1. data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.
Data collection on this website
Who is responsible? Data processing on this website is carried out by the website operator. The contact details can be found in the section "Information on the controller".
How do we collect your data? On the one hand, by you communicating this to us (e.g. via a contact form). Other data is collected automatically or with your consent by our IT systems when you visit the website (e.g. browser, operating system, time the page was accessed).
What do we use your data for? Some of the data is used to ensure the error-free provision of the website; other data can be used to analyse your user behaviour.
What rights do you have? You have the right to information, rectification, erasure, restriction of processing, objection to processing and the right to data portability at any time and free of charge. You also have the right to lodge a complaint with the competent supervisory authority.
2. hosting
We host the content of our website with the following provider:
Amazon Web Services (AWS)
Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg ("AWS").
When you visit our website, personal data is processed on AWS servers. This data may also be transferred to the parent company in the USA. The transfer to the USA is based on EU standard contractual clauses (SCC). Details: AWS GDPR DPA, AWS Privacy.
The use of AWS is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable provision). If consent has been requested, processing is also carried out on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (e.g. for cookies/device access); consent can be revoked at any time.
Order processing
We have concluded an order processing contract with AWS (Art. 28 GDPR). AWS processes personal data only in accordance with our instructions and in compliance with the GDPR.
3 General notes and mandatory information
Data protection
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities.
Note on the responsible body
Person responsible
Krypto Investigation GmbH
Würzburger Str. 59
D-63639 Flörsbachtal
Phone: +49 151 21017420
e-mail: mail@krypto-investigation.de
Data Protection Officer
In accordance with Section 38 BDSG in conjunction with Art. 37 GDPR, we are currently not obliged to appoint a data protection officer.
Storage duration
Unless a more specific storage period has been specified in this declaration, personal data will remain with us until the purpose of the processing no longer applies. Statutory retention obligations remain unaffected.
Legal bases of the processing
Depending on the purpose, we process data on the basis of Art. 6 para. 1 lit. a GDPR (consent), lit. b (contract/initiation), lit. c (legal obligation) or lit. f (legitimate interests). When accessing end devices/storing information, this is also done - if necessary - on the basis of Section 25 (1) TTDSG.
Note on data transfer to third countries
We use tools from providers in the USA/other third countries, among others. When activated, personal data may be transferred to these countries. A level of data protection comparable to that in the EU is not always guaranteed there. Transfers take place - as far as possible - on the basis of EU standard contractual clauses or adequacy decisions.
Recipients of personal data
As part of our business activities, we transfer data to external bodies if this is necessary for the fulfilment of the contract, if there is a legal obligation, if there is a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR or if consent has been given. We have contracts with processors in accordance with Art. 28 GDPR.
Revocation of your consent
You can revoke your consent at any time with effect for the future. The legality of the processing carried out until the revocation remains unaffected.
Right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing based on point (e) or (f) of Article 6(1) GDPR, including profiling. In the event of an objection, we will no longer process the data unless there are compelling reasons worthy of protection or the processing serves the assertion, exercise or defence of legal claims.
If your data is processed for direct marketing purposes, you can object to this processing at any time; this also applies to profiling insofar as it is associated with direct marketing.
Right of appeal
Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. In Hesse, for example, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) is responsible.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract in a commonly used, machine-readable format or to have it transferred to a third party, where technically feasible.
Information, rectification, erasure and restriction of processing
Within the framework of the legal provisions, you have the right to free information about your stored personal data at any time and, if necessary, a right to correction, deletion or restriction of processing.
SSL/TLS encryption
This site uses SSL/TLS encryption for security reasons. You can recognise an encrypted connection by "https://" and the lock symbol in the browser. Data that you transmit can then not be read by third parties.
4. data collection on this website
Consent with Borlabs Cookie
We use the consent technology of Borlabs Cookie (Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany) to obtain and document consent for certain cookies/technologies. The legal basis is Art. 6 para. 1 lit. c GDPR. Details: Borlabs - stored data.
Server log files
The provider automatically collects and stores the following information: Browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server enquiry, IP address. This data is not merged with other data. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in technical stability/optimisation).
Contact form
In the case of contact enquiries, we process the information from the form including contact data to process the enquiry and follow-up questions. Legal basis: Art. 6 para. 1 lit. b GDPR (contract/initiation) or lit. f (legitimate interest in efficient communication) or lit. a (consent, if requested). Data will be stored until fulfilment of the purpose or revocation/deletion request; statutory retention periods remain unaffected.
Enquiry by e-mail or telephone
If you contact us by e-mail or telephone, we process your details (e.g. name, enquiry) for processing. Legal basis: Art. 6 para. 1 lit. b or lit. f GDPR.
5. analysis tools and advertising
Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager does not create any user profiles and does not store any cookies, but does record IP addresses (transmission to the USA is possible). Legal basis: Art. 6 para. 1 lit. f GDPR; if applicable, additionally Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG for tags requiring consent.
Google Analytics
We use Google Analytics (Google Ireland Limited) to evaluate user behaviour (e.g. page views, length of visit, origin). Google uses cookies/comparable technologies, among other things; the data is generally processed on servers in the USA. Legal basis: Your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG. Cancellation possible at any time.
The transfer to the USA is based on standard contractual clauses. Details: Google - SCC. More information: Data protection with Google Analytics.
Browser plugin: You can prevent Google from collecting data by deactivating the plugin at https://tools.google.com/dlpage/gaoptout install.
Google signals
We may use Google signals for cross-device reports and personalised advertising if you have activated the corresponding settings in your Google account. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR). You can deactivate this function in your Google account.
Google Ads & Conversion Tracking
We use Google Ads incl. conversion tracking (Google Ireland Limited). This allows Google and us to recognise whether users have performed certain actions (e.g. clicks/conversions). We do not receive any information that enables personal identification. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). Details: Google Privacy.
6. plugins and tools
Google Fonts (local hosting)
We use locally integrated Google fonts for standardised presentation. There is no connection to Google servers. Info: Google Fonts FAQ.
Google Maps
Provider: Google Ireland Limited. To use Google Maps, your IP address is processed; the data is usually transferred to the USA. Legal basis: Art. 6 para. 1 lit. f GDPR (interest in appealing presentation and easy findability of our locations) or Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG, if consent has been requested. SCC details: Google SCC. More info: Google Privacy.
Google reCAPTCHA
We use reCAPTCHA (Google Ireland Limited) to check whether data is entered by humans. For this purpose, reCAPTCHA analyses the IP address, time spent on the website and mouse movements, among other things. Legal basis: Art. 6 para. 1 lit. f GDPR (interest in protection against misuse/SPAM) or Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG, if consent is required. Details: Privacy and Terms.