Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on this Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in two ways: first, when you provide it to us (e.g., via our contact form). Other data is automatically collected when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access).

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior (only with your consent via our Consent Management System).

2. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Notice on the Responsible Party

The responsible party for data processing on this website is:

IDENTIC Projects eGbR
Kreuzberg 71
59846 Sundern
Germany

Email: info@identic.pro
Website: https://identic.pro

Legal form: Civil law partnership (GbR) Registered office: Sundern Registered at the District Court of Arnsberg in the Company Register 532, Registration number: 1 VAT identification number according to §27a UStG: DE 365671448

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period is specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storage.

Specific retention periods:

• Contact inquiries: 3 years from receipt of inquiry
• Consent approvals: 3 years after revocation of consent
• User registrations: During active use + 6 months after last login
• Server log files: 7 days (automatic deletion)

Legal Basis for Data Processing

This privacy policy is based on the requirements of the General Data Protection Regulation (GDPR), the Digital Services Act (DDG), and the Telecommunications-Digital Services-Data Protection Act (TDDDG).

We process your data on the following legal bases:

• Art. 6 para. 1 lit. a GDPR: Consent (Consent Management, Analytics)
• Art. 6 para. 1 lit. b GDPR: Contract fulfillment (contact inquiries, services)
• Art. 6 para. 1 lit. f GDPR: Legitimate interests (website functionality, security)
• § 25 TDDDG: Consent for device access (cookies, local storage)

3. Data Processing on this Website

Server Log Files

The provider of the pages automatically collects and stores information in server log files that your browser automatically transmits to us:

• Data types: Browser type and version, operating system, referrer URL, IP address, time of server request
• Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in system security)
• Purpose: System security, error analysis, abuse detection
• Storage duration: 7 days (automatic deletion)
• Hosting: Google Cloud Platform (europe-west1/europe-west3), EU data processing

Contact Form

When you send us inquiries via the contact form, the following data is processed:

• Data types: Name, email address, company name (optional), message, IP address, timestamp
• Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation), Art. 6 para. 1 lit. f GDPR (legitimate interest)
• Purpose: Processing your inquiry, communication, quote preparation
• Storage duration: 3 years from receipt of inquiry
• Transmission: EmailJS (see section "External Service Providers")

User Registration (NextAuth)

For access to protected areas of our website, we use an authentication system:

• Data types: Email address, name, profile picture (from Google), session token, IP address, login time
• Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
• Purpose: Provision of protected content, user identification, security
• Restriction: Only email addresses with the domain "@identic.pro" are permitted
• Storage duration: During active use + 6 months after last login
• OAuth provider: Google (see section "External Service Providers")

Content Management (Sanity)

For managing website content, we use the Sanity Content Management System:

• Data types: Content, images, metadata, editor information, IP addresses
• Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in content management)
• Purpose: Website content management, provision of current content
• Provider: Sanity AS, Norway (EU data processing)
• Hosting: Google Cloud Platform EU regions
• Data protection: GDPR-compliant, SOC 2 Type II certified

AI-Assisted Assistant

Our website offers an AI-powered chat assistant via Google Discovery Engine:

• Data types: Chat messages, session ID, IP address, timestamp, consent status
• Legal basis: Art. 6 para. 1 lit. a GDPR (consent via Consent Manager)
• Purpose: Provision of AI-powered responses, user interaction
• Processing: Google Cloud Discovery Engine (EU regions)
• Control: Only with explicit consent via our Consent Management System
• Storage duration: Session-based, no permanent storage of chats

4. Consent Management and Cookies

c15t Consent Manager

We use a professional Consent Management System for GDPR-compliant collection of consents:

• Provider: c15t (GDPR-certified solution)
• Purpose: Management of user consents, cookie control
• Legal basis: § 25 TDDDG, Art. 6 para. 1 lit. c GDPR (legal obligation)
• Consent categories:
  • Necessary: For basic website functionality (always active)
  • Measurement: For web analytics and statistics (Google Analytics)
  • Functionality: For advanced features (AI assistant)

Your control options:

• Settings can be adjusted at any time via the consent widget
• Granular control over each category
• Consent can be revoked at any time

Google Analytics 4

With your consent, we use Google Analytics 4 to analyze website usage:

• Provider: Google Ireland Limited, Ireland
• Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
• Purpose: Website analysis, user behavior, optimization
• Data types: Pseudonymous user data, page views, dwell time, device information
• Control: Only after explicit consent via Consent Manager
• Storage duration: 26 months (automatic)
• Data processing: EU regions (where available)
• More information: Google Analytics Privacy

5. External Service Providers

EmailJS

For transmitting contact form messages, we use EmailJS:

• Provider: EmailJS Pte. Ltd., Singapore
• Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
• Purpose: Transmission of contact inquiries via email
• Data transfer: Outside the EU (Standard Contractual Clauses according to GDPR)
• Data processing: Data Processing Agreement (DPA) available
• Security: TLS encryption, no data storage beyond the purpose
• Privacy: EmailJS Privacy Policy

Google Cloud Platform

Our entire infrastructure is hosted on Google Cloud Platform:

• Provider: Google Cloud Ireland Limited
• Services: Cloud Run, Discovery Engine, IAM, Cloud Build, Secret Manager
• Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure hosting)
• Data location: Exclusively EU regions (europe-west1/europe-west3)
• Certifications: ISO 27001, SOC 2, GDPR-compliant
• Data protection: EU Standard Contractual Clauses (SCCs)
• Data sovereignty: Assured Workloads available for the EU

Google OAuth (NextAuth)

For user registration, we use Google OAuth via NextAuth:

• Provider: Google Ireland Limited
• Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
• Purpose: Secure user authentication
• Transferred data: Email address, name, profile picture
• Restriction: Only @identic.pro email addresses
• Privacy: Google Privacy Policy

6. Your Rights as a Data Subject

You have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR)

You have the right to request information about the personal data we have stored about you.

Right to Rectification (Art. 16 GDPR)

You have the right to demand immediate correction of inaccurate personal data concerning you.

Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided the requirements of Art. 17 GDPR are met.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of the processing of your personal data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing for reasons relating to your particular situation.

Right to Withdraw Consent

You can withdraw granted consents at any time with effect for the future. This particularly applies to:

• Google Analytics (via Consent Manager)
• AI Assistant (via Consent Manager)

Right to Complain to a Supervisory Authority

You have the right to complain to a data protection supervisory authority:

Responsible authority for North Rhine-Westphalia: State Commissioner for Data Protection and Freedom of Information NRW Kavalleriestraße 2-4 40213 Düsseldorf Tel: +49 (0)211/38424-0 Email: poststelle@ldi.nrw.de

7. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in the browser line.

8. Contact for Data Protection Inquiries

For all inquiries regarding data protection, exercising your rights, or complaints, please contact us at:

IDENTIC Projects eGbR
Data Protection Inquiries
Email: info@identic.pro
Mail: Kreuzberg 71, 59846 Sundern, Germany

We will process your inquiry within 30 days in accordance with Art. 12 GDPR.

9. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services. The new privacy policy will then apply to your next visit.

Version history:

• Version 1.0 (27.11.2024): Complete revision in accordance with GDPR, DDG and TDDDG

This privacy policy was created in accordance with the General Data Protection Regulation (GDPR), the Digital Services Act (DDG), and the Telecommunications-Digital Services-Data Protection Act (TDDDG).