Privacy Policy

1. Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.

We treat your data confidentially and in accordance with legal data protection regulations and this privacy policy.

2. Data Controller

The party responsible for data processing on this website is:

Christoph Schepan
Willy-Brandt-Straße 23
20457 Hamburg, Germany

Email: datenschutz@schepan.com

3. Data Collection on This Website

a) Contact Form

When you submit an inquiry via the contact form, the data you enter (e.g., name, email address, message) will be stored for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or contract fulfillment) if your inquiry relates to the fulfillment of a contract, or Art. 6(1)(f) GDPR (legitimate interest), as we have a legitimate interest in effectively processing incoming inquiries.

Email Delivery via Resend:
For sending contact form messages, we use the service Resend (Resend Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA). The following data is transmitted to Resend:

• Name, email address, company (optional), message
• IP address and user agent (browser information) for spam prevention
• Time of submission

Resend processes this data exclusively for the purpose of email delivery and stores metadata for a maximum of 30 days. We have a data processing agreement with Resend in accordance with Art. 28 GDPR. Data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). For more information: https://resend.com/legal/privacy-policy

b) Server Logs and Technical Data

When you access this website, information is automatically collected by the hosting provider (Vercel Inc.) and stored in so-called server log files. These include, for example:

• IP address
• Date and time of the request
• Browser type and version
• Operating system
• Referrer URL

This data cannot be attributed to specific individuals. No merging with other data sources takes place. The collection of this data is necessary for the technical provision of the website and to ensure its operation. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a functional website).

c) Hosting by Vercel

Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. The provider may process technical access data (e.g., IP address, server log files) as part of its operations. We have a data processing agreement with Vercel in accordance with Art. 28 GDPR.

Data transfer to the USA cannot be completely ruled out. It is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR), which are integrated into the data processing agreement.

d) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of Processing:
Google Analytics uses cookies and similar technologies to collect and analyze information about the use of this website. The following data is collected, among others:

• IP address (anonymized)
• Pages visited and time spent
• Browser type and version
• Operating system
• Referrer URL (previously visited page)
• Date and time of access
• Device information (e.g., screen resolution)

The information generated by Google Analytics about your use of this website is usually transmitted to and stored on a Google server in the USA.

IP Anonymization:
We have activated IP anonymization. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Purpose of Processing:
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator.

Legal Basis:
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time via the Cookie Settings.

Data Transfer to the USA:
Google also processes your data in the USA. Google is certified under the EU-US Data Privacy Framework. The European Commission has issued an adequacy decision for the EU-US Data Privacy Framework. For more information, see: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Objection and Deletion:
You can prevent the storage of cookies by adjusting your browser software settings or by revoking your consent via the Cookie Settings. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

Further Information:
For more information on how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245

e) Vercel Analytics

To improve website usage, we use Vercel Analytics. This service collects anonymized usage statistics such as:

• Page views
• Visit duration
• Geographic region (country/city)
• Referrer sources

Vercel Analytics does not use cookies and does not store directly identifying information. The IP address is used to derive the geographic region (country/city) and then discarded. The collected data is pseudonymized and aggregated. Collection only occurs after your consent via the cookie banner. The legal basis is Art. 6(1)(a) GDPR (consent). For more information: https://vercel.com/docs/analytics/privacy-policy

f) Vercel Speed Insights

To improve website performance, we use Vercel Speed Insights. This service collects anonymized performance metrics such as:

• Page load times
• Core Web Vitals (LCP, FID, CLS)
• Navigation Timing
• Technical performance data

No personal data is collected. The data is completely anonymized and aggregated. Attribution to individual visitors is not possible. Collection occurs automatically to ensure optimal website performance. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a performant website).

g) Fonts (Google Fonts)

This website uses fonts from Google Fonts (Geist, Geist Mono). The fonts are loaded via Next.js Font Optimization, which means they are downloaded at build time and self-hosted. There is no connection to Google servers when visitors access the page. The font files are served directly from our domain. Therefore, no data is transmitted to Google and no personal data is collected by Google Fonts.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a consistent and appealing presentation of our website).

h) Cookies and Consent Management

This website uses cookies to store your consent decisions and for the functionality of Google Analytics. To manage your consents for optional services, we use a cookie. The following information is stored:

• Your consent decision (accepted/rejected)
• Categories of accepted services (Necessary, Statistics & Analysis)
• Consent timestamp (ISO 8601 format)

Server-side Consent Logging:
To fulfill the accountability obligation under Art. 5(2) GDPR, we additionally log your consent decisions server-side. The following pseudonymized data is collected:

• IP address (hashed with SHA-256, not reversible)
• Consent timestamp (client and server time)
• Selected categories (Necessary, Statistics & Analysis)
• User agent (browser information, shortened)

These logs serve exclusively to prove your consent in case of legal inquiries or audits. Logging is done via the infrastructure logs of our hosting provider Vercel. The retention period follows Vercel's retention guidelines. Attribution to your person is not possible without the original IP address. The legal basis is Art. 6(1)(c) GDPR (legal obligation for accountability).

Categories:

• Necessary: This category includes storing your consent decision and Vercel Speed Insights for performance monitoring. These services are technically required and cannot be disabled.
• Statistics & Analysis: Includes Google Analytics and Vercel Analytics for analyzing website usage. This category is optional and will only be activated after your consent.

You can change or revoke your consents at any time via the Cookie Settings. Upon revocation, the corresponding services will be immediately disabled and cookies deleted.

4. Data Disclosure

Your personal data will only be disclosed:

• to payment service providers or accounting software, insofar as this is necessary for contract fulfillment (e.g., for invoicing or payment processing),
• to third parties, if there is a legal obligation,
• or if you have expressly consented.

No further disclosure to third parties will take place.

5. Retention Period

Personal data is only stored for as long as necessary for the fulfillment of the respective purpose. Invoice and accounting data is stored for 10 years in accordance with legal retention obligations.

6. Your Rights

You have the following rights regarding your stored personal data:

• Right to information (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)

In addition, you have the right to lodge a complaint with a data protection supervisory authority, particularly in the member state of your habitual residence or the place of the alleged infringement.

7. Contact

For questions about data protection or to exercise your rights, please contact:

Email: datenschutz@schepan.com