As part of our hotel analysis, we process personal data that you provide to us in the course of participating in the analysis. The hotel analysis serves to individually evaluate and optimize hotel operations and is based on a structured questionnaire that covers business, organizational, and strategic aspects. Our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR lies in conducting a well-founded analysis to identify optimization potential and in creating an individual strategy plan for your hotel.

Your personal data will be processed exclusively for the purpose of conducting the hotel analysis, temporarily storing your responses, and personally communicating the results to you. Your data will not be disclosed to third parties unless this is necessary for the fulfillment of the contract or required by law. Participation in the hotel analysis is voluntary.

You can object to the processing of your personal data within the scope of the hotel analysis at any time without incurring any costs other than the transmission costs according to the basic rates. In the event of an objection, your data will not be processed further and – unless there are legal storage obligations – deleted.
b) Personal data processed
Within the scope of the hotel analysis, we process the following personal data in particular:

• First and last name
• Email
• Phone
• Hotel name and location
• Position in the company
• Details about the hotel structure (e.g., number of rooms, target groups, offer structure)
• Business assessments and strategic objectives
• Voluntary information about interests, challenges, and development goals

c) Purposes and legal bases for processing personal data
Your personal data is processed for the following purposes and on the basis of the following legal grounds:

• Carrying out hotel analysis and preparing individual evaluations
• Contacting you to discuss the results
• Further development of our analysis process based on aggregated, anonymized data; the data is completely anonymized before evaluation so that no personal reference can be made; if this cannot be ensured, processing is carried out on the basis of Art. 6 (1) lit. f GDPR (legitimate interest)

The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in providing targeted advice and support to hotel businesses and in improving our analysis tools.
d) Categories of recipients of personal data
Your personal data will only be disclosed to those employees of our company who are entrusted with carrying out and evaluating the hotel analysis. In addition, we may use external service providers for the technical provision of the analysis platform within the scope of order processing in accordance with Art. 28 GDPR.
e) Duration of storage of personal data
Your personal data will be stored for the duration of the hotel analysis and for the documentation of the results. If no further interaction (e.g., renewed analysis, consultation) takes place within 12 months, your personal data will be deleted, unless you have expressly consented to longer storage or there are legal storage obligations.
f) Data transfer to third countries
Your personal data will not be transferred to a third country or an international organization.

8. Use of the ROI calculator

a) Performing the ROI calculation
When you use our ROI calculator, we process the personal data that you provide to us during the input process. The ROI calculator is used to calculate the potential return on investment (ROI) for our services based on your company-specific information. Our legitimate interest pursuant to Art. 6 (1) (f) GDPR lies in providing a digital tool for the business assessment of our offers and in the possibility of providing you with an individual evaluation based on your input.

Your personal data will be processed exclusively for the purpose of calculating the ROI, temporarily storing your entries, and optionally contacting you to discuss the results. Your data will not be passed on to third parties unless this is necessary for the fulfillment of the contract or required by law. Use of the ROI calculator is voluntary.

Disclaimer

The results displayed as part of the ROI calculation are based on ideal values and assumptions regarding system usage. Deviations may occur depending on the actual performance and the individual conditions of your hotel. The specific values and potential will be individually reviewed as part of the 9dots hotel analysis and in a personal consultation, and further developed together with you in a strategy plan.

Note

You can object to the processing of your personal data at any time when using the ROI calculator without incurring any costs other than the transmission costs according to the basic rates. In the event of an objection, your data will not be processed further and—unless there are legal storage obligations—will be deleted.
b) Personal data processed
When you use the ROI calculator, we process the following personal data in particular:

• First and last name
• Email
• Phone number (if provided)
• Company name and location
• Position in the company
• Business indicators (e.g., revenue, number of guests, average booking value)
• Voluntary information about goals, challenges, and investment interest

c) Purposes and legal basis for processing personal data
Your personal data is processed for the following purposes and on the basis of the following legal grounds:

• Performing the ROI calculation and creating individual evaluations
• Contacting you to discuss the results
• Further development of our ROI calculator based on aggregated, anonymized data; the data is completely anonymized before evaluation so that no personal reference can be made; if this cannot be ensured, processing is carried out on the basis of Art. 6 (1) lit. f GDPR (legitimate interest)

The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in providing targeted advice to potential customers and improving our digital analysis offering.
d) Categories of recipients of personal data
Your personal data will only be disclosed to those employees of our company who are entrusted with the implementation and evaluation of the ROI calculation. In addition, we may use external service providers for the technical provision of the ROI calculator within the scope of order processing in accordance with Art. 28 GDPR.
e) Duration of storage of personal data
Your personal data will be stored for the duration of the ROI calculation and for the documentation of the results. If no further interaction (e.g., consultation, request for quotation) takes place within 12 months, your personal data will be deleted unless you have expressly consented to longer storage or there are legal retention obligations.
f) Data transfer to third countries
Your personal data will not be transferred to a third country or an international organization.

9. Hosting information

Our website is hosted by an external service provider. The hosting service provider is:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Further information can be found in the hosting service provider’s privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz

10. Analysis and tracking tools

We use analysis and tracking tools on our website to understand user behavior and improve our offerings. These tools include:

– Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The information generated by the cookie about your use of this website (including your IP address) is usually transferred to a Google server in the USA and stored there.

The USA is considered an unsafe third country from a data protection perspective. In particular, there is a risk that US authorities may access the data without you, as an EU citizen, having any effective legal protection against this.

The transfer is based on the standard data protection clauses of the EU Commission pursuant to Art. 46 (2) lit. c GDPR, whereby Google undertakes to ensure a level of protection in accordance with European data protection standards. Further information is available, for example, at: https://policies.google.com/privacy

Your consent to the use of Google Analytics also includes this transfer to third countries in accordance with Art. 49 (1) lit. a GDPR. You can revoke your consent at any time.

– Matomo: An open-source web analytics software that is operated on our own servers and does not pass on any data to third parties.

You can object to the use of these tools at any time. Further information can be found in our cookie policy.

11. References to external content / links

Our website contains links to external websites. If you click on these links, you will leave our website and the privacy policy of the respective provider will apply. We have no influence on the content and data protection practices of these external websites.

12. Browser plugins / security information

We use various security services to protect your data, including:

– reCAPTCHA: A service provided by Google that helps protect our website from spam and abuse.

– Content Delivery Networks (CDNs): These networks help to reduce the loading times of our website and increase security.

Further information on the security services used can be found in our cookie policy.