Hero image

Privacy Policy

Controller for Data Processing

The controller responsible for this website in terms of data protection law is:

devsub GmbH c/o Quartier22
Bautzner Str. 22
01099 Dresden
Germany

Email: info(at)devsub.de
(Hereinafter "we" or "us")


Definitions

This privacy policy is based on the terms used by the European legislator for directives and regulations upon the enactment of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

  • Personal Data: Any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Subject: Any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
  • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Third Party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Your Rights as a Data Subject

With regard to the data processing by us, you as a user and data subject have the following rights according to the GDPR:

  • Right to confirmation and access (Art. 15 GDPR): You have the right to request confirmation as to whether data concerning you is being processed, to access this processed data, to further information about the data processing, and to copies of the data.
  • Right to rectification (Art. 16 GDPR): You have the right to request the rectification or completion of incorrect or incomplete data concerning you.
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR): You have the right to request the immediate erasure of data concerning you, provided that one of the reasons stated in Art. 17 (1) GDPR applies and the processing is not necessary according to Art. 17 (3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing if one of the conditions stated in Art. 18 (1) GDPR is met.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.
  • Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw consent given for the processing of data at any time with effect for the future.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Furthermore, we are obliged to inform all recipients to whom we have disclosed data about any rectification, erasure, or restriction of processing pursuant to Art. 16, 17 (1), or 18 GDPR – unless such notification is impossible or involves disproportionate effort. Notwithstanding this, you have the right to obtain information about who the recipients of this data are.


General Information on Data Processing

1. SSL/TLS Encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content – such as inquiries you send to us. You can recognize an encrypted connection in your browser's address line when it changes to “https://” and by the lock icon in your browser bar. If SSL or TLS encryption is activated, the data you transmit to us is protected from access by third parties.

2. Website Hosting with Hetzner

For hosting our website and providing the server infrastructure, we use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter "Hetzner"). Each time our website is accessed, Hetzner automatically collects data and information from the computer system of the accessing computer. The processing of this data serves to ensure the secure and stable operation of our website, to defend against attacks, for error analysis, and to improve our services. The legal basis for the processing of this data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The server log files are stored for a maximum of 7 days and then deleted, unless longer storage is required for evidentiary purposes (e.g., in the event of attacks or fraud attempts). In such cases, the data is stored until the incident is finally clarified. We have concluded a data processing agreement (DPA) with Hetzner in accordance with Art. 28 GDPR. This ensures that Hetzner processes the data of our website visitors only according to our instructions and in compliance with the GDPR. Further information on data protection at Hetzner can be found at: https://www.hetzner.com/de/rechtliches/datenschutz (Please note: this link points to the German version, an English version may be available on their website).


Data Processing When Using the Website

1. Contact Inquiries and Email Communication (Google Workspace)

If you contact us via email or a contact form, the personal data you transmit (e.g., name, email address, telephone number, content of your inquiry) will be stored and processed by us to handle your request and in case of follow-up questions. The legal basis for processing this data is Art. 6 (1) lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if this was requested.

For our internal organization and the handling of email communication, we use services from Google Workspace. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When using Google Workspace, your emails and the associated data (such as sender, recipient, time, attachments, content) may be processed on Google's servers. A data transfer to the USA cannot be excluded. Google LLC is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection for data transfers to the USA (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active). We have concluded a data processing agreement (Data Processing Addendum) with Google, which meets the requirements of Art. 28 GDPR. Further information on data protection at Google can be found at: https://policies.google.com/privacy and https://workspace.google.com/terms/dpa_terms.html.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with you has ended, the matter has been finally clarified, and no statutory retention obligations prevent deletion.

2. Newsletter & Email

If you subscribe to our free newsletter or submit your email address to us to receive information, the data requested for this purpose (your email address and optionally your name and address) will be transmitted to us. By subscribing, we obtain your consent to send the newsletter, explain the content in detail, and refer to this privacy policy. We use the data collected exclusively for sending the newsletter or providing information. This data will not be passed on to uninvolved third parties. The legal basis for this is your consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent to receive the newsletter at any time with effect for the future, in accordance with Art. 7 (3) GDPR. To do so, it is sufficient to inform us of your revocation (e.g., by email to info(at)devsub.de or via an unsubscribe link in the newsletter). The management of email addresses and dispatch may also be carried out via the Google Workspace infrastructure; please refer to the explanations under "Contact inquiries and Email Communication (Google Workspace)".

3. Plausible Analytics (self-hosted)

On our website, we use Plausible Analytics to statistically evaluate user behavior on our website and to optimize our offering. We operate Plausible Analytics on our own server infrastructure at Hetzner (self-hosting). The software provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. By self-hosting, we ensure that no data is transmitted to Plausible Insights OÜ or other third parties.

Protecting your privacy is important to us. Therefore, when using Plausible Analytics on our website:

  • No personal data is collected or stored.
  • No cookies or similar technologies are stored in your browser that would enable tracking across different websites.
  • No information is passed on or sold to third parties.
  • No personal, behavioral trends are recorded or evaluated.
  • No data is monetized for commercial purposes.

Plausible Analytics exclusively collects anonymous usage data in aggregate form for statistical purposes. The aim is to analyze general trends in website traffic without identifying or tracking individual visitors. The data collected includes referral sources (referrer), pages visited, duration of visit, browsers used, operating systems, and the country of access (based on the anonymized IP address). The IP address is processed in such a way that no conclusions can be drawn about individual persons. The legal basis for the use of self-hosted Plausible Analytics is our legitimate interest in measuring reach and statistically analyzing user behavior to optimize our website pursuant to Art. 6 (1) lit. f GDPR, without excessively infringing on users' privacy through invasive tracking or profiling. Further information on data collection by Plausible Analytics (in general) can be found at https://plausible.io/privacy and https://plausible.io/data-policy.

4. Google Fonts

On our website, we use Google Fonts to display external fonts uniformly and appealingly. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). To display certain fonts on our website, a connection to Google servers is established when our website is accessed. This may also include servers in the USA. The legal basis is our legitimate interest in a technically flawless, appealing, and economical design of our website pursuant to Art. 6 (1) lit. f) GDPR. Through the connection to Google, Google can determine from which website your request originates and to which IP address the font display should be transmitted. Google stores your IP address and other browser information in this process. Google LLC is certified under the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search), which is considered to provide an adequate level of data protection for data transfers to the USA. Further information on Google's data processing practices, particularly on opt-out options, can be found at: https://adssettings.google.com/authenticated and https://policies.google.com/privacy. Note: To minimize data transfer to Google servers, please check if it is possible to host Google Fonts locally on your server (self-hosting). If you already do this, please adjust this section accordingly so that no connection to Google servers is established.

5. Use of Google Calendar and Google Drive (upon interaction)

We may include links to Google Calendar (e.g., for appointment scheduling) and Google Drive (e.g., for downloading documents) as external services in our emails and on our website. No personal data is transmitted directly from our website to Google unless you explicitly click on a corresponding link. Only when you actively use a link to Google Calendar or Google Drive will you be redirected to Google's servers. In this process, data such as your IP address, referrer URL, and browser information may be transmitted to Google. If you are logged into Google, Google may associate this information with your Google account. The provider of these services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Please note that Google applies its own privacy policies when you use these services, which you can view at https://policies.google.com/privacy. We point out that we have no influence on Google's handling of your data and recommend that you also inform yourself about Google's privacy policies. The legal basis for providing these links is our legitimate interest in making useful additional functions and information easily accessible to you (Art. 6 (1) lit. f GDPR) or, in the case of appointment scheduling or document exchange, the initiation or fulfillment of a contract (Art. 6 (1) lit. b GDPR). Google LLC is also certified under the EU-U.S. Data Privacy Framework.

6. Presence in Social Media: LinkedIn

We maintain an online presence on the LinkedIn platform to inform about our company, our services, and products, and to communicate with users, prospects, and business partners. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA). When you visit our LinkedIn page or interact with it (e.g., comments, likes, messages), LinkedIn, as the platform operator, may process personal data from you. This can be done through cookies, log files, or other technologies. We have only limited influence on data processing by LinkedIn; LinkedIn is primarily responsible. Data collected by LinkedIn may be transferred to the USA. LinkedIn Corporation is certified under the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search). Information about what data is processed by LinkedIn and for what purposes it is used, as well as your rights and settings options for protecting your privacy on LinkedIn, can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. Insofar as we process personal data from you within the scope of our LinkedIn presence (e.g., in direct communication or through the analysis of aggregated, anonymized usage statistics of our page provided to us by LinkedIn), this is done on the basis of our legitimate interest in effective public relations, customer communication, and analysis to improve our offering pursuant to Art. 6 (1) lit. f GDPR. If we are jointly responsible with LinkedIn for certain processing operations (e.g., joint events), we will make this transparent and refer to corresponding agreements (Art. 26 GDPR).

Storage Duration

Unless specifically stated otherwise within this privacy policy, we store personal data only for as long as is necessary to achieve the processing purposes or as stipulated by the various storage periods provided for by law. If the storage purpose ceases to apply or if a statutory storage period expires, the data will be routinely blocked or deleted in accordance with statutory provisions.

Changes to This Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit. We recommend that you read this privacy policy regularly to stay informed about the protection of the data we process.