The following notes provide a simple overview of what happens to your personal data when you visit this website.
Personal data is any information that can be used to personally identify you.
Detailed information on the subject of data protection can be found in the privacy policy below.
The website operator is responsible for the data processing on this site.
Contact details can be found in the section “Information on the responsible body” below.
Some data is collected when you provide it to us – for example, via a contact form.
Other data is automatically collected by our IT systems when you visit the website.
These are primarily technical data (e.g. browser, operating system, time of visit).
This data is collected automatically as soon as you access the site.
Part of the data is used to ensure the website is provided correctly.
Other data may be used to analyze your usage behavior.
If this website allows contract-related actions (e.g. orders or inquiries), the transmitted data may also be processed for that purpose.
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time – free of charge.
You also have the right to request correction or deletion of your data.
If you have given consent to data processing, you may revoke it at any time.
Under certain circumstances, you may also request restriction of data processing.
In addition, you have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time with questions about your rights or data protection in general.
When visiting this website, your browsing behavior may be statistically evaluated.
This is primarily done using so-called analytics programs.
Detailed information on these tools can be found further below in this privacy policy.
This website is hosted by an external provider.
The personal data collected on this website is stored on the servers of the hosting provider.
This may include IP addresses, contact requests, metadata, communication data, contract data, contact details, names, website accesses, and other data generated via the website.
External hosting is carried out for the purpose of fulfilling our contractual obligations to potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
If corresponding consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG), insofar as consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting). Consent may be withdrawn at any time.
Our hosting provider will process your data only to the extent necessary to fulfil its obligations and in accordance with our instructions.
INWX GmbH
Prinzessinnenstr. 30
10969 Berlin, Germany
We have entered into a data processing agreement (DPA) with the above provider.
This is a contract required by data protection law to ensure that this provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
We take the protection of your personal data very seriously.
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected.
Personal data is information that can be used to personally identify you.
This privacy policy explains what data we collect and what we use it for.
It also explains how and for what purpose this happens.
Please note that data transmission over the internet (e.g. when communicating by email) can have security vulnerabilities.
Complete protection of data from access by third parties is not possible.
The controller responsible for data processing on this website is:
Strats and Sparks GmbH
Hopfentwete 1a
38173 Evessen
Germany
Represented by Managing Director:
Michael Seraphin
Phone: +49 177 5006155
Email: kontakt@stratsandsparks.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Unless a more specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies.
If you make a legitimate deletion request or revoke your consent to data processing, your data will be deleted – unless we have other legally permissible reasons for storing it (e.g. retention periods under tax or commercial law); in such cases, deletion will take place after these reasons no longer apply.
If you have given consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR in the case of special data categories.
If you have explicitly consented to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR.
If you have consented to the storage of cookies or access to information in your device (e.g. via device fingerprinting), processing is additionally based on § 25(1) TDDDG.
Consent can be revoked at any time.
If your data is necessary to fulfil a contract or to carry out pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR.
If required to comply with a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR.
In other cases, data may be processed based on our legitimate interest under Art. 6(1)(f) GDPR.
The relevant legal basis for each individual case is explained in this privacy policy.
We use tools from providers based in countries not deemed secure under EU data protection law or from US providers not certified under the EU-US Data Privacy Framework (DPF).
When these tools are active, your personal data may be transferred to and processed in these countries.
Please note that these countries may not guarantee a data protection level comparable to that of the EU.
The USA is generally considered a secure third country if the recipient is certified under the DPF or uses additional safeguards.
Further information about such transfers can be found in this privacy policy.
In the course of our business activities, we may share personal data with external parties if required by law, for contract fulfilment, based on legitimate interest under Art. 6(1)(f) GDPR, or with your consent.
We only share data with processors under a valid Data Processing Agreement (DPA), and for joint processing activities we enter into a Joint Controllership Agreement where applicable.
Many data processing operations are only possible with your explicit consent.
You can withdraw your consent at any time.
The legality of processing prior to the revocation remains unaffected.
YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON ART. 6(1)(E) OR (F) GDPR, INCLUDING PROFILING BASED ON THOSE PROVISIONS.
WE WILL THEN NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING, INCLUDING PROFILING IN CONNECTION WITH SUCH MARKETING.
IF YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
In case of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority – in particular in the member state of their habitual residence, place of work, or place of the alleged infringement.
This right is without prejudice to any other administrative or judicial remedy.
You have the right to receive data that we process based on your consent or in fulfilment of a contract in a commonly used, machine-readable format.
You may also request the direct transfer of this data to another controller, where technically feasible.
You have the right – within the framework of applicable law – to receive information about your stored personal data, its origin, recipient and processing purpose.
You may also request correction or deletion of this data at any time.
You may request the restriction of processing your personal data under the following conditions:
If processing is restricted, this data – apart from storage – will only be processed with your consent or for legal claims or the protection of another person or public interest.
This site uses SSL/TLS encryption for security and to protect confidential content (e.g. inquiries you send to us).
An encrypted connection can be recognized by “https://” in the browser and a lock symbol.
When SSL/TLS encryption is active, transmitted data cannot be read by third parties.
Our website uses so-called “cookies.”
Cookies are small data files that do no harm to your device.
They may be stored temporarily (session cookies) or permanently (persistent cookies).
Session cookies are automatically deleted after your visit.
Persistent cookies remain on your device until you delete them or your browser deletes them automatically.
Cookies may originate from us (first-party) or from third-party companies.
Third-party cookies enable the integration of certain services, e.g., payment or analytics.
Cookies serve various purposes.
Some are technically essential, such as those enabling shopping carts or video playback.
Others may be used for analytics or advertising purposes.
Cookies that are technically necessary are stored based on Art. 6(1)(f) GDPR.
The website operator has a legitimate interest in the proper, optimized functioning of the website.
If consent was obtained, processing is based solely on Art. 6(1)(a) GDPR and §25(1) TDDDG; consent can be revoked at any time.
You can configure your browser to inform you about cookies, allow them in individual cases, or generally block or delete them.
Disabling cookies may limit website functionality.
Which cookies we use can be found further below in this privacy policy.
We use the “Complianz GDPR/CCPA Cookie Consent” plugin to manage user consent for cookies.
Provider: Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands.
When you visit our site, a Complianz cookie is saved to document your consents or withdrawals.
This data is not shared with Complianz.
The data is stored until you delete the cookie or request erasure.
Legal retention obligations remain unaffected.
Legal basis: Art. 6(1)(c) GDPR (compliance with legal obligations).
More information:
https://complianz.io/legal/privacy-statement/
The provider of this website automatically collects and stores the following data in server log files:
This data is not merged with other sources.
It is collected based on Art. 6(1)(f) GDPR – the website operator has a legitimate interest in ensuring the website functions technically and securely.
If you send us inquiries via contact form, your input and contact details are stored for the purpose of responding and handling follow-up questions.
We do not share this data without your consent.
Legal basis: Art. 6(1)(b) GDPR (contract or pre-contract inquiries) or Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (with consent – revocable at any time).
Data remains stored until deletion is requested, consent is withdrawn, or the purpose no longer applies.
If you contact us by email, phone or fax, we store and process your request and personal data (e.g., name, content of inquiry) to handle your request.
We do not share this data without your consent.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR or Art. 6(1)(a) GDPR (if consented).
Your data will be kept until you request deletion, revoke consent, or the purpose expires.
Legal retention periods remain unaffected.
We use WhatsApp for communication with customers and third parties.
Provider: WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Messages are end-to-end encrypted.
Metadata (e.g., sender, recipient, timestamp) may still be collected.
WhatsApp shares data with Meta (USA).
Privacy policy:
https://www.whatsapp.com/legal/#privacy-policy
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast, effective communication) or Art. 6(1)(a) GDPR (if consented).
WhatsApp Business is used.
Data transfer is based on EU standard contractual clauses.
No address book sync is performed.
DPA with WhatsApp is in place.
Certification under the EU-US Data Privacy Framework:
Participant profile
This website includes elements of the Facebook network.
Provider: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland.
According to Facebook, collected data may be transferred to the USA and other countries.
When active, a direct connection to Facebook’s servers is established.
Facebook learns that you visited our site with your IP address.
If you’re logged in and use the “Like” button, Facebook can link your visit to your account.
We have no access to the content or use of transmitted data.
More:
https://www.facebook.com/privacy/explanation
Use is based on consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
Consent may be withdrawn at any time.
We and Meta Platforms Ireland Ltd. are jointly responsible for initial data collection and sharing with Facebook (Art. 26 GDPR).
The agreement:
Controller Addendum
Data transfers to the USA are protected by Standard Contractual Clauses.
Meta is certified under the EU-US Data Privacy Framework:
Meta Profile
Functions from Instagram are embedded on this website.
Provider: Meta Platforms Ireland Ltd.
When active, Instagram learns about your visit via IP address. If logged in, your profile may be linked to your activity.
See Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/
Legal basis, joint responsibility, and data protection are identical to those of Facebook.
This website uses elements of the LinkedIn network.
Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
When visiting a page with LinkedIn features, a connection to LinkedIn servers is established.
LinkedIn learns your IP address and may link your visit to your account.
Use is based on consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
Data transfer is based on EU Standard Contractual Clauses:
LinkedIn SCC Info
Privacy:
LinkedIn Privacy Policy
DPF Certification:
LinkedIn Profile
This site uses Google Analytics.
Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics helps analyze site behavior: page views, dwell time, user source, etc.
Data may include user movement and interaction (e.g., clicks, scrolls).
Uses AI-based models and ML features.
Technologies used: Cookies, device fingerprinting.
Data is usually stored in the USA.
Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
Can be revoked any time.
Transfers to the USA are based on SCCs:
Google SCC Terms
Google DPF Certification:
Google Profile
IP anonymization is active: Google shortens your IP address within the EU/EEA.
Only in rare cases will the full IP be transferred to the USA.
To block Google Analytics:
Download plugin
Privacy policy:
Google Analytics Privacy
We have signed a DPA with Google in accordance with GDPR requirements.
This website uses Hotjar.
Provider: Hotjar Ltd., Elia Zammit Street, St Julians STJ 1000, Malta.
Website: hotjar.com
Hotjar tracks interactions, scrolls, clicks, and session duration.
Creates “heatmaps” and can record form abandonments (conversion funnels).
Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG), revocable anytime.
If no consent was collected: legitimate interest (Art. 6(1)(f) GDPR).
Opt-out link:
Do Not Track
More info:
Hotjar Privacy
We have a valid DPA with Hotjar to ensure GDPR-compliant processing.
This website embeds videos from YouTube.
Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in “enhanced privacy mode.”
No cookies are stored unless the video is actively played.
However, local storage elements may still be used in your browser.
If you’re logged into YouTube, your visit may be linked to your profile.
More info:
YouTube privacy policy
Legal basis: Art. 6(1)(f) GDPR or consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG) – revocable at any time.
This website uses locally hosted Google Fonts for consistent display of text.
No connection to Google servers is made.
More info:
Google Fonts FAQ
Google Privacy Policy
Provider: Fonticons, Inc., 6 Porter Road, Cambridge, MA, USA.
When used, your browser connects to Font Awesome servers to load web fonts.
This reveals your IP address.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in visual consistency) or consent per Art. 6(1)(a) GDPR and § 25(1) TDDDG.
More:
Font Awesome Privacy
Provider: Google Ireland Ltd.
To use Maps features, your IP address is transferred to Google and may be stored in the US.
Google Fonts may also be loaded.
Legal basis: Art. 6(1)(f) GDPR or consent per Art. 6(1)(a) GDPR, § 25(1) TDDDG.
More info:
Google Privacy
Provider: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Used to protect against cyberattacks.
A persistent connection is established to compare website traffic against Wordfence’s threat database.
Legal basis: Art. 6(1)(f) GDPR or consent per Art. 6(1)(a) GDPR and § 25(1) TDDDG.
More:
Wordfence & GDPR
We have signed a DPA with Wordfence.
We use online conferencing tools to communicate with clients and partners.
The tools collect contact data, metadata, device information, and communication content.
Tool providers may store technical information such as IP address, MAC address, device type, OS, etc.
Shared files or chats may also be stored by the tool provider.
We have limited influence on third-party processing.
Please see each provider’s privacy policy.
Communication via conferencing tools is based on Art. 6(1)(b) GDPR (contract-related) or Art. 6(1)(f) GDPR (legitimate interest in effective communication).
Where consent is required: Art. 6(1)(a) GDPR.
Data is deleted when no longer needed or upon request.
Cookies may remain until deleted.
Legal obligations remain unaffected.
Provider: Microsoft Ireland Operations Ltd., One Microsoft Place, Dublin 18, Ireland.
Privacy:
Microsoft Privacy
DPF Certification:
Microsoft Profile
We have a DPA with Microsoft.
If you apply to us (by email, post, or form), we collect personal data to assess and manage the application process.
Legal basis:
§ 26 BDSG (Germany), Art. 6(1)(b) GDPR, and if applicable, Art. 6(1)(a) GDPR (consent – revocable).
If successful, your data will be used to establish an employment relationship.
If no offer is made, data is stored up to 6 months after rejection (Art. 6(1)(f) GDPR).
Data may be retained longer in case of pending legal claims.
Longer retention is possible with your consent (Art. 6(1)(a) GDPR) or due to legal obligations.
With your consent, we may store your application for future vacancies.
Consent can be withdrawn at any time.
Data will be deleted no later than 2 years after consent was granted.