Privacy Policy

1. Overview

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. We process data sparingly and for defined purposes, and use no analytics, tracking or advertising tools.

2. Controller

Responsible for data processing on this website:
Zencodiq GmbH
Address: [to be added]
Email: info@zencodiq.com

3. Hosting & server log files

When you access the website, the hosting provider processes technically required connection data (server log files), in particular IP address, date and time of access, the requested resource, referrer and information about your browser and operating system. This processing is necessary for the secure and stable provision of the website. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in secure operation).

[The final hosting provider incl. name, address and server location, and the concrete retention period of the log files, will be added once the hosting decision has been made. Where required, a data processing agreement pursuant to Art. 28 GDPR is concluded with the provider.]

4. SSL/TLS encryption

For security reasons this website uses SSL/TLS encryption. You can recognise an encrypted connection by „https://“ in your browser’s address bar.

5. Cookies & local storage

This website sets no cookies for analytics or marketingand no third-party cookies. Only your choice of appearance (light/dark mode) is stored in your browser’s local storage. This storage is technically necessary so your preference is retained; no tracking takes place and the information does not leave your browser. The legal basis for the technically necessary storage is § 25 (2) TDDG and Art. 6 (1) (f) GDPR.

6. Fonts

The fonts used are served locally from our own server (self-hosted). There is no connection to third-party servers (e.g. Google Fonts); no data is transmitted to third parties when the fonts are loaded.

7. Contact by email

If you contact us by email, we process your details (email address, name and the content of your message) to handle your enquiry. The legal basis is Art. 6 (1) (b) GDPR for pre-contractual/contractual enquiries, otherwise Art. 6 (1) (f) GDPR (legitimate interest in responding).

8. Contact form

If you use the contact form, we use the details you provide (e.g. name, company, email address, optionally phone number and the tools you use, plus your message) to handle your enquiry and get in touch with you about it. Name, company, email address and message are required; further details are optional. Your data is not sold and not published.

To protect against abuse (spam), we temporarily process your IP address on submission to technically limit the number of requests per time window. This processing happens transiently in memory, is not stored persistently and is not logged. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in preventing abuse).

Submission and internal handling of the form enquiry is carried out technically via an automation workflow solution (n8n, see section 9). The legal basis for processing the form data is Art. 6 (1) (b) GDPR where pre-contractual measures or a contract are involved; otherwise Art. 6 (1) (f) GDPR.

Retention period: [A concrete maximum retention period has not yet been determined and will be added.] Until then: data is deleted once the enquiry has been fully handled and no statutory retention obligations apply.

9. Processing on our behalf (n8n workflow)

To handle incoming contact enquiries internally we use the automation workflow solution n8n. The form data is transmitted to a secured webhook and processed further. Where n8n is operated by a service provider, we conclude a data processing agreement pursuant to Art. 28 GDPR with them.

[The operating model and location of n8n (EU self-hosting or the provider used) will be added once determined. This also determines whether a third-country transfer within the meaning of section 10 takes place.]

10. Recipients & third-country transfers

Your data is shared only with technical service providers (in particular hosting and the workflow processing referred to in section 9), insofar as this is necessary to operate the website and handle your enquiry.

[If a service used triggers processing outside the EU/EEA, this will be named here and based on an appropriate safeguard under Art. 44 et seq. GDPR (e.g. an adequacy decision or standard contractual clauses). We favour EU hosting and EU self-hosting, so that under current planning no third-country transfer is envisaged — this will be confirmed with the final configuration.]

11. Your rights

Within the statutory requirements you have, at any time, the right to information (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and a right to object (Art. 21) to processing based on legitimate interests. You can withdraw any consent given at any time with effect for the future.

12. Right to lodge a complaint

Without prejudice to other remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your residence, place of work or the place of the alleged infringement.

13. No automated decision-making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place on this website.