TUNEXOS
EN

Privacy Policy

⚠ DRAFT TEMPLATE — replace placeholders, reconcile the conditional ([[TODO]]) sections with the services actually used, and have it validated by a lawyer / DSGVO generator before publishing. Not legal advice. The German Datenschutzerklärung is authoritative.

Last updated: {{LAST_UPDATED}}

1. Controller

The controller under the GDPR is:
{{COMPANY_LEGAL_NAME}}, {{ADDRESS}}, email {{EMAIL}}, phone {{PHONE}}.

Data Protection Officer

{{DPO_NAME_AND_CONTACT}} [[TODO: include only if a DPO has been appointed — otherwise remove]]

2. Overview & legal bases

We process personal data only to the extent necessary. Legal bases are in particular Art. 6(1)(a) GDPR (consent), (b) (contract), (c) (legal obligation) and (f) (legitimate interest). [[TODO: confirm the legal bases that actually apply]]

3. Your rights as a data subject

You have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection (Art. 21 GDPR)
  • withdrawal of consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority. Competent authority: {{SUPERVISORY_AUTHORITY}}.

4. Hosting

This website is hosted by {{HOSTING_PROVIDER}} (delivered via the Cloudflare edge / CDN network). Technically necessary data (incl. IP address) is processed. Legal basis: Art. 6(1)(f) GDPR. [[TODO: confirm host, data processing agreement (DPA) and any third-country transfer (US) incl. Standard Contractual Clauses (SCCs)]]

5. Server log files

When the site is accessed, information is automatically recorded in server log files (e.g. browser type, OS, referrer URL, time, IP address). Purpose: operation, security and stability. Legal basis: Art. 6(1)(f) GDPR. [[TODO: confirm the actual scope and retention of logs with the host]]

6. Contact form

Data collected via the contact form: name, company, email, phone, area of interest and your message. Purpose: handling your enquiry. Legal basis: Art. 6(1)(b) or (f) GDPR. Retention: {{RETENTION_PERIOD}}. [[TODO: the form currently has no backend / recipient. Before launch, add the recipient or processor (e.g. email/form service) and the transmission path.]]

7. Cookies & consent

This site sets one technically necessary (functional) cookie, tunexos-lang, storing the chosen language (lifetime ~1 year). Legal basis: § 25(2) TDDDG (strictly necessary) / Art. 6(1)(f) GDPR. No consent banner is required for this. [[TODO: confirm that no other cookies / consent banner are used]]

8. Fonts

Fonts are self-hosted (bundled at build time via Astro's Fonts API). There is no connection to Google Fonts or an external font CDN, and therefore no transfer of your IP address to third parties for this purpose.

9. Third parties & processors

As of the current state of the project:

  • Hosting/CDN: {{HOSTING_PROVIDER}} (Cloudflare)
  • Web analytics / tracking: none used
  • Maps / embeds / video: none used
  • Form backend: none yet

[[TODO: list ALL services actually used and ensure a Art. 28 GDPR processing agreement for each]]

10. Retention

Personal data is deleted once its purpose no longer applies and no statutory retention periods require otherwise. {{RETENTION_DETAILS}}

11. Data security

The site is delivered over TLS/HTTPS encryption. We apply appropriate technical and organisational measures pursuant to Art. 32 GDPR.

12. Changes to this policy

We update this policy when changes to our processing require it. The current version published here applies. Last updated: {{LAST_UPDATED}}.