Introduction

Privacy Policy

We operate our websites in accordance with the principles set forth below:

We are committed to complying with all applicable data protection laws and strive to consistently adhere to the principles of data avoidance and data minimization.

1.1 The Data Controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union, as well as other data protection regulations, is:

foobar Agency GmbH
Ria-Burkei-Straße 25
81249 Munich

Phone: +49 89 244174840
Email: datenschutz@foobar.agency

1.2 The Data Protection Officer

You can contact the Data Protection Officer of the controller as follows:

SiDIT GmbH, www.sidit.de, Email: info@sidit.de

We have drafted our privacy policy in accordance with the principles of clarity and transparency. However, if there is any confusion regarding the use of certain terms, the relevant definitions can be found here.

3.1 Processing of Personal Data Under the GDPR

We process your personal data, such as your first and last name, address, email address, date of birth, or phone number, to the extent that this is necessary for the provision of our services and is justified under the provisions of the GDPR.

3.2 Consent

If you have consented to the processing of your personal data, the processing of your personal data is based on Article 6(1)(a) of the GDPR. You may revoke this consent at any time with future effect. Revoking your consent does not affect the lawfulness of the processing carried out prior to the revocation.

3.3 Performance of a Contract and Pre-Contractual Measures

If the processing of your personal data is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request, the processing is based on the legal basis of Article 6(1)(b) of the GDPR.

3.4 Legal Obligation

If processing is necessary to fulfill a legal obligation to which we are subject, it is carried out on the legal basis of Article 6(1)(c) of the GDPR.

3.5 Legitimate Interests

The processing of your data may also take place if it is necessary to safeguard our legitimate interests or the interests of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override those interests. The following are generally considered legitimate interests: information security, the assertion of legal claims and defense in legal disputes, the prevention of fraud, and measures for the protection of buildings and facilities.

We will generally only disclose your personal data to third parties if this is necessary to fulfill our contractual or legal obligations or those of third parties acting on your behalf, if you have consented to the disclosure, if the disclosure is permitted on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR, or if we are legally required to do so.

We disclose your personal data to individuals or companies acting as processors on our behalf in accordance with Article 28 of the GDPR.

In accordance with the requirements of the GDPR, we enter into a contract with each of our processors to ensure their compliance with data protection regulations and thereby guarantee comprehensive protection of your data.

We will delete your personal data to the extent that it is no longer necessary for the purposes for which it was collected or otherwise processed, and the processing is not required for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the padlock icon in your browser’s address bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

On our website, we use AI systems powered by language models (LLMs). We utilize these systems for chatbots and other applications.

When using AI systems, we process the personal data of users that is provided during interactions with the AI system. This enables us to provide relevant and personalized responses and services.

We believe that by using these AI systems, we can offer both you and us increased value. This use is based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR.

When processing personal data via AI systems, the following protective measures are taken: data encryption and secure storage of interaction data, enhanced access controls and user authentication, and clear restrictions on the scope and type of data processed. Automated decisions that have legal implications are not made solely by the AI but are supplemented by human intervention.

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your device when you visit our website.

When using cookies, a distinction is made between technically necessary cookies and “other” cookies.

8.1 Technically Necessary Cookies

To make your use of our website more convenient, we use technically necessary cookies, which may be session cookies or persistent cookies. Legal basis: Art. 6(1)(f) GDPR.

8.2 Additional Cookies

For cookies that require consent, we obtain this consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR (consent).

On our website, we use a Consent Management Tool (CMT) to obtain your consent to store certain cookies on your device and to document this in compliance with data protection regulations.

The processing of your personal data in connection with the CMT is based on Article 6(1)(c) of the GDPR (legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest).

10.1 External Hosting

Our website is hosted by Vercel Inc., 340 Pine Street, Suite 701, San Francisco, CA 94104, USA. For this reason, all personal data collected on our website is stored on our host’s servers, unless a third-party service is integrated. This may include your IP address, email address, communication data, or similar information.

The host processes your data only on our instructions and to the extent necessary to fulfill the services on the website. The legal basis for the processing is Art. 6(1)(f) GDPR.

We have entered into a data processing agreement with Vercel in accordance with Art. 28 GDPR, which obligates Vercel to protect the data of our website visitors and not to disclose it to third parties.

10.2 Contact Form

If you send us inquiries via the contact form, your details from the inquiry form—including the contact information you provided there—will be stored by us for the purpose of processing the inquiry and in case of follow-up questions.

Legal basis for the processing of the data: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interests).

10.3 HubSpot CRM

We have integrated the CRM system from HubSpot (HubSpot Inc., 25 Street, Cambridge, MA 02141, USA) into our website.

We use this CRM system to manage the registered users of our website. This enables us to record and analyze customer interactions via email, chat, social media, or telephone across various channels.

The processing of your personal data within the scope of our HubSpot CRM system is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

10.4 Cloudflare

On our website, we use a content delivery network (CDN) and a web firewall to defend against DDoS attacks provided by the technology service provider Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

The use of the CDN is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, namely in the interest of greater website reliability and protection against DDoS attacks.

10.5 Amazon CloudFront

On our website, we use the Amazon CloudFront CDN from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg. Amazon CloudFront allows us to provide our visitors with content with lower latency and high data transfer rates.

The use of the CDN is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, namely in the interest of greater website reliability.

10.6 Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address.

This data is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR.

10.7 Pixels

We use so-called pixels on our website. These are small image elements that serve to analyze our site and display advertisements to our visitors without the intention of drawing conclusions about your identity.

11.1 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Google Analytics uses cookies for this purpose. The information generated by the cookie regarding your use of this website (browser name/version, operating system, referrer URL, IP address, time of the server request) is generally transmitted to a Google server in the United States and stored there.

Your IP address is automatically anonymized by Google (IP anonymization). We have entered into a data processing agreement with Google.

Processing is based on Art. 6(1)(a) GDPR (consent).

You have the following rights with respect to your personal data:

12.1 Right of access

You have the right to access your personal data in accordance with Article 15 of the GDPR.

12.2 Right to rectification

You have the right to have inaccurate personal data concerning you rectified or to have incomplete personal data concerning you completed in accordance with Article 16 of the GDPR.

12.3 Right to erasure

You have the right to erasure of the personal data concerning you under the conditions set forth in Article 17 of the GDPR.

12.4 Right to restriction of processing

You have the right to request the restriction of processing of the personal data concerning you in accordance with Article 18 of the GDPR.

12.5 Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format (right to data portability pursuant to Art. 20 GDPR).

12.6 Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the GDPR, in accordance with Article 21 of the GDPR.

12.7 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR pursuant to Article 77 of the GDPR.

We reserve the right to update this Privacy Policy to ensure it remains in compliance with current legal requirements or to reflect changes to our services, such as the introduction of new services. The updated Privacy Policy will then apply to your next visit.