1. Introduction
 
The protection of your personal data has the highest priority. This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the online offering. This includes the associated website, functions and content, as well as external online presences, such as social media profiles (hereinafter collectively referred to as “online offering”). Your personal data is treated confidentially and in strict accordance with statutory data protection regulations and the provisions of this privacy policy.

​

General Information

This privacy policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data is all information that can be used to personally identify you. Please refer to this complete privacy policy for detailed information on data protection.
 

Controller

The data processing on this website is carried out by the website operator. You can find the contact details of the controller in the section “Controller” in this privacy policy.
 

Collection of Your Data

Personal data is collected in two ways: either by you providing it voluntarily, e.g. by filling out a contact form, or automatically or based on your consent during your visit to the website by the IT systems of the controller. This primarily includes technical data (e.g., browser type, operating system, or time of page visit). This data is collected automatically as soon as you enter the website.
 

Use of Your Data

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior to optimize the offering according to your needs.
 

Data Transmission to External Parties

As part of the controller’s business activities, it may be necessary to transfer personal data to external parties. Such transfer only occurs under specific conditions: if required for fulfilling a contract, based on legal obligations (e.g., to tax authorities), due to a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits it. When external service providers are used, data is transferred only on the basis of a valid data processing agreement under Art. 28 GDPR. In cases of joint processing, a contract under Art. 26 GDPR is concluded.

 

Withdrawal of Consent to Data Processing

Some data processing operations are only possible with your explicit consent. You may revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to Object to Specific Processing and Marketing (Art. 21 GDPR)
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis can be found in this privacy policy. In the event of an objection, your data will no longer be processed unless compelling legitimate grounds are demonstrated.
If your data is processed for direct marketing purposes, you have the right to object at any time. This also applies to profiling related to direct marketing. After your objection, the data will no longer be used for marketing purposes.

Rights Under the General Data Protection Regulation (GDPR)
You have the right to lodge a complaint with a supervisory authority, particularly in your place of residence or employment, or where the alleged infringement occurred. Other administrative or judicial remedies remain unaffected.
You can request a copy of your data processed based on consent or contract in a structured, commonly used, machine-readable format and request the direct transfer to another controller if technically feasible.
You have the right to request information about your stored personal data, their origin, recipients, and the purpose of processing. You may also request correction or deletion of this data under applicable laws. You can also request restriction of processing under specific conditions.
If data processing is restricted, the data may only be stored or processed under strict conditions (e.g., consent, legal claims, protection of others’ rights, or public interest).


2. Controller

Controller for data processing on this website pursuant to the General Data Protection Regulation (GDPR) is:
Company: Sittig Technologies GmbH
Represented by: Thomas Sittig & Christian Tischler
Address: Goldgewann 4, 65931 Frankfurt am Main
Website: www.sittig-tech.com
Email: webmaster@sittig.de
Phone: +49 (69) 370002-0


3. Data Protection Officer

The Data Protection Officer is available to assist you with all questions regarding data protection:
Company: Hopp + Flaig
Name: Michael Schatzinger
Email: schatzinger@hopp-flaig.de


4. Processors

The company works with various processors who process data on its behalf. These service providers are contractually obligated to maintain confidentiality and only use data within the scope of the agreed services. In some cases, data processing responsibilities are shared. In these cases, responsibilities are clearly regulated and documented to ensure compliance with data protection requirements.


5. Definitions

To ensure transparency and clarity, this privacy policy uses terminology defined in the General Data Protection Regulation (GDPR). The full legal definitions can be found in Art. 4 GDPR. The most relevant terms include:

• Personal Data: Any information relating to an identified or identifiable natural person (the “data subject”). A person is considered identifiable if they can be identified directly or indirectly, for example by name, ID number, location data, or other specific characteristics.

• Processing: Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure by transmission, alignment, restriction, erasure, or destruction.

• Controller: A natural or legal person, public authority, agency, or other body which determines the purposes and means of data processing.

• Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

• Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data.

• Website: Refers to the entire online offering provided by the controller under a specific URL, including all content, information, functions, and services.

• Device: Any electronic device capable of accessing the internet and loading web pages, including computers, laptops, tablets, and smartphones.

6. Hosting

This website is hosted by an external service provider to ensure reliable and secure access. Data processing by the host is based on Art. 6(1)(f) GDPR due to the legitimate interest in providing a stable and secure website. If user consent is required (e.g., for cookies), data processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG.
Hosting provider:
Wix.com Ltd.
40 Namal Tel Aviv Street, Tel Aviv, 6350671 Israel
Privacy Policy
A data processing agreement has been signed with the hosting provider as required by Art. 28 GDPR.


7. Legal Bases of Processing

Data processing is based on the GDPR and other applicable laws. Depending on the purpose, the legal bases include:

• Art. 6(1)(a) GDPR – Consent

• Art. 6(1)(b) GDPR – Contract performance

• Art. 6(1)(c) GDPR – Legal obligation

• Art. 6(1)(f) GDPR – Legitimate interest

For example, cookies or device access may be based on § 25 TTDSG. Specific legal bases are outlined in relevant sections of this policy.


8. Data Transfers to Unsafe Third Countries and Non-DPF-Certified US Companies

If tools from companies in non-EU countries (especially the USA) are used and the companies are not certified under the EU-US Data Privacy Framework (DPF), your data may be transferred and processed in such countries. These countries may not offer a level of protection equivalent to that of the EU. Transfers are only permitted if safeguards such as DPF certification or standard contractual clauses are in place.


9. Storage Duration

Unless a specific retention period is stated, personal data will be kept only as long as necessary to fulfill the processing purpose. Data is deleted when the purpose no longer applies, consent is withdrawn, or a legitimate deletion request is made—unless legal retention obligations (e.g., tax or commercial law) apply.


10. Security Measures and Data Minimization

Comprehensive technical and organizational security measures are implemented to protect your data from unauthorized access, destruction, or loss. Only data necessary for the specific purpose is collected and processed. These measures are continually updated to reflect the latest technological standards.

​

11. SSL/TLS Encryption

To ensure data security during transmission, this website uses encryption technologies such as SSL or TLS via HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) encrypt data transmissions to protect your data from unauthorized access. You can recognize an encrypted connection by the “https://” in your browser's address bar and the padlock symbol.


12. Storage of User Information in Log Files

Each time you access the website, general information is automatically collected and stored in server log files. This includes:

• a) IP address of the requesting device

• b) Date and time of access

• c) Name and URL of the requested file

• d) Referrer URL (previous page visited)

• e) Browser type and user agent string

• f) Operating system

• g) Name of your access provider

• h) HTTP status code

This data is stored for security reasons, to ensure a smooth connection, enhance user convenience, evaluate system security and stability, and for other administrative purposes. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). This data is not used to identify individuals and is anonymized or deleted unless legal retention requirements apply.


13. Cookies

This website uses cookies—small text files stored on your device by your browser. Cookies do not harm your device and do not contain viruses or malware.
Cookies serve to make the website more user-friendly, efficient, and secure. Some are session cookies that are deleted automatically after you leave the site. Others are temporary cookies stored on your device for a defined period to recognize you on future visits.
Cookies are also used to statistically analyze website usage and improve the offering. These are automatically deleted after a set period.
The use of cookies is based on Art. 6(1)(f) GDPR (legitimate interest). If consent is required, it is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Most browsers accept cookies automatically, but you can configure your browser to refuse cookies or alert you before one is saved. Disabling cookies may affect website functionality.


14. Use of Contact Form

If you contact the controller via a contact form, your first and last name, and email address are required to process your request. The data processing is based on your voluntary consent pursuant to Art. 6(1)(a) GDPR.
The personal data collected for using the contact form is regularly deleted once your inquiry is resolved.


15. Prohibition of Unsolicited Advertising Emails

The use of contact data published in the website’s legal notice for sending unsolicited advertisements or informational material is prohibited. Unauthorized use of this data constitutes a violation of the rights of the website operator and will not be tolerated. Legal action may be taken in the event of unsolicited marketing, especially spam emails.


16. Newsletter

If you would like to subscribe to the newsletter offered on this website, we require a valid email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you consent to receiving the newsletter (double opt-in procedure). No other data is collected.
The data entered into the newsletter registration form is processed solely based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of your data and email address and their use for sending the newsletter at any time—e.g., via the "unsubscribe" link in the newsletter or by contacting the controller directly. The legality of data processing carried out prior to the withdrawal remains unaffected.
Your data provided for the purpose of receiving the newsletter will be stored until you unsubscribe and deleted afterward. Any data stored for other purposes (e.g., user account emails) remains unaffected.

​

Brevo

The newsletter is sent using Brevo, a service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Subscriber email addresses and other data described in this notice are stored on Brevo's EU servers. Brevo uses this information to send and evaluate newsletters on behalf of the controller and may use it to optimize its services (e.g., technical improvements or geographical performance analysis). Brevo does not contact subscribers or pass on data to third parties.
For more information, see Brevo's privacy policy: https://www.brevo.com/de/legal/privacypolicy/.

 

17. Use of Analytics and Tracking Tools

Analytics and tracking tools are used to ensure the demand-oriented design and continuous optimization of this website. These tools help statistically analyze the use of the website to optimize the offering for users.

Storage and analysis of data are based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a functional and optimized website). If consent was obtained, processing is additionally based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

​

Google Ads Tracking

Used to analyze user behavior and evaluate the effectiveness of ads. Data may be transferred to and stored on Google servers in the USA.
Certified under the EU-US Data Privacy Framework (DPF): https://www.dataprivacyframework.gov
Privacy policy: https://policies.google.com/privacy

​

Google Ads Remarketing

Displays targeted ads to users who previously visited the site. Uses cookies for tracking. Data may be transferred to the USA under DPF certification.
Privacy policy: https://policies.google.com/privacy

​

Google AdSense

Displays personalized ads and analyzes ad performance. Uses cookies. Data may be transferred to the USA.
Privacy policy: https://policies.google.com/privacy

​

Google Analytics

Analyzes website usage. Uses cookies. IP anonymization is active on this site. Data may be transferred to the USA under DPF certification.
Privacy policy: https://policies.google.com/privacy

​

Google Conversion Tracking

Measures effectiveness of ads. Uses cookies and may transfer data to the USA.
Privacy policy: https://policies.google.com/privacy

​

Google Tag Manager

Manages website tags. Does not collect personal data directly. Triggered tags may do so. Certified under DPF.
Privacy policy: https://policies.google.com/privacy

 

18. Social Media Plugins

This website integrates social media plugins to share content on platforms like LinkedIn, X (formerly Twitter), and XING.

​

LinkedIn

Operated by LinkedIn Ireland Unlimited Company. When visiting a page with LinkedIn plugins, a direct connection is established. Data (including IP address) may be transmitted to LinkedIn servers in the USA.

Certified under the DPF.
Privacy policy: https://www.linkedin.com/legal/privacy-policy

​

X (formerly Twitter)

Operated by X Corp., San Francisco, USA. When visiting a page with an X plugin, data may be transferred to servers in the USA.
Certified under the DPF.
Privacy policy: https://gdpr.x.com/de.html

​

XING

Operated by New Work SE, Hamburg. Enables sharing of content on XING profiles. Data may be transmitted to XING servers.
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
19. Appointment Booking or Calendar Tool
The website uses a scheduling tool to organize and manage appointments efficiently.

​

Brevo

Brevo is used for appointment booking. Data such as your name, email, phone number, and appointment time are collected and stored. Data may be transferred to the USA if necessary.
Privacy policy: https://www.brevo.com/de/legal/privacypolicy/

 

20. Google Fonts

Google Fonts is used to enhance the website’s appearance. When fonts are loaded, your IP address is transmitted to Google’s servers, possibly in the USA.
Certified under the DPF.
Google privacy policy: https://policies.google.com/privacy

 

21. Embedded Videos

To provide multimedia content, external video platforms are embedded.

​

Vimeo

Operated by Vimeo Inc., USA. When viewing a page with embedded Vimeo videos, data (including IP address) is transmitted.
Certified under the DPF.
Privacy policy: https://vimeo.com/privacy

​

YouTube

Operated by Google Ireland Limited. Data is transmitted to Google when videos are viewed.
Privacy policy: https://policies.google.com/privacy

 

22. Captcha Service

Captcha tools are used to protect online forms from automated abuse.

​

Google reCAPTCHA

Verifies user input to distinguish humans from bots. Processes IP address and interaction data. Certified under the DPF.
Privacy policy: https://policies.google.com/privacy

​

​

Source: https://datenschutz-generator.de/