AGIDAT – Datenschutz | Informationssicherheit

Privacy Policy

Last updated: June 2026 · This policy applies to the website www.agidat.de

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

agidat — wandrey GmbH
Jan Wandrey
Krusauer Straße 98
12305 Berlin
Germany

Email: kontakt@agidat.de
Website: www.agidat.de

No Data Protection Officer has been appointed.

2. General information on data processing

We process personal data only where necessary to provide a functioning website, to handle inquiries, to carry out pre-contractual measures, or to comply with legal obligations. Further processing only takes place where a legal basis exists or you have given your prior consent.

This website does not use web tracking, analytics tools such as Google Analytics, social media pixels, or external advertising services.

Fonts are loaded via Bunny Fonts (fonts.bunny.net), a privacy-friendly font service with servers in the EU. Google Fonts are not loaded from Google LLC servers.

3. External services and processors

3.1 Hosting and CDN provider

This website is provided via bunny.net. The provider is:

BunnyWay d.o.o.
Cesta komandanta Staneta 4A
SI-1215 Medvode
Slovenia

Bunny.net provides technical infrastructure for delivering the website, in particular hosting and content delivery network (CDN) services. Technically necessary access data is processed so that the website can be delivered to your device, system security can be ensured, and disruptions can be detected.

Data processed: IP address, date and time of the request, data volume transferred, browser type and version, operating system used, referrer URL (previously visited page), and the requested resource (page, file).

A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded with bunny.net.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the secure, stable, and efficient provision of our website.

Retention period: Server log files are stored for a maximum of 30 days and then automatically deleted, unless longer retention is required to investigate abuse or disruptions.

Third-country transfer: Data processing takes place on servers within the European Union. No transfer to third countries occurs.

Further information: https://bunny.net/privacy

3.2 Bunny Storage (CDN resources)

For the delivery of static content (e.g. images, stylesheets, scripts), we use Bunny Storage and the Bunny CDN. The provider is also BunnyWay d.o.o. (see above). Each time these resources are accessed, your IP address is transmitted to the nearest CDN server in order to deliver the content quickly and reliably.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast loading times and availability).

Third-country transfer: Delivery takes place via servers in the European Union.

3.3 Bunny Fonts (web fonts)

For consistent display of fonts, we use Bunny Fonts. The provider is BunnyWay d.o.o. (see above). Bunny Fonts is a privacy-friendly alternative to Google Fonts. The fonts are loaded from servers in the EU. Unlike Google Fonts, no personal data is used for other purposes (such as advertising or analytics). When fonts are loaded, your IP address is transmitted to Bunny Fonts servers, as this is technically necessary to deliver the font files to your browser.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent, professional presentation).

Third-country transfer: Data processing takes place exclusively on servers within the European Union.

3.4 Umami Analytics (web analytics)

This website uses Umami Analytics, a privacy-friendly web analytics tool. Umami operates without cookies, without creating user profiles, and without collecting personal data such as names or email addresses. Only aggregated, anonymized usage statistics are collected (e.g. pages visited, country of origin, device types used).

The service is provided via BunnyWay d.o.o. infrastructure (see section 3.1) under the domain mc-k0j5a3938f.bunny.run.

On certain pages, a session recording function is additionally used to improve usability. Anonymized page interactions are recorded; identification of individual persons does not take place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving our website). As no personal data is collected, a separate consent is not required under the current assessment.

Third-country transfer: Processing takes place via BunnyWay d.o.o. infrastructure in the EU (see section 3.1). No transfer to third countries occurs.

Further information: https://umami.is/docs/faq

4. Encrypted data transmission

Please note that this website was not fully delivered via HTTPS encryption as at the time of the last review (June 2026). Transmission of data without HTTPS encryption means that information may be viewed or manipulated by third parties during transmission. We are working to ensure end-to-end HTTPS encryption. Once complete, all data between your browser and our servers will be transmitted using TLS encryption.

5. Cookies and consent management

5.1 Technically necessary cookies

At present, this website does not set any cookies. If technically necessary cookies are used in the future (e.g. for session management or security functions), we will update this privacy policy accordingly.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical operation of the website).

5.2 Consent management platform (CMP)

No consent management tool is currently used on this website, as no consent-requiring cookies or tracking services are used. If consent-requiring processing is added in the future, we will implement an appropriate tool for obtaining and managing your consent.

6. Contact

6.1 Contact by email

When you contact us by email, the data you provide (e.g. email address, name, content of the message) is stored by us in order to process your inquiry and for any follow-up questions.

Legal basis: Art. 6(1)(b) GDPR where your inquiry relates to pre-contractual measures or performance of a contract; Art. 6(1)(f) GDPR (legitimate interest in handling inquiries) for other inquiries.

Retention period: We delete your inquiry as soon as storage is no longer necessary. For contract-related inquiries, we observe the statutory retention periods (up to 10 years pursuant to HGB/AO).

6.2 Contact by telephone

If you contact us by telephone, connection data (e.g. telephone number, time of call) may be processed by your and our telecommunications provider. The content of the call is only stored by us if necessary for processing your inquiry.

Legal basis: Art. 6(1)(b) or (f) GDPR (depending on the nature of the inquiry).

7. Your rights as a data subject

You have the following rights with regard to personal data relating to you:

7.1 Right of access (Art. 15 GDPR)

You have the right to request information about the personal data we process about you. This includes information about the purposes of processing, categories of data, recipients, and the planned retention period.

7.2 Right to rectification (Art. 16 GDPR)

You have the right to request the immediate correction of inaccurate data or the completion of incomplete data.

7.3 Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided no statutory retention obligations or legitimate grounds for continued storage exist.

7.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to request restriction of processing where you contest the accuracy of the data, the processing is unlawful, we no longer need the data, or you have objected to processing.

7.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format, or to request its transfer to another controller.

7.6 Right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds which override your interests.

7.7 Right to withdraw consent (Art. 7(3) GDPR)

Where you have given consent, you may withdraw it at any time with effect for the future. The lawfulness of processing carried out on the basis of consent before its withdrawal is not affected.

7.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR. The supervisory authority with jurisdiction over us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
(Berlin Commissioner for Data Protection and Freedom of Information)
Friedrichstraße 219
10969 Berlin
Germany

Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

You may also contact the supervisory authority of your place of residence or workplace. To exercise your rights, please contact: kontakt@agidat.de

8. Currency and amendments

This privacy policy is currently valid as of June 2026. Amendments may become necessary due to further development of our website or changes in legal or regulatory requirements. The current version is always available at www.agidat.de/datenschutzerklaerung (German) or this page (English).

9. Overview of processing activities

Processing activity Purpose Legal basis Retention 3rd country transfer
Server log files (hosting) Website delivery, system security, fault detection Art. 6(1)(f) GDPR Up to 30 days No (EU)
CDN resources (Bunny Storage) Fast delivery of static content Art. 6(1)(f) GDPR Session-based No (EU)
Bunny Fonts Consistent font rendering Art. 6(1)(f) GDPR Session-based No (EU)
Email contact Processing inquiries Art. 6(1)(b)/(f) GDPR As required, max. 10 years for contract-related No
Telephone contact Processing inquiries Art. 6(1)(b)/(f) GDPR As required No