← Home Become a partner
start/privacy
// legal

Privacy.

Information on the processing of personal data when using our website and our social media profiles.

controller · sitebrunch GmbH updated · june 2026

// 1 — basicsIntroduction

Below we provide information on the processing of personal data in connection with the use of

  • our website
  • our social media profiles

Personal data is any data that can be related to a specific natural person, e.g. their name or IP address.

1.1 Contact details

The controller within the meaning of Art. 4(7) of the EU General Data Protection Regulation (GDPR) is sitebrunch GmbH, Eifflerstraße 43, 22769 Hamburg, Germany, e-mail: andreas.siegel@sitebrunch.com. We are legally represented by Andreas Siegel, Johannes Zimmer, Lukas Schardt.

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, e-mail: datenschutz@heydata.eu.

1.2 Scope of data processing, purposes and legal bases

We set out the scope of the data processing, the purposes and the legal bases in detail below. In principle, the following may serve as a legal basis for data processing:

  • Art. 6(1)(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent.
  • Art. 6(1)(1)(b) GDPR is the legal basis where the processing is necessary for the performance of a contract; this also applies to pre-contractual measures.
  • Art. 6(1)(1)(c) GDPR applies where we fulfil a legal obligation through the processing, e.g. under tax law.
  • Art. 6(1)(1)(f) GDPR serves as the legal basis for legitimate interests, e.g. for technically necessary cookies.

1.3 Data processing outside the EEA

Where we transfer data to service providers or other third parties outside the EEA, adequacy decisions of the EU Commission pursuant to Art. 45(3) GDPR guarantee the security of the data where such decisions exist. For transfers to the USA, the legal basis is an adequacy decision where the service provider has certified itself under the EU-US Data Privacy Framework. In other cases, standard contractual clauses are generally the legal basis (Art. 46(2)(b) GDPR); many providers additionally give contractual guarantees, for example regarding the encryption of the data.

1.4 Storage period

Unless expressly stated, stored data is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations conflict with deletion. Otherwise, processing is restricted, i.e. the data is blocked and not processed for other purposes — for example data that must be retained for commercial or tax-law reasons.

1.5 Rights of data subjects

Data subjects have the following rights against us with regard to the personal data concerning them:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw a given consent at any time

Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details of the supervisory authorities are available at bfdi.bund.de.

1.6 Obligation to provide data

Within the scope of a business relationship, you only need to provide us with the personal data required for establishing, performing and terminating the relationship, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract. Mandatory information is marked as such.

1.7 No automated decision-making in individual cases

To establish and carry out a business relationship, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use such procedures in individual cases, we will provide separate information where this is legally required.

1.8 Contacting us

When you contact us (e.g. by e-mail), the data you provide is stored in order to answer your enquiries. The legal basis is our legitimate interest (Art. 6(1)(1)(f) GDPR). We delete the data as soon as storage is no longer necessary, or restrict the processing where statutory retention obligations apply.

1.9 Customer surveys

From time to time we conduct customer surveys to get to know our customers and their needs better. The legal basis is Art. 6(1)(1)(f) GDPR. We delete the data as soon as the results have been evaluated.

// 2 — communicationNewsletter

We reserve the right to inform customers who have already used our services about our offerings by e-mail, unless they have objected to this. The legal basis is Art. 6(1)(1)(f) GDPR; our legitimate interest lies in direct marketing (Recital 47 GDPR). You can object to this use at any time free of charge, e.g. via the link at the end of every e-mail.

Interested parties can subscribe to a free newsletter. We process the data provided at sign-up solely for the purpose of sending the newsletter. The legal basis is consent (Art. 6(1)(1)(a) GDPR), which can be withdrawn at any time. On the basis of this consent, we also measure open and click rates in order to understand which content is relevant.

We send newsletters using the HubSpot tool from HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA (privacy policy). The provider processes content, usage, meta/communication and contact data within the EU.

// 3 — websiteData processing on our website

3.1 Notice for website visitors from Germany

Our website stores information on your device (e.g. cookies) or accesses information already stored on it (e.g. IP addresses). Where this is strictly necessary to provide the service you have expressly requested, this is done on the basis of Section 25(2)(2) TDDDG; otherwise on the basis of consent (Section 25(1) TDDDG). The subsequent processing is carried out in accordance with the GDPR.

3.2 Informational use of the website

When you use the website purely for information purposes, we collect the personal data that your browser transmits to our server in order to ensure stability and security. The legal basis is Art. 6(1)(1)(f) GDPR. This data is:

  • IP address
  • Date and time of the request
  • Time-zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser, operating system and its interface
  • Language and version of the browser software

This data is stored in log files and deleted when its storage is no longer necessary, at the latest after 14 days.

3.3 Web hosting and provision of the website

Our website is hosted by Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The provider processes the transmitted data (e.g. content, usage, meta/communication or contact data) within the EU. The legal basis is Art. 6(1)(1)(f) GDPR.

We use the content delivery network Bunny CDN. The provider is BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. The provider processes the transmitted data, among other places, in the USA. The legal basis for the transfer to a country outside the EEA is standard contractual clauses (Art. 46(2)(c) GDPR).

3.4 Job postings

We publish open positions on our website or on third-party websites. We process the data provided in the course of an application in order to carry out the application procedure; the legal basis is Art. 88(1) GDPR in conjunction with Section 26(1) BDSG. Further, voluntary information is based on consent (Art. 6(1)(1)(a) GDPR). We delete the data of rejected applicants at the latest six months after rejection, or — where consent to further use has been given — one year after receipt of the application.

3.5 Customer account

Visitors can open a customer account. We process the requested data on the basis of consent (Art. 6(1)(1)(a) GDPR), which can be withdrawn at any time. If consent is withdrawn, we delete the data unless we are obliged or entitled to retain it further.

3.6 Technically necessary cookies

Our website uses cookies — small text files that are stored in your browser. Where they are necessary for the operation or the functions of the site, the legal basis is Art. 6(1)(1)(f) GDPR. Specifically, we use technically necessary cookies to store login data.

3.7 Third-party provider — heyData

We have embedded a data protection seal. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g. IP addresses) within the EU. The legal basis is Art. 6(1)(1)(f) GDPR. The data is masked after collection so that it can no longer be related to a person.

// 4 — social mediaData processing on social media platforms

We maintain a presence on social networks in order to present our organisation and services. The operators regularly process their users' data for advertising purposes and create usage profiles from online behaviour. It cannot be ruled out that operators are based in non-EU countries and process data there. If users contact us via our profiles, we process the data provided in order to respond to the enquiries (Art. 6(1)(1)(f) GDPR).

4.1 LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy as well as an option to object via the advertising settings are available from LinkedIn.

// 5 — otherChanges to this privacy policy

We reserve the right to amend this privacy policy with effect for the future. A current version is always available here.

// 6 — contactQuestions and comments

For questions or comments regarding this privacy policy, we are happy to help using the contact details given above. See also our Legal Notice.