Privacy Policy

1. Data Controller

The data controller responsible for data processing on this website is:

CERITUM GmbH

Dr.-Ing. Michael Breitenberger

Hennengasse 11A, D-85485 Erding

info@ceritum.com

2. Overview of Data Processing

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.

3. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons. You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and by the padlock icon in your browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Hosting

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel uses a global edge network, and data may also be transmitted to the USA. Data transfers to the USA are based on EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. Additionally, Vercel is certified under the EU-U.S. Data Privacy Framework. The legal basis for using this hosting provider is Art. 6(1)(f) GDPR (legitimate interest in providing our website reliably).

5. Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with Vercel Inc. pursuant to Art. 28 GDPR. Vercel processes personal data on our behalf and is bound by our instructions. This ensures the data protection-compliant processing of your data.

6. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits. These are: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, IP address. This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website. Server log files are automatically deleted after 30 days.

7. Cookies

This website uses only technically essential cookies. These are necessary for the basic functionality of the website and cannot be deactivated. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision of the website). Specifically:

• cookie-consent: Stores your cookie consent preference (1 year)
• staging-auth: Authentication for staging environments (7 days, only on staging)

No analytics cookies, advertising cookies, or third-party tracking cookies are used.

8. Contact Form

When you contact us via the contact form, the information you provide (name, email address, company, phone number, message) is processed for the purpose of handling your inquiry. The data is transmitted via your local email client (mailto link). The data transmitted through the contact form is not stored permanently but is used exclusively to process your inquiry and deleted after completion, unless statutory retention obligations apply. The legal basis for processing is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry).

9. Data Retention

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods).

10. Third Country Transfers

We use Vercel Inc., a service provider based in the USA. The USA is considered a third country within the meaning of the GDPR. For the transfer of personal data to the USA, we rely on the EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. Additionally, Vercel is certified under the EU-U.S. Data Privacy Framework.

11. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You can request information about your stored personal data.
• Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): You can request deletion of your data.
• Right to restriction of processing (Art. 18 GDPR): You can request restriction of data processing.
• Right to data portability (Art. 20 GDPR): You can request your data in a machine-readable format.
• Right to object (Art. 21 GDPR): You can object to the processing of your data.

12. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

13. Changes

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services. The current version is always available on this page.