Privacy Policy
Privacy Policy
Information on the processing of personal data under Art. 13 GDPR on led-vermietung.de.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
LED Vermietung
Germany
Email: info@led-vermietung.de
2. General principles
We process personal data only where necessary to provide this website, respond to contact and quote requests, take pre-contractual steps, perform contracts, maintain technical security or comply with legal obligations.
The legal bases include Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract and pre-contractual steps), Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interests).
3. Hosting, server operation and SSL/TLS
This website is hosted by Hetzner. When the website is accessed, the hosting provider processes technical access data in server log files to deliver the website, ensure stability and security and detect misuse.
Server logs may include IP address, date and time of access, requested URL, referrer URL, browser, operating system, transferred data volume and HTTP status. The legal basis is Art. 6(1)(f) GDPR.
The website uses SSL/TLS encryption. You can identify an encrypted connection by “https://” in your browser address bar.
4. Database and CMS
A Neon PostgreSQL database may be used to manage website content, media, products, projects, client references, reviews, settings, contact requests and quote requests.
The CMS/admin login processes administrator data such as name, email address, password hash, role, session data, failed login attempts, IP address, audit logs and timestamps. This serves access control, security and accountability. The legal bases are Art. 6(1)(b), (c) and (f) GDPR.
5. Contact form and quote request
When you use the contact form or quote request form, we process the data you provide, including name, company, email address, phone number, message, project details, event location, date, desired LED area, technical requirements and communication history.
Processing is carried out to handle your request, prepare a quote, provide project consulting, coordinate dates and perform contracts. The legal basis is Art. 6(1)(b) GDPR; for voluntary information also Art. 6(1)(a) and Art. 6(1)(f) GDPR.
6. Email communication
Zoho Mail may be used for email communication if this mailbox or SMTP system is activated. Email address, message content, metadata and attachments are processed to the extent necessary for communication.
Emails with commercial or tax relevance may be stored in accordance with statutory retention obligations.
7. Cookies and similar technologies under TDDDG
We use technically necessary cookies and similar technologies to provide the website, language settings, cookie preferences, security functions, forms and the admin area. Access to information on the user device is based on the TDDDG where it is strictly necessary.
Optional cookies or scripts for analytics, marketing, maps, spam protection or external media are used only if activated and where consent is required. Consent can be withdrawn or changed via the cookie settings.
8. Optional analytics and third-party services
Google Analytics is used only if activated and configured accordingly. Usage data such as page views, device information, approximate location, referrer and interactions may then be processed. The legal basis is generally Art. 6(1)(a) GDPR.
Google Maps is embedded only if activated. When the map loads, personal data may be transferred to Google.
Google reCAPTCHA or Cloudflare Turnstile are used only if activated to protect forms from misuse. Technical data such as IP address, browser information and interaction data may be processed.
9. Recipients and processors
Personal data may be disclosed to technical service providers, hosting providers, database providers, email service providers, IT maintenance, payment providers if used, tax advisors, legal advisors, transport partners and event partners where necessary for operation, contract performance or legal obligations.
Where service providers act as processors, we enter into data processing agreements pursuant to Art. 28 GDPR.
10. Transfers to third countries
Where personal data is transferred to countries outside the EU/EEA, this is done only on the basis of appropriate safeguards, an adequacy decision, standard contractual clauses or explicit consent where legally required.
11. Retention periods
We store personal data only for as long as necessary for the respective purposes. Request and project data is deleted or anonymised when no longer needed and no statutory retention obligations apply.
Business correspondence, invoice data and tax-relevant documents may be retained for up to ten years under commercial and tax law. Security and server logs are generally stored only for a short period unless longer storage is required to investigate misuse or security incidents.
12. Data subject rights
Under Art. 12 to 23 GDPR, you have in particular the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests and withdrawal of consent with future effect.
You also have the right to lodge a complaint with a data protection supervisory authority, in particular the authority of your place of residence or the authority responsible for the controller.
13. No automated decision-making
Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.
14. Updates to this Privacy Policy
We update this Privacy Policy when technical, legal or organisational changes occur. The current version is available on this website.
