Privacy Policy
Information on the collection and processing of personal data pursuant to the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG).
The protection of your personal data is important to Zirkel Technologies GmbH. This Privacy Policy explains what personal data we collect when you visit our website, how we use it, on what legal basis we do so, and what rights you have. We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Telecommunications Digital Services Data Protection Act (TDDDG), and all other applicable data protection laws.
Controller
The controller responsible for data processing on this website within the meaning of Art. 4(7) GDPR is:
Zirkel Technologies GmbH
Taunustor 1
60310 Frankfurt am Main
Germany
Phone: +49 69 50 50 60 4529
Email: info@zirkeltech.com
Website: https://www.zirkeltech.com
Managing Director: Kapil Gupta
Data Protection Contact
For questions regarding the processing of your personal data, please contact our data protection contact:
Data Protection Contact - Zirkel Technologies GmbH
Taunustor 1, 60310 Frankfurt am Main, Germany
Scope
This Privacy Policy applies to the website https://www.zirkeltech.com (including all language routes such as /en/ and /de/) and the blog at https://blogs.zirkeltech.com.
It does not apply to third-party websites linked from our site. Please refer to the respective privacy policies of those websites.
Legal Bases for Processing
All personal data processing on this website is based on one of the following legal grounds under Article 6 GDPR:
| Legal Basis | Article | When Applied |
|---|---|---|
| Consent | Art. 6(1)(a) GDPR | Non-essential cookies - only after explicit acceptance via consent banner |
| Pre-contractual / Contract | Art. 6(1)(b) GDPR | Processing an enquiry that constitutes a request for a specific service or quotation |
| Legal obligation | Art. 6(1)(c) GDPR | Statutory retention of commercial correspondence |
| Legitimate interests | Art. 6(1)(f) GDPR | Secure website operation, server log files, general business enquiries |
Server Log Files
When you visit our website, your browser automatically transmits information that is recorded in server log files. The following data may be collected:
- Browser type and version
- Operating system
- Referring URL
- Hostname or IP address of the accessing device
- Date and time of the server request
- HTTP status code and data volume transferred
These data are not merged with other data sources and are not used to identify individual users.
Legal basis: Art. 6(1)(f) GDPR - legitimate interest in secure, stable website operation.
Retention: Up to 30 days, unless longer retention is required for security investigations.
SSL/TLS Encryption
This website uses SSL/TLS encryption. All data you transmit to us is protected from third-party access during transmission.
Hosting
Our website is hosted by:
Vercel Inc.
440 N Barranca Ave #4133, Covina, CA 91723, USA
Privacy Policy: vercel.com/legal/privacy-policy
Personal data collected on this website - including IP addresses and server log data - is stored on Vercel's infrastructure. Vercel operates edge nodes within the European Economic Area.
Legal basis: Art. 6(1)(f) GDPR - legitimate interest in reliable, professional website provision.
DPA: A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded with Vercel.
Third-country transfer (USA): Vercel Inc. is certified under the EU-US Data Privacy Framework (DPF). Data transfers to the US are therefore primarily based on the European Commission's adequacy decision pursuant to Art. 45 GDPR. As a precautionary measure and fallback mechanism, the Standard Contractual Clauses (SCCs) concluded with Vercel pursuant to Art. 46(2)(c) GDPR remain in effect. Documentation: vercel.com/legal/dpa.
Cookies & Consent Management
Our website uses cookies and similar technologies. Where consent is required for storing information on your device or accessing information stored on your device, this is done on the basis of Section 25 TDDDG and – where personal data is processed – additionally on the basis of Art. 6(1)(a) GDPR. Necessary cookies are used on the basis of Section 25(2) TDDDG. You may withdraw or adjust your consent at any time via the cookie settings icon.
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
| zt_consent | zirkeltech.com | Stores your cookie and consent preferences | Up to 12 months |
| zt_session | zirkeltech.com | Session management for secure operation | Session |
| zt_lang | zirkeltech.com | Stores your preferred language selection (DE/EN) | Up to 12 months |
Web analytics: Our website uses Matomo for aggregate, cookieless audience measurement. Matomo does not set cookies or access information on your device and therefore does not fall under the consent requirement of Section 25 TDDDG. See Section 12 (Analytics) for full details and your right to object.
Contact Forms and Enquiries
If you contact us via a contact form or by email, we process the personal data you provide in order to respond to your request.
Data collected: Name, email address, company name (optional), message content.
Purpose: Responding to your enquiry and any follow-up communication.
Legal basis: Art. 6(1)(f) GDPR - legitimate interest in responding to business enquiries. Where your enquiry constitutes a request for a specific service or quotation, processing is additionally based on Art. 6(1)(b) GDPR.
Retention: General inquiries are deleted 3 months after the final response, provided they do not lead to a pre-contractual or contractual relationship. If the inquiry evolves into business correspondence, it is subject to statutory retention obligations and will not be deleted after 3 months. Statutory periods then apply: 6 years under §257 HGB (commercial letters) or 10 years under §147 AO (tax-relevant documents).
External Links and Social Networks
Our website contains links to external websites including LinkedIn. When you click such a link, you leave our website and the respective operator becomes responsible for processing your data. We have no influence over external websites.
| Platform | Privacy Policy | Integration |
|---|---|---|
| linkedin.com/legal/privacy-policy | Hyperlink only - no tracking tag installed. Data transfer to LinkedIn occurs only upon clicking the link. |
Processors and Data Processing Agreements
We have concluded Data Processing Agreements (DPAs) pursuant to Art. 28 GDPR with all service providers that process personal data on our behalf. These processors are contractually bound to process personal data only according to our instructions and in compliance with applicable data protection law.
| Processor | Location | Purpose | Safeguard |
|---|---|---|---|
| Vercel Inc. | USA (EU edge nodes) | Website hosting and delivery | SCCs + DPA |
| Hostinger International Ltd | Lithuania (EU) | Self-hosted CMS infrastructure | DPA |
Transfers of Data to Third Countries
Some service providers are based outside the European Economic Area (EEA). Where personal data is transferred to third countries, we ensure appropriate safeguards pursuant to Chapter V GDPR:
| Safeguard | GDPR Basis | Applies To |
|---|---|---|
| Adequacy Decision + SCCs (Fallback) | Art. 45 GDPR (primary) / Art. 46(2)(c) GDPR | Vercel Inc. (USA) |
Furthermore, Zirkel Technologies GmbH has team members and physical offices in several countries. Where staff access personal data as part of their work, the following safeguards apply:
| Country | Safeguard | Basis |
|---|---|---|
| Canada (Oakville, ON) | Adequacy decision | Art. 45 GDPR - Canada recognised as providing adequate protection |
| Switzerland (Zurich) | Adequacy Decision | Art. 45 GDPR - Switzerland is recognised as providing adequate data protection |
| India (Noida) | Standard Contractual Clauses | Art. 46(2)(c) GDPR - SCCs in employee/contractor agreements |
| EU States (Vienna, AT & Riga, LV) | EEA - no transfer | EU Member States - no third-country transfer applies |
Automated Decision-Making and Profiling
Website visitors: We do not carry out automated decision-making or profiling of website visitors that produces legal effects or significantly affects individuals (Art. 22 GDPR).
Analytics — Matomo (self-hosted): We use Matomo to measure aggregate usage of this website. Our Matomo instance runs on infrastructure under our direct control in the EU (Hostinger International Ltd, Lithuania) and does not share any data with Matomo's operator or any other third party.
Configuration: Matomo is configured in a cookieless, privacy-preserving mode:
- No cookies are set.
- IP addresses are anonymised (last two octets removed) before any storage. Only the anonymised form is retained.
- No cross-session or cross-device user identifier is created.
- The DoNotTrack signal sent by your browser is respected; visits with DoNotTrack enabled are not recorded.
Data collected: Anonymised IP (country level only), page URLs visited, referrer URL, timestamp, browser and operating system, screen resolution, custom events (e.g. contact form submission, file downloads).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring and improving our website). Because no information is stored on or accessed from your device, the consent requirement of Section 25 TDDDG does not apply (§ 25(2) TDDDG does not require consent for this processing, since no access to information on the terminal equipment takes place).
Retention: Raw visit logs are deleted after 24 months; aggregated statistical reports are retained indefinitely.
Right to object: You can object to this processing at any time. Use the opt-out link below; your choice is stored locally in your browser and remains effective until you clear your browser storage. Exclude me from Matomo tracking (This sets a "do not track" flag in your browser's local storage. It remains in effect until you clear browser data.)
AI services: Zirkel Technologies GmbH provides AI and machine learning services to business clients. Any automated processing forming part of client-specific solutions is governed by the data processing terms agreed with those clients and does not affect visitors to this website.
Data Security
We implement appropriate technical and organisational measures to protect personal data pursuant to Art. 32 GDPR, including:
- SSL/TLS encryption for all data transmitted to and from this website
- Secure hosting infrastructure with access controls and monitoring
- Regular security updates and patching
- Restricted access to personal data on a need-to-know basis
- Data Processing Agreements with all processors
Retention Periods
Personal data is stored only as long as necessary for the purposes described or as required by law.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Server log files | Up to 30 days | Art. 6(1)(f) GDPR |
| Contact form submissions | Up to 3 months after final response (only for purely informational inquiries without subsequent business) | Art. 6(1)(f) GDPR |
| Commercial correspondence (§257 HGB) | 6 years from end of calendar year | Art. 6(1)(c) GDPR |
| Tax-relevant records (§147 AO) | 10 years from end of calendar year | Art. 6(1)(c) GDPR |
| Matomo raw visit logs | 24 months (aggregated statistical reports retained indefinitely) | Art. 6(1)(f) GDPR |
| Cookie consent records (zt_consent) | Up to 12 months or until consent is withdrawn earlier or the cookie is deleted | Art. 6(1)(f) GDPR |
Your Rights as a Data Subject
To exercise any of the following rights, contact: datenschutzerklaerung@zirkeltech.com
| Right | Article | Description |
|---|---|---|
| Right of access | Art. 15 GDPR | Obtain confirmation whether your data is processed and receive a copy |
| Right to rectification | Art. 16 GDPR | Have inaccurate or incomplete data corrected |
| Right to erasure | Art. 17 GDPR | Request deletion where data is no longer necessary |
| Right to restriction | Art. 18 GDPR | Request limited processing in certain circumstances |
| Right to data portability | Art. 20 GDPR | Receive your data in a structured, machine-readable format |
| Right to withdraw consent | Art. 7(3) GDPR | Withdraw consent at any time without affecting prior lawful processing |
Right to Object - Important Notice
Right to Object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data where that processing is based on Art. 6(1)(f) GDPR (legitimate interests). Upon objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
You also have the right to object at any time to processing for direct marketing purposes. We will immediately cease such processing upon objection.
To exercise your right to object: datenschutzerklaerung@zirkeltech.com
Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular with the supervisory authority competent for our registered office or with the supervisory authority at your habitual residence, place of work, or the place of the alleged infringement.
Supervisory Authority Competent for Our Registered Office in Hesse
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 31 63, 65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Amendments
We reserve the right to update this Privacy Policy to reflect changes in legal requirements or our services. The current version of this Privacy Policy is available on this page. We will indicate material changes by updating the date at the top of the page.
Let's shape the future together!
Write us an email at info@zirkeltech.com or complete the form.