Skip to main content Skip to page footer

Privacy

1. Controller

Gitterdan GmbH

Oliver Sampson (Managing Director)
Friedrichstraße 13
70174 Stuttgart, Germany
info@gitterdan.ai

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Overview

We take the protection of your personal data seriously and process it confidentially, in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG), and this policy. This policy explains what data we collect when you use this website, and why.

Please note that data transmitted over the internet (e.g. by email) can have security gaps; complete protection against access by third parties is not possible.

3. Your rights

Under the GDPR you have, at any time, the right to:

  • Access (Art. 15) — obtain confirmation and a copy of the personal data we hold about you, its origin, recipients and purpose;
  • Rectification (Art. 16) — have inaccurate data corrected;
  • Erasure (Art. 17) — have your data deleted, subject to legal retention obligations;
  • Restriction (Art. 18) — have processing restricted in the cases set out in the GDPR;
  • Data portability (Art. 20) — receive data you provided, based on consent or a contract, in a common machine-readable format;
  • Object (Art. 21) — object, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object at any time to processing for direct marketing;
  • Withdraw consent (Art. 7(3)) — withdraw any consent at any time, with effect for the future, without affecting the lawfulness of processing before withdrawal;
  • Lodge a complaint with a supervisory authority (Art. 77) — in particular in the member state of your residence, workplace or the place of the alleged infringement. The authority competent for us is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI Baden-Württemberg).

To exercise any of these rights, contact us at info@gitterdan.ai.

4. Legal bases for processing

Where we ask for your consent, we process on the basis of Art. 6(1)(a) GDPR (and, for the storage of / access to information on your device, § 25(1) TDDDG). Where processing is necessary to perform a contract or take pre-contractual steps, Art. 6(1)(b) GDPR applies. Where we must comply with a legal obligation, Art. 6(1)(c) GDPR applies. Otherwise we may process on the basis of our legitimate interests under Art. 6(1)(f) GDPR. The relevant basis for each activity is stated in the sections below.

5. Hosting and server log files

This website is hosted by:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (servers located in Germany). Hetzner processes data on our behalf as a processor under a data-processing agreement (Art. 28 GDPR).

Each time this website is accessed, the server automatically collects and stores information in server log files that your browser transmits, in particular:

  • IP address
  • date and time of the request
  • the page/file requested
  • HTTP status code and amount of data transferred
  • referrer URL
  • browser type and version, and operating system

This data is not merged with other data sources and is processed on the basis of Art. 6(1)(f) GDPR; we have a legitimate interest in the technically error-free presentation and security of our website. Web-server access logs are retained according to the standard log-rotation configuration of our hosting; application (TYPO3) log files are deleted after 10 days. Data is kept longer only where required to investigate a specific security incident.
 

6. Cookies

For ordinary visitors, this website does not set any cookies. A single strictly-necessary session cookie is set by our content management system (TYPO3) only when an authorised editor logs in to the backend; it is technically required to maintain that login session and is stored on the basis of Art. 6(1)(f) GDPR / § 25(2) TDDDG (no consent required).

We do not use any analytics, tracking, advertising or third-party profiling cookies. If this changes, we will update this policy and, where required, ask for your consent beforehand.

7. Contacting us by email

If you contact us by email, the data you provide (e.g. your email address, name and the content of your message) is stored and processed to handle your enquiry and any follow-up questions. We do not pass this data on without your consent.

The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to a contract or pre-contractual measures, and otherwise our legitimate interest in effectively handling enquiries (Art. 6(1)(f) GDPR), or your consent (Art. 6(1)(a) GDPR) where requested. This data remains with us until you ask us to delete it, withdraw your consent, or the purpose no longer applies; mandatory statutory retention periods remain unaffected.

8. Newsletter

If you subscribe to our newsletter, we ask for your email address and, optionally, your first and last name. We use a double opt-in procedure: after you register, we send a confirmation email, and we only add you to the list once you click the confirmation link. This lets us verify that you are the owner of the email address. We store your consent together with the time of registration and confirmation.

  • Purpose: to send you the newsletter and information about IMSight.
  • Legal basis: your consent, Art. 6(1)(a) GDPR.
  • Withdrawal: you can unsubscribe at any time, e.g. via the link in every newsletter email. Withdrawing your consent does not affect the lawfulness of processing already carried out.

Newsletter processor. Newsletter data is managed in the CRM / email-marketing system Odoo, provided by Odoo S.A., Chaussée de Namur 40, 1367 Ramillies, Belgium; the data is hosted in the EU. Odoo processes this data on our behalf as a processor under a data-processing agreement (Art. 28 GDPR). Your data remains stored there until you unsubscribe.
 

9. Data transfer to third countries

We process personal data within the EU/EEA. We do not currently transfer personal data to third countries without an appropriate safeguard.

10. Storage duration

Unless a more specific period is stated above, we keep your personal data only as long as necessary for the purpose it was collected for. Where you exercise a valid erasure request or withdraw consent, your data is deleted unless we have other legally permissible grounds for retention (e.g. statutory tax or commercial retention periods); in that case, deletion takes place once those grounds no longer apply.

11. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL/TLS encryption. An encrypted connection is indicated by `https://` in the address bar and the padlock icon. When encryption is active, the data you transmit to us cannot be read by third parties.

12. Objection to promotional emails

We object to the use of contact data published under our legal-notice (Impressum) obligations for sending unsolicited advertising and information material. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising, e.g. via spam emails.

We may update this privacy policy to reflect changes to our processing or to legal requirements. The current version is always available on this page.

Last updated: July 6th 2026