Privacy Policy

Protecting your personal data is important to us, CegTec GmbH ("we"). We process your personal data only in compliance with statutory provisions, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, or GDPR).

This privacy policy informs you about the processing of your personal data and your rights as a data subject when

• you use our website (www.cegtec.net);
• you visit our presences on social media;
• you contact us in business contexts through other channels; and
• you enter into a contract with us.

You will also find further information below about the use of so-called "cookies" and related functions/technologies on our website.

1. Controller

The data controller responsible for the data processing described in this privacy policy is

CegTec GmbH
Immenhof 15
22087 Hamburg, Germany
Phone: +49 151 15551607
Email: privacy@cegtec.net

2. Purposes and legal bases of our data processing

2.1 Data processing when using our website

When you use our website, we may process the following categories of data. This data may include personal data.

2.1.1 Internet connection data

When you access our website, we collect and process your so-called internet connection data (e.g. date, time, type and origin of the request, name of the requested page, information about the browser type, transmitted data volume and the requesting provider, and your IP address) which your browser automatically transmits to our servers when our website is accessed. We need this information to enable you to use our website, e.g. by adapting the website to the technical requirements of your end device. To detect and resolve possible malfunctions of our website, we store this data for a period of up to six months. The legal basis for this data processing is our legitimate interest in ensuring the security and usability of our website, Art. 6 (1) (f) GDPR.

2.1.2 Access to and storage on your end device ("cookies")

We use tracking technologies on our website that allow us or our service providers to collect data relating to the use of our website. These tracking technologies are commonly referred to collectively as cookies, which is why we will use this term below. The following statements, however, also apply analogously to other tracking technologies or file formats, such as local storage, pixels, beacons or tags.

We use cookies on the one hand to store session-relevant information within the website. These cookies expire at the end of the browser session (so-called transient cookies) and are not permanently stored. Other cookies remain on your computer beyond the respective browser session and allow us to recognise your computer on your next visit (so-called persistent cookies). Persistent cookies are deleted automatically after a predefined period that may differ depending on the type of cookie.

2.1.2.1 Strictly necessary cookies

In certain cases, the storage of information on your end device or access to information already stored on your end device is strictly necessary so we can provide our website to you. The legal basis for using such cookies is § 25 (2) no. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG).

Insofar as this information has personal references and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and fulfilling our data protection accountability obligations, Art. 6 (1) (f) in conjunction with Art. 5 (2) GDPR.

2.1.2.2 Optional cookies

We only use cookies that are not strictly necessary ("optional cookies") with your consent. When you first access our website, we display a so-called cookie banner to inform you about the tracking technologies we use and to give you the choice of which optional cookies you wish to consent to.

If you click the corresponding button in the cookie banner ("Accept all"), you consent to the storage and reading of all non-essential cookies on your device (§ 25 (1) TDDDG) and to the processing of your personal data stored in the cookie (Art. 6 (1) (a) GDPR). You can withdraw your consent at any time with effect for the future.

2.1.2.2.1 Google Analytics (via Google Tag Manager)

If you give your consent, we use the advertising analytics service Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). As part of providing Google Analytics, Google collects data relating to your use of our website. The data collected via Google Analytics is also stored on Google servers in the USA. We have activated the IP anonymisation function. You can find Google's privacy policy here.

By way of an adequacy decision dated 10 July 2023, the EU Commission has determined that the level of data protection in the USA is comparable to that in the EU. Google is certified under the EU-US Data Privacy Framework.

2.1.2.2.2 HubSpot

If you give your consent, we use the marketing and CRM service HubSpot provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA ("HubSpot"). HubSpot is an integrated software solution that covers various aspects of our online marketing. You can find HubSpot's privacy policy here.

HubSpot is certified under the EU-US Data Privacy Framework.

2.2 Contact form

You have the option to send us contact requests via the contact form on our website. In this case, we collect your first and last name, your email address and, if you wish, your phone number. If your request relates to the performance of a contract concluded with you or to the initiation of such a contract, the legal basis for our data processing is Art. 6 (1) (b) GDPR. Otherwise, the legal basis is our legitimate interest in efficiently handling your request to us (Art. 6 (1) (f) GDPR).

2.3 Social networks

Our website contains so-called social plugins for social networks. These services are operated exclusively by third parties:

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland — Privacy

Instagram: Meta Platforms Ireland Limited, Dublin 4, Ireland — Privacy

Facebook: Meta Platforms Ireland Limited, Dublin 4, Ireland — Privacy

X: X Internet Unlimited Company, Dublin 2, Ireland — Privacy

2.4 Data processing in other business contacts

If you contact us through channels other than our website, e.g. by email, phone, post or at trade shows, we collect your contact details, including your position in your company where applicable. We store this data in our CRM system.

2.4.1 Data processing for contract conclusion

To conclude or perform contracts with you, we process personal data concerning you. The legal basis for processing your personal data is Art. 6 (1) (b) GDPR.

3. Recipients of your personal data and third country transfers

We use various technical service providers when processing your personal data. Insofar as these service providers may have access to your personal data, they process your data within the scope of data processing agreements (Art. 28 GDPR).

We may transfer your personal data to data processors in countries outside the EU and EEA, in particular to the USA. These data transfers usually take place on the basis of the EU Commission's adequacy decision of 10 July 2023. If this is not the case, we ensure appropriate safeguards within the meaning of Art. 46 GDPR.

4. Deletion of your personal data

We delete your personal data as soon as its processing is no longer required for the purposes set out in this privacy policy. Such retention obligations exist under German commercial and tax law in particular for business letters for six years to year-end and for accounting documents for eight years to year-end.

5. Your rights

As a data subject, you have the following rights under the respective legal requirements:

• the right to confirmation as to whether we are processing your personal data (Art. 15 GDPR);
• the right to information about the personal data we process about you and to a copy of the data (Art. 15 GDPR);
• the right to rectification (Art. 16 GDPR);
• the right to erasure (Art. 17 GDPR);
• the right to restriction of processing (Art. 18 GDPR);
• the right to data portability (Art. 20 GDPR).

In the case of processing on the basis of Art. 6 (1) (e) or (f) GDPR, you may also object under the conditions of Art. 21 (1) GDPR.

If processing is based on your consent pursuant to Art. 6 (1) (a) GDPR, you may withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR).

You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

6. No automated individual decision-making

Your personal data is not used for automated individual decision-making within the meaning of Art. 22 (1) GDPR.

7. Changes to this privacy policy

New legal requirements, business decisions or technical developments may require changes to this privacy policy. You can always find the most current version on our website.

As of: July 2025