Privacy Policy

This notice explains which personal data we process, for what purposes, and which rights you have.

Contents:

1. Controller

VantaNet
VantaNet (Julian Vogt)
c/o COCENTER
Koppoldstr. 1
86551 Aichach, Germany

2. Privacy contact

3. General information on processing

Key legal bases include consent, contract performance, legal obligation, and legitimate interests (Art. 6 GDPR).

We only process data that is necessary for operating this website and providing our services. Where consent is required (e.g., analytics), processing only takes place after you consent.

4. Hosting, server log files

When you access our website, our servers automatically log data (server log files) such as IP address, date/time, requested URL, status code, referrer, user agent. This is necessary to ensure security, stability, and troubleshooting.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

5. Cloudflare (CDN/DNS/Security)

We use Cloudflare to provide DNS, content delivery (CDN) and security functions (e.g., protection against abuse and attacks). When accessing our website, technical connection data (including IP address and request metadata) may be processed by Cloudflare to deliver content and protect the service.

International transfers: depending on routing and configuration, processing may also take place outside the EEA. In such cases, appropriate safeguards may apply (e.g., adequacy decisions and/or standard contractual clauses).

6. Cookies & consent management

We may use cookies or similar technologies. Essential cookies are required for core functions (e.g., session/login). Optional cookies (e.g., analytics) are only set after your consent.

If information is stored on or read from your device for non-essential purposes, consent is typically required under German telemedia rules.

7. Consent management (CookieBot)

We use the consent management solution CookieBot to obtain, store and manage your preferences (consent) for cookies and similar technologies. CookieBot can store consent choices and display consent dialogs. When the tool is loaded, technical connection data (e.g., IP address, request data) may be processed to provide the service.

You can change or withdraw your consent at any time via the consent settings (cookie banner/settings).

8. Google Analytics 4

If enabled, we use Google Analytics 4 (GA4) to measure usage and improve our website. GA4 processes usage data (events), device information and can process IP addresses. IP anonymization is enabled by default in GA4.

International transfers: Google may process data in the USA or other countries. Google is certified under the EU–US Data Privacy Framework; additionally, standard contractual clauses may be used.

9. Google Tag Manager

We use Google Tag Manager (GTM) to manage website tags. GTM itself does not create analytics reports, but it may transmit IP addresses to Google when loaded.

10. Contact (email, forms)

If you contact us (e.g., by email or via forms), we process your provided data (name, email, message content) to handle your request.

Legal basis: contract/pre-contract (Art. 6(1)(b) GDPR) or legitimate interests (Art. 6(1)(f) GDPR).

11. Customer account / login

If you create a customer account, we process registration and access data (e.g., email, password hash, login timestamps, security-related logs) to provide the account and secure access.

Legal basis: contract performance (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR) for security.

12. Orders, purchases, contract performance

If you place an order, we process order and contract data (e.g., name, billing details, service selection, communication, invoice data) to fulfil the contract and comply with legal obligations (e.g., retention periods).

Legal bases: contract performance (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR).

13. Payments (Stripe)

For payment processing we use Stripe. During checkout, payment data is transmitted directly to Stripe (e.g., card details, payment tokens). We receive transaction-related information (e.g., status, timestamps, reference IDs) to confirm and reconcile payments.

Stripe may process data in the EU and, depending on configuration, also in third countries. See Stripe’s privacy policy for details.

14. Withdrawal, refunds, support

If you exercise a right of withdrawal (where applicable), request a refund, or contact support, we process the information necessary to handle the request (order reference, communication, proof of entitlement, payment references).

Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligations), Art. 6(1)(f) GDPR (fraud prevention/documentation).

15. Recipients, processors, international transfers

We may share data with processors (e.g., hosting, consent management, analytics, payments) under data processing agreements where required. Data is also shared if necessary to fulfil contracts or legal obligations.

International transfers: if data is processed outside the EEA, we rely on adequacy decisions and/or appropriate safeguards (e.g., SCCs).

16. Retention periods

We store personal data only as long as necessary for the stated purposes or as required by law (e.g., retention periods for invoices).

17. Your rights

You have the right of access, rectification, erasure, restriction, data portability, and the right to object. If processing is based on consent, you can withdraw it at any time with effect for the future.

18. Security

We use appropriate technical and organizational measures (e.g., TLS encryption, access controls) to protect your data.

19. Changes to this policy

We may update this policy to reflect changes in our processing or legal requirements.


Source: https://e-Recht24.de