Skip to content
    Legal

    Privacy Policy

    Deepvac GmbH

    Last updated: July 2026

    Controller

    Deepvac GmbH

    Represented by the Managing Director John Robertus

    An der Universität 1 (Building 8141)

    30823 Garbsen

    Germany

    Email: info@deepvac.space

    Phone: +49 157 830 270 99

    Registered office: Hanover, Germany

    General Information on Data Processing

    We process personal data only to the extent necessary to provide a functional website, respond to inquiries, present our services, and operate our business communication in a secure and efficient manner.

    Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

    Personal data is not transferred to third parties unless this is necessary for the technical operation of the website, for the performance of a contract or pre-contractual measures, for compliance with a legal obligation, on the basis of your consent, or otherwise permitted by law.

    Legal Bases for Processing

    Where we process personal data, we rely in particular on the following legal bases:

    • Art. 6(1)(a) GDPR: consent
    • Art. 6(1)(b) GDPR: performance of a contract or pre-contractual measures
    • Art. 6(1)(c) GDPR: compliance with a legal obligation
    • Art. 6(1)(f) GDPR: legitimate interests

    Where processing is based on Art. 6(1)(f) GDPR, our legitimate interests lie in the secure, stable, efficient, and user-oriented operation of our website, the professional presentation of our company, and our business communication.

    Website Access Data and Server Log Files

    When you access our website, information is automatically collected by our hosting provider in so-called server log files. This may include:

    • IP address
    • Date and time of access
    • Requested content
    • Access status and HTTP status code
    • Amount of data transferred
    • Referrer URL
    • Browser type and version
    • Operating system

    This data is processed to ensure the stability, security, and technical functionality of the website and to detect, prevent, and investigate misuse or security-related incidents.

    Legal basis: Art. 6(1)(f) GDPR.

    Server log data is generally stored for a maximum of 7 days unless longer retention is required for the investigation of security-related incidents or to assert, exercise, or defend legal claims.

    Contact by Email or Contact Form

    If you contact us by email or submit an inquiry via our contact form, we process the personal data you provide for the purpose of handling your inquiry and communicating with you.

    This may include in particular:

    • first name
    • last name
    • business email address
    • company name
    • phone number, where voluntarily provided
    • project or application information
    • message content

    Mandatory fields in the contact form are marked accordingly. These data are required in order to process your request.

    Legal basis:

    • Art. 6(1)(b) GDPR, if your inquiry relates to pre-contractual measures or the performance of a contract
    • Art. 6(1)(f) GDPR, for general business communication and other inquiries

    Your data will not be shared with third parties unless this is necessary to process your request, required by law, or otherwise legally permitted.

    For the technical receipt and processing of form inquiries we use the Supabase platform (Supabase Inc., USA) as a processor pursuant to Art. 28 GDPR. Where personal data is transferred to third countries in this context, the transfer is based on the EU Standard Contractual Clauses.

    We store your inquiry only for as long as necessary to process it. Where statutory retention obligations apply, storage may continue for the duration required by applicable law.

    Provision of Personal Data

    The provision of personal data is neither legally nor contractually required. However, certain information may be necessary for us to process and respond to your inquiry. If you do not provide the relevant data, we may be unable to handle your request.

    Hosting

    This website is hosted by:

    Hetzner Online GmbH

    Industriestr. 25

    91710 Gunzenhausen

    Germany

    Hetzner Online GmbH processes personal data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. Data processing takes place on servers located in Nuremberg, Germany.

    Cookies and Similar Technologies

    This website uses technically necessary cookies and similar storage technologies (such as localStorage) required for the secure and proper operation of the website.

    No marketing, profiling, analytics, or advertising tracking technologies are used.

    Where optional external content is available, your preference may be stored locally on your device using browser storage. This is not used for tracking purposes.

    You can view and change your choices at any time through the Privacy Settings link in the footer of this website.

    Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and efficient provision of our website.

    Google Maps

    This website offers the option to display an interactive map provided by Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Maps is loaded only after you have given explicit consent.

    When Google Maps is activated, your IP address and technical connection data may be transmitted to Google servers, which may be located outside the European Economic Area.

    Your consent preference is stored locally on your device using browser storage (localStorage). No data is transmitted to Google until you opt in.

    You can withdraw your consent at any time through the Privacy Settings link in the footer or directly on the contact page.

    Legal basis: Art. 6(1)(a) GDPR (consent).

    For more information, see the Google Privacy Policy at https://policies.google.com/privacy.

    Cloudflare Turnstile

    This website uses Cloudflare Turnstile (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) to protect contact forms from automated abuse and bot submissions.

    When you submit a contact form, technical data such as your IP address, browser type, and interaction behavior may be processed by Cloudflare to determine whether the submission originates from a human user.

    Cloudflare processes this data as a processor on the basis of our instructions. The data is used exclusively for abuse prevention and is not used for tracking, profiling, or advertising purposes.

    Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our contact forms from spam and automated abuse.

    For more information, see the Cloudflare Privacy Policy at https://www.cloudflare.com/privacypolicy/.

    Appointment Scheduling via Calendly

    For online appointment scheduling we integrate the Calendly service provided by Calendly LLC, 271 17th St NW, Atlanta, Georgia 30363, USA. The booking calendar is only loaded after you have expressly consented in the booking dialog. No data is transferred to Calendly before you give consent.

    Once the calendar is loaded, your IP address and technical connection data are transferred to Calendly. If you book an appointment, Calendly additionally processes the details you enter (e.g. name, email address, selected time slot, optional message). Processing also takes place on servers in the USA; the transfer is based on appropriate safeguards pursuant to Art. 44 et seq. GDPR (EU Standard Contractual Clauses or certification under the EU-U.S. Data Privacy Framework).

    You may withdraw your consent at any time with effect for the future – directly in the booking dialog via “Withdraw consent” or by clearing this website's local browser data.

    Legal basis: Art. 6(1)(a) GDPR (consent); for carrying out a booked appointment, Art. 6(1)(b) GDPR.

    Further information is available in Calendly's privacy policy: https://calendly.com/privacy

    Data Retention

    Personal data is stored only for as long as necessary for the respective processing purpose or as required by statutory retention periods under German law.

    Business correspondence may be retained in accordance with applicable commercial and tax retention obligations.

    Data Security

    We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

    Data transmission between your browser and our website is encrypted using SSL or TLS technology.

    Your Rights

    You have the following rights under the GDPR:

    • Right of access pursuant to Art. 15 GDPR
    • Right to rectification pursuant to Art. 16 GDPR
    • Right to erasure pursuant to Art. 17 GDPR
    • Right to restriction of processing pursuant to Art. 18 GDPR
    • Right to data portability pursuant to Art. 20 GDPR
    • Right to object pursuant to Art. 21 GDPR
    • Right to withdraw consent at any time pursuant to Art. 7(3) GDPR

    Where personal data is processed on the basis of Art. 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation.

    Supervisory Authority

    If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a supervisory authority.

    The competent supervisory authority for Deepvac GmbH is:

    The State Commissioner for Data Protection of Lower Saxony

    Prinzenstraße 5

    30159 Hannover

    Germany

    No Automated Decision-Making

    We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR in connection with this website.

    Changes to this Privacy Policy

    We reserve the right to update this Privacy Policy in order to reflect changes in legal requirements or changes to our website or our services. The version published on our website shall apply.