Datenschutz

Summary

Tadit is a closed-testing beta site. We do not run analytics, advertising, or user tracking on these pages. We do not set our own non-essential cookies and do not use analytics or advertising cookies. We do not build profiles. The only personal data that touches our infrastructure is what is technically required to deliver the page to your browser (server logs, processed by our CDN provider Cloudflare), plus anything you voluntarily send us by email or through a Calendly booking when you choose to schedule a meeting with us.

1. Controller (Verantwortlicher)

Responsible for data processing on this site within the meaning of Art. 4 No. 7 GDPR is:

We are not legally required under Art. 37 GDPR or § 38 BDSG to appoint a Data Protection Officer and have not appointed one. For any data protection matter, please contact us at the address above.

2. Hosting and server logs (Cloudflare + nginx)

This site is served from an origin server running nginx, fronted by Cloudflare as a CDN and reverse proxy. Every HTTP request unavoidably transmits technical data that the web server and Cloudflare process to deliver the page. Specifically, the following data may be processed and written to access logs:

• IP address of the requesting device
• date and time of the request
• the requested URL, HTTP method and status code
• amount of data transferred
• referring page (Referer)
• browser type, version and user agent
• operating system

Purpose: delivering the website, protecting against attacks and abuse (DDoS, bots), maintaining the technical stability and security of the service, and short-term operational troubleshooting.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in operating a secure, stable, and performant website without having to run our own globally distributed CDN.

Storage duration: server access logs are retained only for as long as needed for the purposes above (typically a few days, at most 30 days) and are not merged with other data sources. Cloudflare's own retention is governed by Cloudflare's privacy policy and our data processing agreement (DPA) with Cloudflare.

3. Cloudflare, Inc. (CDN, security proxy)

We use Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, as our CDN, reverse proxy and security layer. Cloudflare automatically processes connection metadata (including your IP address, request data, and TLS handshake information) to route traffic to our origin, terminate TLS, cache static assets, and filter malicious traffic.

A data processing agreement under Art. 28 GDPR (Cloudflare Customer DPA) is in place between us and Cloudflare for this purpose.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure, available website).

Transfer to a third country: Cloudflare is headquartered in the USA and may process data there. Cloudflare, Inc. is self-certified under the EU-U.S. Data Privacy Framework, so transfers are covered by the European Commission's adequacy decision of 10 July 2023 (Art. 45 GDPR). The DPA additionally includes EU Standard Contractual Clauses (Art. 46 GDPR) as a fallback safeguard.

Further information: cloudflare.com/privacypolicy · cloudflare.com/trust-hub/gdpr.

4. Calendly (booking a call)

The "Talk to us" buttons on this site are plain external links to a page hosted by Calendly, LLC, 115 E Main Street, Suite A1B, Buford, GA 30518, USA. Calendly is not embedded on our pages and is only loaded if you click through to it yourself. No data is transmitted to Calendly before you click.

On the Calendly page, in order to schedule a meeting with us, you may provide:

• first and last name
• email address
• any details you choose to add to the booking notes

In addition, Calendly itself processes technical data such as your IP address, browser, timezone, and meeting metadata.

If a meeting is booked via Calendly, Calendly writes the event into our connected Google Workspace Calendar via an authorized integration, so we can manage the appointment. This may include your name, email address, meeting date and time, timezone, meeting title, and any booking notes you provide.

For booking data that Calendly processes on our behalf, Calendly acts as our processor under a data processing agreement pursuant to Art. 28 GDPR. Calendly may also process certain data as an independent controller for its own account, security, compliance, and service-improvement purposes, as described in Calendly's privacy notice.

Legal basis: Art. 6(1)(b) GDPR for the booking itself, including arranging and carrying out the requested meeting, and Art. 6(1)(f) GDPR for using Calendly and Google Calendar as practical tools for appointment scheduling and calendar management.

Transfer to a third country: Calendly is headquartered in the USA. Calendly, LLC is self-certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR), and additionally relies on EU Standard Contractual Clauses (Art. 46 GDPR). Google may also process calendar-related data in countries outside the EU/EEA and provides safeguards for international transfers, including EU Standard Contractual Clauses where required.

Further information: calendly.com/legal/privacy-notice · calendly.com/legal/data-processing-addendum · cloud.google.com/privacy/gdpr · cloud.google.com/terms/data-processing-addendum.

5. Contacting us by email

If you write to us at [email protected], your email address and the contents of your message are processed for the sole purpose of replying to you and handling your request.

Legal basis: Art. 6(1)(b) GDPR if your message relates to a potential contractual relationship, otherwise Art. 6(1)(f) GDPR (legitimate interest in answering inbound enquiries).

Storage duration: your message is retained for as long as needed to handle the conversation and any reasonable follow-up, then deleted unless a statutory retention obligation requires otherwise.

6. Obligation to provide data

You are under no statutory or contractual obligation to provide any personal data on this website. The data described in sections 4 and 5 is only processed if you voluntarily choose to contact us by email or to book a meeting via Calendly. If you do not provide the data requested by the booking form (such as your name and email address) or omit it from your email, we will not be able to respond to your request or schedule a meeting with you. No other consequences follow.

7. Cookies and tracking

We do not set any non-essential cookies of our own. We do not run analytics (no Google Analytics, no Plausible, no Posthog, no Matomo), no advertising or retargeting pixels, and no social-media trackers. Because we do not use any non-essential tracking technologies, no consent banner is required under § 25 TDDDG (formerly TTDSG).

Our CDN provider Cloudflare may set a strictly necessary cookie ("__cf_bm" or similar) on our domain for bot management when needed to keep the site secure. Such cookies are technically necessary within the meaning of § 25(2) No. 2 TDDDG and do not require consent.

Calendly may set its own cookies, but only on Calendly's domain, only after you click through to it, and governed by its own privacy notice.

8. What we do NOT do

• no analytics or visitor tracking on this site
• no advertising, retargeting, or marketing pixels
• no profiling, no automated decision-making within the meaning of Art. 22 GDPR
• no user accounts or signup on this site
• no selling, renting, or sharing of personal data, beyond the processors and service providers listed above

9. Your rights as a data subject

Under the GDPR you have, where the respective conditions are met, the following rights regarding personal data we hold about you:

• right of access (Art. 15 GDPR)
• right to rectification (Art. 16 GDPR)
• right to erasure / "right to be forgotten" (Art. 17 GDPR)
• right to restriction of processing (Art. 18 GDPR)
• right to data portability (Art. 20 GDPR)
• right to object (Art. 21 GDPR), in particular against processing based on Art. 6(1)(f) GDPR
• right to withdraw any consent at any time with effect for the future (Art. 7(3) GDPR)

To exercise any of these rights, write to [email protected]. We will respond within the statutory period under Art. 12(3) GDPR, usually within one month.

10. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). This right exists independently of any other administrative or judicial remedy.

11. Changes to this notice

This is a beta product and the notice may change as the product evolves. Material changes will be reflected here, with the date below updated accordingly.

Last updated · 2026-05-01