top of page

Privacy Policy

In this privacy notice, we provide you (referred to below as the “user” or “data subject”) with general information about data processing within our company and, more specifically, about data processing when you visit our website, contact us via our website contact form, or get in touch by email or telephone. We also inform you about our online presence on social media and about your rights regarding the processing of your data. The term “data processing” always refers to the processing of personal data.

 

Preliminary note:

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (“GDPR”) is:

 

Veltyx AG, Waldparkstraße 1, 85521 Riemerling

 

Represented by: Dipl.-Ing. (FH) Martin Otterbach

 

Contact telephone: +49 (0) 151 463 704 31

 

Email: hello@veltyx.de

1. General information on data processing

1.1 Categories of personal data

We process the following categories of personal data:

• Master data (e.g. names, addresses, roles, organisational affiliation, etc.);

• Contact details (e.g. email, telephone/fax numbers, etc.);

• Content data (e.g. text entries, image files, videos, etc.);

• Usage data (e.g. access data);

• Meta/communication data (e.g. IP addresses).

1.2 Recipients or categories of recipients of personal data

Where, in the course of our data processing activities, we disclose data to other individuals and organisations such as web hosts, data processors or third parties, transfer it to them or otherwise grant them access to the data, this is done on the basis of a legal authorisation (e.g. where the transfer of data to third parties is necessary for the performance of a contract pursuant to Article 6(1)(b) of the GDPR), where the data subjects have given their consent, or where a legal obligation so requires.

1.3 Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. Upon expiry of this period, the relevant data will be deleted, provided it is no longer required for the fulfilment of the purpose, the performance of a contract or the initiation of a contract.

1.4 Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we will only process or have the data processed in a third country if the specific conditions of Articles 44 et seq. of the GDPR, i.e. processing takes place, for example, on the basis of specific safeguards, such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).

 

2. Data processing in connection with visits to our website

2.1 Log files

Whenever a data subject accesses our website, general data and information are stored in our system’s log files:

• Date and time of the request (timestamp);

• Request details and destination address (protocol version, HTTP method, referrer, User-Agent string);

• Name of the file accessed and amount of data transferred (requested URL including query string, size in bytes);

• Indication of whether the request was successful (HTTP status code).

We do not draw any conclusions about the data subject when using this general data and information. There is no personal analysis, nor is the data analysed for marketing purposes or for profiling. The IP address is not stored in this context.

The legal basis for the temporary storage of the data is Article 6(1)(f) of the GDPR. The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the secure operation of our website. Consequently, the data subject has no right to object.

We collect log data generated during the operation of our company’s communication technology and analyse this data automatically to the extent necessary to identify, isolate or resolve faults or errors in the communication technology, or to defend against attacks on our information technology, or to detect and defend against malware.

The legal basis for the temporary storage and analysis of the data is Article 6(1)(f) of the GDPR. The storage and analysis of the data are strictly necessary for the provision of the website and its secure operation. Consequently, the data subject has no right to object.

2.3 Cookies and similar technologies

Our website uses so-called cookies. Cookies are small text files exchanged between the web browser and the hosting server. Cookies are stored on the user’s computer and transmitted from there to our site. You can restrict or generally prevent the use of cookies in the web browser you are using by adjusting the relevant settings. Cookies that have already been stored can be deleted at any time. If cookies are disabled for our website, this may mean that the website cannot be displayed or used to its full extent.

2.2 Malware detection and log data analysis

The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.

a) Google Analytics

We use Google Analytics for the purpose of statistically analysing the use of our website, which enables us to analyse your browsing behaviour. This allows us to improve the quality of our website and its content. We learn how the website is used and can thus continuously optimise our offering.

Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (Google), which uses cookies. The information generated by the cookie regarding your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension “_anonymizeIp()”. This ensures that IP addresses are processed in a truncated form, thereby ruling out any direct personal identification.

The information obtained as part of the statistical analysis of our website is not combined with any other data we collect from you on the website.

You can prevent the collection of data generated by the cookie and relating to your use of the website, as well as the processing of this data, by:

changing your cookie preferences on our website using the OneTrust Cookie Manager or your browser software;

downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de or

clicking this link: https://tools.google.com/dlpage/gaoptout. This will place an opt-out cookie on your device. If you delete your cookies, you will need to click the link again.

Please note, however, that in this case you may not be able to use all the functions of this website to their full extent.

Further information on the terms of use and data protection for Google Analytics can be found at http://www.google.com/analytics/terms/de.html or at https://policies.google.com/privacy

Google Analytics stores data for up to 12 months. Once the IP address has been anonymised, it is no longer possible to identify you personally. The reports generated using Google Analytics no longer contain any personal references.

We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (Google), to manage website tags on our website. This service allows website tags to be managed via a user interface. Google Tag Manager merely implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in effect for all tracking tags, provided these are implemented using Google Tag Manager.

Google Tag Manager does not set any cookies.

c) Facebook Pixel (Facebook Custom Audiences)

We also use the so-called “Facebook Pixel” from Facebook Inc. (“Facebook”) on our website. This enables interest-based advertisements (“Facebook Ads”) to be displayed to users of our website when they visit the Facebook social network or other websites that also use this technology. The Facebook Pixel causes your browser to automatically establish a direct connection to Facebook’s server. We have no influence over the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you in accordance with our current knowledge: Through the integration of the Facebook Pixel, Facebook receives the information that you have clicked on an advertisement from us or visited the relevant page on our website. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider may obtain and store your IP address and other identifying characteristics.

By using the Facebook Pixel, our aim is to display the Facebook adverts we place only to those Facebook users who have already shown an interest in our website. We therefore use the Facebook Pixel to ensure that our Facebook adverts align with users’ potential interests and do not come across as intrusive. Furthermore, with the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook Pixel is Article 6(1)(f) of the GDPR.

You can object to the use of the Facebook Pixel at any time by using the following opt-out option: [brief description]

Third-party provider information: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on... and http://www.facebook.com/about/privacy/your-info#ev....

2.4 Hosting

The hosting services we use are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we utilise for the purpose of operating our website.

In doing so, we or our data processor process inventory data, contact details, content data, contractual data, usage data, meta-data and communication data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a contract for data processing).

3. Data processing in the context of establishing contact

3.1 Contact via email

You can contact our company via email using the email addresses published on our website.

If you use this method of contact, the data you provide (e.g. surname, first name, address), and at the very least your email address, as well as the information contained in the email and any personal data you provide, will be stored for the purpose of establishing contact and processing your enquiry. In addition, our system collects the following data:

• IP address of the accessing computer;

• Date and time of the email.

The legal basis for the processing of personal data in connection with emails sent to us is Article 6(1)(b) or (f) of the GDPR.

3.2 Contacting us via the website contact form

If you use the contact form provided on our website to communicate with us, you must provide your surname, first name and email address. Without this information, we cannot process your enquiry submitted via the contact form. Providing your postal address is optional and enables us, if you so wish, to process your enquiry by post.

In addition, our system collects the following data:

• IP address of the accessing computer;

• Date and time of registration.

The legal basis for the processing of personal data in the context of emails sent to us is Article 6(1)(b) or (f) of the GDPR.

3.3 Contact by letter and fax

If you send us a letter or a fax, the data you provide (e.g. surname, first name, address) and the information contained in the letter or fax, together with any personal data you provide, will be stored for the purpose of contacting you and processing your enquiry.

The legal basis for the processing of personal data in connection with letters and faxes sent to us is Article 6(1)(b) or (f) of the GDPR.

4. Data processing in connection with newsletters and social media

4.1 Newsletters

You can subscribe to our newsletter free of charge.

We use MailChimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to send out the newsletter.

Certification under the “EU-US Privacy Shield”

https://www.privacyshield.gov/participant?id=a2zt0...

ensures that the EU’s data protection requirements are also complied with when data is processed by The Rocket Science Group, LLC in the USA.

When you subscribe to our newsletter, your email address is processed by The Rocket Science Group, LLC. In addition, your IP address and the date and time of your subscription are stored.

The newsletter is also sent via The Rocket Science Group, LLC. We can analyse when you have read the newsletter and whether you have clicked on any links contained therein.

The legal basis for sending the newsletter and for the analysis is Article 6(1)(a) of the GDPR.

Consent to the sending of the newsletter may be withdrawn at any time with future effect. To do so, you simply need to inform us of your withdrawal or click the unsubscribe link provided in every newsletter.

4.2 Online Presence on Social Media

We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers and users active on these platforms and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data where they communicate with us on social networks and platforms, e.g. by posting on our online presences or sending us messages.

5. Google Maps

This site uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer.

The use of Google Maps is in the interest of presenting our online services in an appealing manner and ensuring that the locations specified by us on the website can be easily found. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Further information on the handling of user data can be found in Google’s privacy policy: www.google.com/policies/privacy/

6. Your rights

As a data subject, you have the following rights in relation to the processing of your personal data:

6.1 Right of access

(1) The data subject has the right to obtain from the controller confirmation as to whether personal data concerning them is being processed; if this is the case, they have the right to access such personal data and to receive the following information:

a) the purposes of the processing;

b) the categories of personal data being processed;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period;

e) the existence of a right to rectification or erasure of personal data concerning them, or to restriction of processing by the controller, or a right to object to such processing;

f) the existence of a right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the data subject, any available information as to their source;

(h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in such cases – meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

(2) Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

6.2 Right to rectification

The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3 Right to erasure

(1) The data subject has the right to request from the controller that personal data concerning them be erased without delay, and the controller is obliged to erase personal data without delay where one of the following grounds applies:

a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

b) The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.

c) The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

d) The personal data has been unlawfully processed.

e) The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.

f) The personal data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

(2) Where the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing the personal data that a data subject has requested the erasure of all links to that personal data or of copies or replications of that personal data.

(3) Paragraphs 1 and 2 shall not apply insofar as the processing is necessary

a) for the exercise of the right to freedom of expression and information;

b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

e) for the establishment, exercise or defence of legal claims.

6.4 Right to restriction of processing

(1) The data subject has the right to request from the controller the restriction of processing where one of the following conditions applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests, instead, the restriction of the use of the personal data;

c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims; or

d) the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

(2) Where processing has been restricted in accordance with paragraph 1, such personal data – apart from storage – may be processed only with the data subject’s consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State.

6.5 Right to data portability

(1) The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, provided that

(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and

(b) the processing is carried out by automated means.

(2) When exercising their right to data portability under paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible.

The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6.6 Right to object

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.

In connection with the use of information society services, the data subject may, notwithstanding Directive 2002/58/EC, exercise their right to object by means of automated procedures using technical specifications.

6.7 Right to withdraw consent

The data subject has the right to withdraw their consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to withdrawal.

6.8 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or the place where the alleged infringement occurred, if the data subject considers that the processing of personal data relating to them infringes this Regulation.

Date: 01/11/2025

bottom of page