Privacy Policy

Controller


Controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR):
Netz 33 GmbH
Niedax Technologie Campus 1
53577 Neustadt/Wied‑Rahms
Germany
Email: info@netz33.de
We are legally represented by Bruno Reufels (CEO), Martin Attenhauser, and Adrian Lowiner.

 

Contact Details of the Data Protection Officer


Data protection officer: 

heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
Email: datenschutz@heydata.eu
 

Scope of Data Processing, Purposes of Processing, and Legal Basis

 

We provide detailed information on the scope of data processing, the purposes of processing, and the applicable legal bases in the sections below. In general, the following legal bases may apply to our processing activities:

  • Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for processing activities for which we obtain consent.
  • Art. 6 (1) sentence 1 lit. b GDPR is the legal basis when the processing of personal data is necessary for the performance of a contract—for example, when a website visitor purchases a product from us or we deliver a service for them. This legal basis also applies to processing required to carry out pre‑contractual measures, such as responding to inquiries about our products or services.
  • Art. 6 (1) sentence 1 lit. c GDPR applies when the processing of personal data is necessary for us to comply with a legal obligation, such as obligations under tax law.
  • Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis when processing is based on our legitimate interests—for example, cookies that are essential for the technical operation of our website.


Data Processing Outside the EEA


Where we transfer data to service providers or other third parties outside the EEA, adequacy decisions issued by the European Commission pursuant to Art. 45 (3) GDPR ensure an appropriate level of data protection, where such decisions exist—for example, for the United Kingdom, Canada, and Israel.
For data transfers to service providers in the United States, the legal basis is an adequacy decision by the European Commission when the service provider is additionally certified under the EU–U.S. Data Privacy Framework.
In all other cases (e.g., where no adequacy decision exists), the legal basis for data transfers is generally—unless stated otherwise—Standard Contractual Clauses. These clauses are a set of contractual terms adopted by the European Commission and form part of the agreement with the respective third party. In accordance with Art. 46 (2) lit. b GDPR, they ensure adequate protection for data transfers. Many providers also offer contractual safeguards that go beyond the Standard Contractual Clauses, such as guarantees regarding data encryption or obligations to notify affected individuals if law enforcement authorities request access to data.
 

Retention Period


Unless expressly stated otherwise in this Privacy Policy, we delete the data stored with us as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If the data cannot be deleted because it is required for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for any other purposes. This applies, for example, to data that we must retain for commercial or tax law reasons.


Rights of Data Subjects


Data subjects have the following rights with respect to their personal data processed by us:

  • Right of access,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability,
  • Right to withdraw consent at any time.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection authorities can be found at: www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
 

Obligation to Provide Data


Customers, prospective customers, or other third parties are only required to provide us with the personal data necessary for establishing, conducting, and terminating a business relationship or any other relationship, or the data that we are legally obligated to collect. Without this information, we will generally be unable to enter into a contract, provide a service, or continue an existing contract or relationship.
Mandatory fields are marked accordingly.
 

No Automated Individual Decision‑Making


We generally do not use fully automated decision‑making processes as defined in Article 22 GDPR for establishing or conducting a business relationship or any other relationship. Should we use such processes in individual cases, we will provide separate notice to the extent required by law. 


Contact


When you contact us—for example, by email or phone—we store the data you provide (such as names and email addresses) in order to respond to your inquiry. The legal basis for this processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) in responding to requests addressed to us. We delete the data collected in this context once it is no longer needed for this purpose, or we restrict processing if statutory retention obligations apply.
 

Data Processing on Our Website


Notice for Website Visitors from Germany

 

Our website stores information on the end devices of website visitors (e.g., cookies) or accesses information already stored on their devices (e.g., IP addresses). Details on the specific types of information involved can be found in the following sections.
This storage and access are based on the following legal provisions:

  • Where such storage or access is strictly necessary to provide a service explicitly requested by website visitors (e.g., enabling a chatbot used by the visitor or ensuring the IT security of our website), it is carried out on the basis of Section 25 (2) No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).
  • In all other cases, such storage or access is based on the consent of website visitors (Section 25 (1) TDDDG).

Subsequent data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.
 

Informational Use of the Website

 

When using our website for informational purposes only—meaning when visitors do not actively provide information—we collect the personal data that the browser automatically transmits to our server in order to ensure the stability and security of our website. This constitutes a legitimate interest on our part, making the legal basis Art. 6 (1) sentence 1 lit. f GDPR.
These data include:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

These data are also stored in log files. They are deleted when their storage is no longer necessary, and at the latest after 14 days.
 

Web Hosting and Website Provision


Our website is hosted by IONOS. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The provider processes the personal data transmitted via the website—such as content, usage, metadata/communication data, or contact data—within the EU. Further information can be found in the provider’s privacy policy at: www.ionos.de/terms-gtc/datenschutzerklaerung/.
It is in our legitimate interest to provide a functioning website; therefore, the legal basis for the data processing described above is Art. 6 (1) sentence 1 lit. f GDPR.
 

Technically Necessary Cookies


Our website uses cookies. Cookies are small text files stored in a visitor’s web browser on their device. Cookies help make our online offering more user‑friendly, efficient, and secure. Where these cookies are necessary for the operation of our website or its functions (hereinafter referred to as “technically necessary cookies”), the legal basis for the associated data processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in providing customers and other visitors with a fully functional website. 

 

External Providers
 

heyData
We have integrated a privacy seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes metadata/communication data (e.g., IP addresses) within the EU. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our privacy compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with valid contracts are permitted to use its seals, which is why simply displaying an image copy of the certificate is not a viable alternative.
The data are masked after collection, removing any personal reference. Further information can be found in the provider’s privacy policy at heydata.eu/datenschutzerklaerung.

 

Cookie Consent Manager CCM19

We use the Cookie Consent Manager CCM19 service on our website, provided by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, email: info@ccm19.de, website: www.ccm19.de. Personal data are transmitted exclusively to servers located within the European Union.

The legal basis for this processing is Art. 6 (1) lit. c GDPR. Using this service enables us to meet our legal obligations.

By integrating the Cookie Consent Manager CCM19, we fulfill our legal duty regarding the consent management required for cookies.

Information on the rights you have with respect to data processing can be found at the end of this Privacy Policy.

Further details on how the transmitted data are handled can be found in the provider’s privacy policy at www.ccm19.de/datenschutzerklaerung.html.
 

Data Processing on Social Media Platforms

 

We maintain a presence on social media platforms to present our organization and our services. The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles based on online behavior, which may be used to display advertising on the platforms and elsewhere on the internet that matches users’ interests. For this purpose, the network operators store information about user activity in cookies on users’ devices. It is also possible that the operators combine this information with other data. Further details, including information on how users can object to processing by the platform operators, can be found in the privacy policies of the respective providers listed below.
It is also possible that the operators or their servers are located in non‑EU countries, where data is then processed. This may pose risks for users, for example because the enforcement of their rights may be more difficult or because government authorities may access the data.


LinkedIn


We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available at: www.linkedin.com/legal/privacy-policy.
Users can object to data processing through the advertising settings:
www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Our Data Protection Officer is:

heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
E-Mail: datenschutz@heydata.eu.

heyData trusted logo