Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you could be personally identified.

How do we collect your data?

Some data is collected when you provide it to us. This could, for example, be data you enter into our contact form or booking tool. Other data is collected automatically or after your consent by our IT systems when you visit the website. This data is primarily technical data (e.g., internet browser, operating system, or time of page access).

What do we use your data for?

A portion of the data is collected to ensure the error-free provision of the website. Other data is used to analyze user behavior, provide support via our AI chatbot, or facilitate secure appointment scheduling.

2. Hosting

We host the content of our website with the following provider:
IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany

The personal data collected on this website is stored on the host’s servers. Hosting is carried out for the purpose of fulfilling our contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR).

3. General Notes and Mandatory Information

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke this consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to lodge a complaint with the competent supervisory authority

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. When encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection and Interfaces

Consent Management

We use a custom-developed consent management process on our website. This serves to obtain and document users’ consent for storing certain cookies in their browser or using specific technologies (e.g., analytics scripts) in compliance with the GDPR. Technically, scripts requiring consent are blocked upon page load until the user actively interacts. Processing is based on Art. 6 (1) (c) GDPR.

Server Log Files & Plesk SEO

The provider of the pages and our hosting platform, Plesk, automatically collect and store information in so-called server log files, which your browser transmits to us (browser type/version, operating system, referrer URL, host name, time, IP address). This data is not merged with other data sources (Art. 6 (1) (f) GDPR).

Analytics Tools (Google Analytics & WP Statistics)

Google Analytics: We use Google Analytics, a web analytics service provided by Google Ireland Limited, integrated via JavaScript. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. We have activated IP anonymization. Data processing is based on your consent (Art. 6 (1) (a) GDPR).

WP Statistics (Local Analytics): We use the “WP Statistics” plugin to statistically evaluate visitor access. Data processing takes place exclusively locally on our server. No data is transferred to third parties. IP addresses are anonymized before storage (Art. 6 (1) (f) GDPR).

Contact Form (Restatify Forms) & Booking (Google Calendar)

Contact Form: Inquiries via our form are stored for processing purposes. The data is not permanently stored in the WordPress database after being transmitted via email (transit processing).
Booking: We use an API interface to Google Calendar. When you book an appointment, the data you enter is transmitted directly to Google Ireland Limited and stored in our calendar (Art. 6 (1) (b) GDPR).

Security & Spam Prevention (Turnstile & reCAPTCHA)

To protect our forms against abuse by bots, we use Cloudflare Turnstile and Google reCAPTCHA. Both services analyze visitor behavior. Cloudflare Turnstile largely avoids tracking cookies. Google reCAPTCHA transmits data to Google servers. The legal basis is Art. 6 (1) (f) GDPR (Legitimate interest in IT security).

AI-Supported Chatbot (Gemini AI)

We offer a chatbot based on the Google Cloud Vertex AI API. Your inputs are transmitted to Google to generate a response. For quality assurance, the chat history is encrypted, logged in our local database, and automatically deleted after a maximum of 14 days. Please do not enter sensitive data in the chat (Art. 6 (1) (a)/(f) GDPR).

Messengers & Social Media

On our website, you will find links to various services (WhatsApp, Signal, Threema, Telegram, Discord, LinkedIn, Xing, etc.). These are purely passive hyperlinks. Data is only transmitted to the providers when you actively click the link and access the platform/app.