Privacy Policy

Processing of personal data is based in particular on the following legal bases:

• Art. 6(1)(a) GDPR, where you have given your consent.
• Art. 6(1)(b) GDPR, where processing is necessary for the performance of pre-contractual measures or a contract.
• Art. 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation.
• Art. 6(1)(f) GDPR, where processing is necessary for the purposes of a legitimate interest and no overriding interests or fundamental rights of the data subject exist.

When this website is accessed, technically necessary data is processed so that the website can be displayed, operated stably, and protected against attacks or misuse. The following data may in particular be processed:

• IP address
• Date and time of access
• Page or file accessed
• Data volume transferred
• Referrer URL
• Browser type and version
• Operating system
• Hostname of the accessing system
• Technical connection and security data

Processing takes place to provide, secure, analyse errors in, and stabilise the website. The legal basis is Art. 6(1)(f) GDPR. My legitimate interest lies in the secure, stable, and technically fault-free operation of the website and in defending against abusive access. Server log files are retained only for as long as necessary for the aforementioned purposes. Longer retention may occur if this is necessary to investigate security incidents, misuse, or unlawful actions.

I use Cloudflare as a network, security, and proxy service to secure, accelerate, and stably deliver this website. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare may in particular process the following data:

• IP addresses
• Access data
• Security events
• Technical connection data
• Device and browser information
• Information for detecting and fending off abusive access

Processing takes place to deliver the website securely, performantly, and reliably, to defend against attacks, and to prevent technical disruptions. The legal basis is Art. 6(1)(f) GDPR. My legitimate interest lies in the secure, stable, and performant operation of the website and in defending against attacks and misuse. Where Cloudflare processes personal data on my behalf, this is done on the basis of a data processing agreement. Processing of personal data in countries outside the European Union or European Economic Area cannot be excluded. Where a third-country transfer takes place, it is carried out on the basis of the applicable legal requirements, in particular an adequacy decision of the European Commission, appropriate safeguards such as EU standard contractual clauses, or another legal basis.

When you contact me by email, I process the data you provide to handle your enquiry. This may in particular include:

• Name
• Email address
• Telephone number, if provided
• Communication content
• Technical details of desired or existing computer systems
• Budget and use-case information
• Details of customer-owned components
• Other voluntary information

Processing takes place to handle your enquiry, to carry out pre-contractual measures, and if applicable, for subsequent contract performance. The legal basis is Art. 6(1)(b) GDPR where processing is necessary to handle your enquiry, prepare a quotation, or perform a contract. Where processing serves technical organisation, documentation, or defence against misuse, the legal basis is Art. 6(1)(f) GDPR. Enquiry data is deleted once it is no longer required for handling and no statutory retention obligations or legitimate interests in further storage exist.

When you use the contact form on this website, I process the data entered to handle your enquiry. Depending on the form, the following data may in particular be processed:

• Name
• Email address
• Telephone number, if provided
• Desired service
• Budget range
• Use case (e.g. gaming, workstation, streaming, CAD)
• Technical details of the desired or existing system
• Details of existing or customer-owned components
• Details of desired special services (e.g. custom PC build, direct-die, water cooling, custom cables, overclocking, undervolting, OS setup, data migration)
• Message text
• Optional additional information
• Technical metadata of the enquiry

Processing takes place to handle your enquiry, carry out pre-contractual measures, prepare quotations, and if applicable, for subsequent contract performance. The legal basis is Art. 6(1)(b) GDPR. Where processing serves technical security, documentation, or defence against misuse, the legal basis is Art. 6(1)(f) GDPR. Data is deleted once it is no longer required for handling the enquiry and no statutory retention obligations or legitimate interests in further storage exist.

A self-hosted Cal.com system may be used for appointment bookings. When you use the booking system, the following data may in particular be processed:

• Name
• Email address
• Requested appointment time
• Appointment type
• Message or description of the request
• Technical appointment booking data
• Calendar and organisational data

Processing takes place for scheduling, managing, and preparing consultation appointments, and for carrying out pre-contractual measures. The legal basis is Art. 6(1)(b) GDPR where the appointment booking serves the initiation or performance of a contract. Where processing serves the organisation and technical provision of the booking system, the legal basis is Art. 6(1)(f) GDPR. Appointment booking data is deleted once it is no longer required for appointment management and further handling, and no statutory retention obligations or legitimate interests in further storage exist.

Brevo may be used for sending certain emails and handling technical communication. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo is a service of the Brevo Group. The following data may in particular be processed via Brevo:

• Name
• Email address
• Dispatch and delivery information
• Communication content
• Quotation and order reference
• Technical email metadata
• Open and delivery information where technically required or enabled

Brevo is used in particular for transactional emails, quotation communication, appointment confirmations, system notifications, and contract-related communication. The legal basis is Art. 6(1)(b) GDPR where communication is necessary for pre-contractual measures or contract performance. Where use serves technical organisation and reliable email delivery, the legal basis is Art. 6(1)(f) GDPR. Where Brevo processes personal data on my behalf, this is done on the basis of a data processing agreement. Processing of personal data outside the European Union or European Economic Area cannot be excluded and only takes place in accordance with applicable legal requirements.

This website may include links to WhatsApp or Telegram. Merely visiting this website does not generally transmit any data to these services via plain text links. When you actively click such a link or make contact via WhatsApp or Telegram, the respective provider processes personal data under its own responsibility. The following data may in particular be affected:

• Telephone number
• Username or display name
• Profile picture, if available
• Communication content
• Communication metadata
• Device and connection data

Please do not use messenger services for particularly sensitive information, passwords, access credentials, payment data, recovery keys, private storage media contents, or other confidential information. Processing by me takes place to handle your enquiry and communicate with you. The legal basis is Art. 6(1)(b) GDPR where communication serves pre-contractual measures or contract performance; Art. 6(1)(f) GDPR where communication serves general organisation and accessibility. The privacy information of the respective provider also applies.

A self-hosted instance of Umami may be used for privacy-friendly analysis of website usage. Umami serves to obtain basic information about website usage, for example which pages are visited and how the website is used technically. The aim is to improve content, usability, stability, and technical performance. The following data may in particular be processed:

• Pages visited
• Time of page access
• Referrer
• Browser type
• Operating system
• Device type
• Approximate location based on technical access data, where enabled
• Anonymised or truncated technical usage data, where configured accordingly

Where Umami is used without tracking cookies and without personal re-identification, no cookie-based profiling takes place. Analysis is then based on aggregated or data-minimising usage data. The legal basis is Art. 6(1)(f) GDPR. My legitimate interest lies in statistical analysis of website usage, improving my service, and technical optimisation of the website. Where use requiring consent takes place in future, consent will be obtained in advance.

When you submit an enquiry, use a consultation, request a quotation, or place an order, I process the personal data required for this. This may in particular include:

• Name
• Address
• Email address
• Telephone number
• Invoice data
• Delivery address
• Payment data
• Quotation and order data
• Communication content
• Budget information
• Intended use case
• Technical requirements
• Component lists
• Details of customer-owned components
• Details of desired special services
• Documentation, testing, and handover data
• Serial numbers where required for documentation, support, or warranty processing
• Support and complaint data

Processing takes place to handle your enquiry, for consultation, quotation, contract performance, invoicing, delivery, documentation, support handling, and processing statutory warranty rights. The legal basis is Art. 6(1)(b) GDPR. Where statutory retention obligations exist, the legal basis is Art. 6(1)(c) GDPR. Where data is stored to assert, exercise, or defend legal claims, the legal basis is Art. 6(1)(f) GDPR.

Where you hand over or send in customer-owned components, storage media, computers, memory devices, or other equipment, personal data may be processed in the course of technical work. This may in particular be the case with:

• Data migration
• Operating system installation or optimisation
• Error analysis
• Backup or recovery work
• Work on existing storage media
• Testing of existing systems
• Support or RMA cases

Depending on the order, personal or confidential data present on the device or storage medium may become visible or technically accessible. I process such data only to the extent necessary for performing the specific order. Please create complete and up-to-date backups before handing over or sending in equipment. Please remove unnecessary personal, confidential, or sensitive data in advance where possible. Please only share passwords, recovery keys, or access credentials where this is required for the performance of the order. The legal basis is Art. 6(1)(b) GDPR where processing is necessary for order performance. Where processing is required for documentation, error analysis, recordkeeping, or defending against claims, the legal basis is Art. 6(1)(f) GDPR. No content-based evaluation of private data takes place. Access to content only occurs where this is technically required for performing the commissioned process or has been expressly requested by the customer.

Where payments are made by bank transfer, I process the data required for payment allocation. This may in particular include:

• Name of the account holder
• IBAN or abbreviated account information as visible on statements
• Payment amount
• Payment reference
• Payment date
• Invoice and order number

Where you use a payment via an external payment service provider, in particular PayPal, the data required for payment processing is transmitted to the respective provider or processed there directly. The following data may in particular be affected: name, email address, invoice data, payment amount, transaction data, payment status, and technical payment information. The legal basis is Art. 6(1)(b) GDPR where processing is required for contract performance and payment processing. Where statutory retention obligations exist, the legal basis is Art. 6(1)(c) GDPR. The privacy information of the respective payment service provider also applies.

In the context of invoicing, accounting, and tax documentation, I process personal data to the extent required by law. This may in particular include:

• Name
• Address
• Invoice data
• Payment data
• Service description
• Order data
• Tax-relevant documents
• Business correspondence

The legal basis is Art. 6(1)(c) GDPR in conjunction with statutory retention, bookkeeping, and tax obligations. Where processing additionally serves proper business organisation, the legal basis is Art. 6(1)(f) GDPR. Invoice, accounting, and tax-relevant data is retained in accordance with statutory retention obligations.

Where an order is dispatched, I process the data required for shipping, delivery, and shipment tracking. This may in particular include:

• Name
• Delivery address
• Email address
• Telephone number, where required for shipping or delivery coordination
• Tracking number
• Shipping service provider
• Shipping status
• Information on goods value and transport insurance where required

This data may be transmitted to shipping service providers where required for dispatch, delivery, shipment tracking, or handling of damage claims. The legal basis is Art. 6(1)(b) GDPR. Where processing serves tracking, transport security, or asserting claims, the legal basis is Art. 6(1)(f) GDPR.

Where you use support, warranty, complaints, or an RMA process, I process the personal data required for this. This may in particular include:

• Name
• Contact details
• Order and invoice data
• Fault description
• System data
• Component lists
• Serial numbers
• Photos or videos of the system
• Testing and diagnostic data
• Communication history
• Shipping and return data

Processing takes place to handle support requests, statutory warranty rights, goodwill cases, manufacturer warranty processing, error analysis, documentation, and recordkeeping. The legal basis is Art. 6(1)(b) GDPR where processing is required for contract performance or handling statutory warranty rights. Where processing serves documentation, recordkeeping, or defending against claims, the legal basis is Art. 6(1)(f) GDPR.

Personal data is only disclosed where this is necessary, a legal obligation exists, you have consented, or another legal basis exists. Recipients of personal data may in particular include:

• Hosting and infrastructure service providers
• Cloudflare as network, security, and proxy service
• Brevo for email communication
• Payment service providers
• Shipping service providers
• IT and maintenance service providers
• Tax advisors and accounting
• Authorities, courts, or other public bodies where required by law
• Manufacturers, suppliers, or distributors where required for warranty, complaints, RMA, or guarantee processing

No disclosure for advertising purposes takes place.

For individual service providers, it cannot be excluded that personal data is also processed in countries outside the European Union or the European Economic Area. Where such a third-country transfer takes place, it is carried out only on the basis of the applicable legal requirements, in particular:

• An adequacy decision of the European Commission
• Appropriate safeguards such as EU standard contractual clauses
• Binding corporate rules
• Explicit consent
• Or another legal basis

The provision of personal data is generally voluntary. However, certain data is required for specific processes. Without the provision of required data, I am in particular unable to:

• Handle enquiries at all or only to a limited extent
• Carry out consultations
• Prepare quotations
• Conclude contracts
• Issue invoices
• Make deliveries
• Handle support or warranty cases

Subject to the applicable legal requirements, you have in particular the following rights:

• Right of access to data processed about you pursuant to Art. 15 GDPR
• Right to rectification of inaccurate data pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to object to processing based on Art. 6(1)(e) or (f) GDPR pursuant to Art. 21 GDPR
• Right to withdraw consent with effect for the future pursuant to Art. 7(3) GDPR
• Right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR

To exercise your rights, you can contact me using the contact details above.

You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes data protection law. You may in particular contact the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement. The competent authority for Brandenburg is: