Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: March 22, 2026

Table of Contents

• Preamble
• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Transmission of Personal Data
• International Data Transfers
• Data Retention and Deletion
• Rights of Data Subjects
• Business Services
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Contact and Inquiry Management
• Web Analytics, Monitoring and Optimization
• Changes and Updates
• Definitions

Controller

Truncate
E-mail: truncate2026@gmail.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

• Inventory data.
• Payment data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta, communication and procedural data.
• Log data.

Categories of Data Subjects

• Service recipients and clients.
• Prospective customers.
• Communication partners.
• Users.
• Business and contractual partners.

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Reach measurement.
• Office and organizational procedures.
• Feedback.
• Profiles with user-related information.
• Provision of our online offering and user experience.
• IT infrastructure.
• Business processes and management procedures.

Applicable Legal Bases

Legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence.

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party.
• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG).

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements to ensure a level of protection appropriate to the risk.

These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data.

TLS/SSL encryption (HTTPS): To protect user data transmitted via our online services, we use TLS/SSL encryption technology. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL.

Transmission of Personal Data

In the course of processing personal data, it may be transmitted to or disclosed to other entities, companies, or persons. In such cases, we comply with legal requirements and conclude appropriate contracts to protect your data.

International Data Transfers

If we transfer data to a third country (i.e., outside the European Union or European Economic Area), this is always done in compliance with legal requirements. For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), recognized by an adequacy decision of the EU Commission on July 10, 2023. We have also concluded Standard Contractual Clauses with the respective providers.

Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/.

Data Retention and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal bases for processing exist.

General retention periods under German law:

• 10 years – Books, records, annual financial statements (§ 147 AO, § 257 HGB)
• 8 years – Accounting documents (§ 147 AO, § 257 HGB)
• 6 years – Other business documents (§ 147 AO, § 257 HGB)
• 3 years – General limitation period for contractual claims (§§ 195, 199 BGB)

Rights of Data Subjects

As a data subject under the GDPR, you have various rights:

• Right to object: You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) GDPR.
• Right to withdraw consent: You have the right to withdraw consent at any time.
• Right of access: You have the right to request confirmation as to whether relevant data is being processed and to receive information about this data.
• Right to rectification: You have the right to request completion or correction of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right to request the immediate deletion of data concerning you.
• Right to data portability: You have the right to receive data concerning you in a structured, commonly used and machine-readable format.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Business Services

We process personal data of our contractual and business partners, such as customers and prospective customers, for the purposes of initiating, performing and executing contractual relationships.

• Types of data processed: Inventory data; payment data; contact data; contract data.
• Data subjects: Service recipients and clients; prospective customers; business and contractual partners.
• Purposes of processing: Provision of contractual services; communication; organizational procedures; business processes.
• Legal bases: Contract performance (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Provision of the Online Offering and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the contents and functions of our online services to the user's browser or device.

• Types of data processed: Usage data; meta, communication and procedural data; log data.
• Data subjects: Users.
• Purposes of processing: Provision of our online offering; IT infrastructure; security measures.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Collection of access data and log files: Access to our online offering is logged in the form of server log files. Log file information is stored for a maximum of 30 days and then deleted or anonymized.

Use of Cookies

Cookies are functions that store and read information on users' devices. We use cookies in accordance with legal requirements, obtaining user consent where required.

Storage duration:

• Temporary cookies (session cookies): Deleted after the user leaves the online offering and closes their device.
• Permanent cookies: Remain stored after closing the device. Storage duration can be up to two years.

• Types of data processed: Meta, communication and procedural data.
• Data subjects: Users.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); consent (Art. 6(1)(a) GDPR).

Contact and Inquiry Management

When you contact us (e.g., by email), the data provided by the inquiring person is processed to the extent necessary to respond to the contact request.

• Types of data processed: Contact data; content data; meta, communication and procedural data.
• Data subjects: Communication partners.
• Purposes of processing: Communication; organizational procedures; feedback.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); contract performance (Art. 6(1)(b) GDPR).

Web Analytics, Monitoring and Optimization

Web analytics is used to evaluate visitor traffic to our online offering. Using reach analysis, we can identify at what times our online offering or its functions are most frequently used.

Users' IP addresses are pseudonymized (IP masking). No clear-text user data (such as email addresses or names) is stored, only pseudonyms.

• Types of data processed: Usage data; meta, communication and procedural data.
• Data subjects: Users.
• Purposes of processing: Reach measurement; user profiles; provision of our online offering.
• Security measures: IP masking (pseudonymization of IP address).
• Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. Google Analytics does not log or store individual IP addresses for EU users. For EU traffic, IP address data is used solely to derive geolocation data before being immediately deleted.

• Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• Legal bases: Consent (Art. 6(1)(a) GDPR).
• Website: https://marketingplatform.google.com/intl/de/about/analytics/
• Privacy policy: https://policies.google.com/privacy
• Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.
• Opt-out: Browser opt-out plugin

Changes and Updates

We ask you to regularly inform yourself about the contents of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary.

Definitions

• Inventory data: Essential information for the identification and management of contractual partners, user accounts and profiles (e.g., names, contact information, dates of birth, user IDs).
• Content data: Information generated in the course of creating, editing and publishing content of all types (texts, images, videos, audio files, etc.).
• Contact data: Essential information enabling communication with persons or organizations (phone numbers, addresses, email addresses).
• Meta, communication and procedural data: Information about how data is processed, transmitted and managed (IP addresses, timestamps, identification numbers).
• Usage data: Information that captures how users interact with digital products (page views, click paths, dwell time, device information).
• Personal data: Any information relating to an identified or identifiable natural person.
• Log data: Information about events or activities logged in a system or network.
• Reach measurement: Evaluation of visitor traffic to an online offering (also known as web analytics).
• Controller: The natural or legal person, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: Any operation performed with or without automated means on personal data.
• Contract data: Specific information relating to the formalization of an agreement between two or more parties.
• Payment data: All information required for processing payment transactions.

Created with Datenschutz-Generator.de by Dr. Thomas Schwenke