Data Protection

1. Responsible person

Ecosophia Surface Technology GmbH
Daimler Str. 35
74211 Leingarten
Email: mail@ecosophia-ot.de

2. General information on data processing

We process personal data of our website visitors only to the extent necessary for providing a functional website, for communication, or for analytical purposes. This processing is based on the GDPR, in particular Article 6(1)(a) (consent), (b) (contract/pre-contractual measures), and (f) (legitimate interest).

Personal data will be deleted as soon as the purpose for which it was collected no longer applies or there are no legal obligations to retain it.

3. Server log files

When you visit our website, our hosting provider automatically collects and stores the following data:
  • IP address
  • Date and time
  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Pages visited
  • Amount of data transferred
Purpose: Security, stability, attack detection.
Legal basis: Art. 6 para. 1 lit. f GDPR.
Storage period: usually 7–14 days.

4. Hosting & Order Processing

Our website is hosted by an external service provider. This provider processes data on our behalf.

Hosting provider: Bison Grid Ltd t/a Team Bison, A data processing agreement exists with the provider in accordance with Art. 28 GDPR.

5. Cookies

Our website uses cookies.

Types of Cookies

  • Technically necessary cookies
    are required for the operation of the website
    (legal basis: Art. 6 para. 1 lit. f GDPR)
  • Analytics/statistics cookies (if consent is given)
    Recording of user behavior
    (legal basis: Art. 6 para. 1 lit. a GDPR)
  • Marketing cookies / third-party cookies (if agreed)

Cookie consent

We use a cookie consent tool for all non-essential cookies. You can withdraw your consent at any time.

6. Contact form & email

When you contact us via form or email, we process the following:
  • Name
  • E-mail Address
  • Message Content
  • Phone Number (if provided)
Purpose: Processing the request.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation).
Data will not be passed on without consent and will be deleted after the request has been completed – unless legal obligations dictate otherwise.

7. WordPress-specific data processing

7.1 Plugins and technical functions

Depending on the plugins used, WordPress can process additional data, e.g.:
  • Spam protection plugins
  • Caching plugins
  • Security plugins
  • Contact form plugins (e.g. Contact Form 7)
  • Statistics plugins
The processing is carried out in accordance with the purposes described therein. Data processing agreements exist for all relevant plugins, where required.

7.2 Comments

WordPress stores information about comments:
  • Name
  • Comment
  • IP Address
Purpose: Protection against misuse.
Legal basis: Art. 6 para. 1 lit. f GDPR

8. Analytics tools / Tracking

Google Analytics / GA4

Provider: Google Ireland Ltd.
Data: IP address (truncated), usage behavior, device information.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).
Data transfer to the USA possible (standard contractual clauses).

Opt-out is possible via the cookie banner.

Matomo

Either self-hosted (data-saving) or as a cloud version.
Legal basis: consent

9. Integrated services / third-party content

YouTube videos

Provider: Google Ireland Ltd.
Data: IP address, cookies, behavior.
Legal basis: Consent.

Google Maps

Data: Location, IP address, browser data.
Legal basis: Consent

Google reCAPTCHA

Data: User behavior, IP address.
Legal basis: legitimate interest and/or consent.

Google Fonts

Locally embedded → no data transfer
Externally integrated → IP transmission to Google, consent required

CDNs, fonts, icons

Depending on the provider, IP addresses are processed.
Legal basis: consent or legitimate interest.

10. Data Sharing

Data will only be shared if:
  • this is necessary for the fulfillment of the contract
  • we are legally obligated
  • or consent has been given
Typical recipients:
  • IT/Hosting service provider
  • Maintenance service provider
  • Tax advisor (business documents only)

11. Storage duration

Data is stored for as long as necessary for the purpose for which it was collected.

Commercial data → up to 10 years (legal retention periods).
Contact requests → deleted after processing.

12. Data security

Our website uses HTTPS/TLS encryption.
In addition, we implement technical and organizational measures to protect data from unauthorized access, loss, or misuse.

13. Rights of data subjects

You have at any time:
  • Right to information
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to object
  • Right to data portability
  • Right to revoke granted consent
Right to lodge a complaint:
State Commissioner for Data Protection Baden-Württemberg.

14. Changes to the Privacy Policy

We reserve the right to amend this statement as needed, e.g., in the event of new technical features or legal changes.