Privacy Policy

As of: December 18, 2024

Table of Contents

• Responsible Party
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of Online Services and Web Hosting
• Blogs and Publication Media
• Newsletters and Electronic Notifications
• Web Analytics, Monitoring, and Optimization
• Changes and Updates

Responsible Party

Jochen Luithardt | pi_optimal UG (limited liability)
Unter den Linden 15
72762 Reutlingen
Germany

Email address: hello@pi-optimal.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes for their processing, referring to the data subjects.

Types of Processed Data

• Inventory Data.
• Contact Data.
• Content Data.
• Usage Data.
• Meta, Communication, and Procedural Data.
• Log Data.

Categories of Data Subjects

• Communication Partners.
• Users.

Purposes of Processing

• Security Measures.
• Direct Marketing.
• Reach Measurement.
• Firewall.
• Feedback.
• User Profiles with Personal Information.
• Provision of our Online Services and User Friendliness.
• Information Technology Infrastructure.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you about them in this Privacy Policy.

• Consent (Art. 6 (1) Sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or purposes.
• Legitimate Interests (Art. 6 (1) Sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject, which require protection of personal data, do not override those interests.

National Data Protection Regulations in Germany: In addition to the GDPR, national regulations on data protection in Germany apply. This includes the Federal Data Protection Act (BDSG), which contains specific provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer and automated decision-making, including profiling. Additionally, state data protection laws may apply.

Note on the Applicability of the GDPR and Swiss Data Protection Act (DSG): This Privacy Policy is intended to provide information in accordance with both the Swiss Data Protection Act (DSG) and the GDPR. Therefore, please note that due to the broader geographical application and understandability, the terms used in the GDPR are employed. Specifically, instead of the terms used in the Swiss DSG, such as "processing" of "personal data", "overriding interest", and "particularly sensitive personal data", the terms from the GDPR, such as "processing" of "personal data", "legitimate interest", and "special categories of data", are used. The legal meaning of these terms will, however, be determined according to the Swiss DSG in the context of the applicability of the Swiss DSG.

Security Measures

We take appropriate technical and organizational measures to ensure a level of protection that is adequate to the risk, in accordance with the legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the different probabilities of occurrence and the severity of the threat to the rights and freedoms of natural persons.

These measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to data as well as to its processing, entry, transmission, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security threats. Additionally, we consider data protection already in the design and selection of hardware, software, and procedures, in line with the principle of data protection by design and by default.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are fundamental technologies for secure data transmission over the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL. This serves as an indicator for users that their data is being securely transmitted and encrypted.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies in cases where the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule apply when legal obligations or special interests require the data to be retained or archived for a longer period.

In particular, data that must be retained for commercial or tax reasons or whose retention is necessary for legal claims or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data, which is specifically relevant to certain processing activities.

If there are multiple retention or deletion periods for a given piece of data, the longest period applies.

If a period does not explicitly start on a certain date and is at least one year long, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships where data is stored, the triggering event is the date of termination or other conclusion of the legal relationship.

Data that is no longer processed for the original purpose but is retained due to legal requirements or other reasons will only be processed for the purposes that justify their retention.

Further Notes on Processing Activities, Procedures, and Services:

• Retention and Deletion of Data: The following general periods apply to the retention and archiving of data according to German law:
  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balances, and the necessary working instructions, organizational documents, accounting records, and invoices (§ 147 Abs. 3 in conjunction with Abs. 1 Nr. 1, 4, and 4a AO, § 14b Abs. 1 UStG, § 257 Abs. 1 Nr. 1 u. 4, Abs. 4 HGB).
  • 6 years - Other business documents: received business or commercial letters, copies of sent business or commercial letters, other documents that are relevant for taxation, e.g., hourly wage slips, cost accounting sheets, calculation documents, price labels, and also payroll documents, unless they are already accounting records and cash slips (§ 147 Abs. 3 in conjunction with Abs. 1 Nr. 2, 3, 5 AO, § 257 Abs. 1 Nr. 2 u. 3, Abs. 4 HGB).
  • 3 years - Data required to account for potential warranty or liability claims or similar contractual claims and rights, as well as associated inquiries, are stored for the duration of the regular legal limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As data subjects, you have various rights under the GDPR, particularly under Articles 15 to 21 of the GDPR:

• Right to Object: You have the right to object, at any time, to the processing of personal data concerning you, which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you also have the right to object to the processing of your personal data for such purposes, including profiling related to direct marketing.
• Right to Withdraw Consent: You have the right to withdraw any consents you have given at any time.
• Right to Access: You have the right to request confirmation as to whether your data is being processed and to obtain access to such data as well as additional information and a copy of the data in accordance with legal requirements.
• Right to Rectification: You have the right to request the completion of your personal data or the rectification of inaccurate data concerning you, in accordance with legal requirements.
• Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion of your data, or alternatively, the restriction of its processing under the conditions set forth by law.
• Right to Data Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller, under the conditions set forth by law.
• Right to Lodge a Complaint with a Supervisory Authority: Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Provision of Online Services and Web Hosting

We process user data to provide our online services. For this purpose, we process the IP address of the user, which is necessary to deliver the content and functionality of our online services to the user's browser or device.

• Processed Data Types: Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties); Log data (e.g., log files related to logins, data retrieval, or access times); Content data (e.g., textual or visual messages and posts, including related information like authorship or creation time).
• Affected Persons: Users (e.g., website visitors, online service users).
• Purpose of Processing: Provision of our online offer and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); Security measures. Firewall.
• Retention and Deletion: Deletion according to the information provided in the section "General Information on Data Storage and Deletion".
• Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

• Provision of Online Services on Rented Storage Space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise acquire from a server provider (also called "web host").
  Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
• Collection of Access Data and Log Files: Access to our online service is logged in the form of "server log files." Server log files may include the address and name of the retrieved web pages and files, date and time of the retrieval, transmitted data volume, message on successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and typically, IP addresses and the requesting provider. Server log files are used for security purposes (e.g., to avoid server overloads, especially in the case of malicious attacks such as DDoS attacks) and to ensure server load and stability.
  Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
  Data Deletion: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes are excluded from deletion until the respective incident is fully clarified.
• Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information regarding email sending (e.g., the involved providers), as well as the content of the respective emails, are processed. These data can also be processed for spam detection. Please note that emails are generally not encrypted during transmission on the internet. While emails are usually encrypted during transmission, they are not typically encrypted on the servers from which they are sent and received unless an end-to-end encryption method is used. Therefore, we cannot take responsibility for the transmission path of emails between the sender and receiver on our server.
  Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
• Azure: Services in the field of information technology infrastructure and related services (e.g., storage space, computing capacity, and cloud services);
  Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
  Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
  Website: https://azure.microsoft.com.
  Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.
  Data Processing Agreement: Provided by the service provider.
• Microsoft Forms: We use Microsoft Forms, a tool from Microsoft Ireland Operations Limited, to collect and manage requests for our waiting list.
  Processed Data Types: Name, email address, and any other information you provide in the form.
  Purpose of Processing: Management of inquiries and contact based on your consent under Art. 6 (1) lit. a GDPR.
  Legal Grounds: Consent under Art. 6 (1) lit. a GDPR or legitimate interests under Art. 6 (1) lit. f GDPR.
  Storage Location and Data Transfer: The data is stored in data centers within the European Economic Area (EEA). A transfer to third countries, especially to the USA, may occur as part of support. Microsoft ensures the protection of your data through Standard Contractual Clauses (SCC) and additional protective measures.
  Privacy Policy from Microsoft: Further information on data processing by Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement.
  Note: Participation is voluntary, and you can withdraw your consent at any time with future effect.

Blogs and Publication Media

We use blogs or similar online communication and publication tools (referred to as "publication media"). The data of readers is processed for the purpose of the publication media only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For further information, please refer to the processing of visitors of our publication media within this privacy policy.

• Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts, including relevant information such as authorship or creation time); Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types, operating systems, and interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purpose of Processing: Feedback (e.g., collecting feedback via online forms). Provision of our online services and user-friendliness.
• Retention and Deletion: Deletion according to the information in the section "General Information on Data Storage and Deletion".
• Legal Grounds: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (referred to as "newsletters") only with the consent of the recipients or based on a legal basis. If specific content is mentioned during newsletter registration, that content is relevant for the user's consent. For newsletter registration, typically only your email address is required. However, to provide you with a personalized service, we may ask for your name for personalized addressing in the newsletter or for other information if necessary for the purpose of the newsletter.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests to prove a previously given consent before deletion. The processing of this data will be limited to the purpose of defending against claims. An individual deletion request can be made at any time, provided that the existence of prior consent is confirmed. In cases where there is a permanent obligation to honor objections, we may retain the email address solely for that purpose in a "blocklist".

The recording of the registration process is carried out based on our legitimate interests to prove that the process was conducted properly. If we appoint a service provider to send emails, this is based on our legitimate interests in using an efficient and secure system.

Content: Information about us, our services, actions, and offers.

• Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
• Affected Persons: Communication partners.
• Purpose of Processing: Direct marketing (e.g., via email or mail).
• Legal Grounds: Consent (Art. 6 (1) Sentence 1 lit. a) GDPR).
• Right to Object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe is provided at the end of each newsletter, or you can use one of the contact methods mentioned above, preferably by email.

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as "reach measurement") serves to evaluate visitor traffic on our online services and may include pseudonymous data on visitors' behavior, interests, or demographics, such as age or gender. Through reach measurement, we can determine which times our online services or their functions or content are used the most, or invite reuse. Additionally, we can identify areas that require optimization.

In addition to web analytics, we may use testing methods to test and optimize different versions of our online services or its components.

Unless otherwise stated below, profiles, i.e., data summarized in a usage process, may be created, and information may be stored and read in a browser or device. The data collected includes visited websites, used elements, technical information such as the browser used, the system used, and usage times. If users have agreed to the collection of location data, we may also process location data.

Furthermore, we store users' IP addresses. However, we use an IP-masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored in the context of web analytics, A/B testing, or optimization, but pseudonymous data. This means that we and the providers of the software we use do not know the actual identity of the users but only the information stored in their profiles for the purpose of the respective procedure.

Legal Grounds: If we ask users for their consent to use third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we also refer to the information regarding the use of cookies in this privacy policy.

• Processed Data Types: Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types, operating systems, and interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
• Affected Persons: Users (e.g., website visitors, online service users).
• Purpose of Processing: Reach measurement (e.g., access statistics, identifying returning visitors). User profiles with personal information (creating user profiles).
• Retention and Deletion: Deletion according to the information in the section "General Information on Data Storage and Deletion". Storing cookies for up to 2 years (unless otherwise indicated, cookies and similar storage methods can be stored on users' devices for up to two years).
• Security Measures: IP masking (pseudonymization of the IP address).
• Legal Grounds: Consent (Art. 6 (1) Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).

Changes and Updates

We ask you to regularly review the content of our Privacy Policy. We will update the Privacy Policy as soon as changes in the processing activities we undertake make it necessary. We will inform you whenever changes require an action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that these addresses may change over time, and we ask you to verify the details before contacting them.

Created with free Privacy Generator by Dr. Thomas Schwenke