Privacy Policy

A data protection officer has not been appointed unless legally required.

• • Usage/log data (e.g., IP address, timestamp, visited page) for technical delivery & security.
• • Contact/communication data (e.g., name, email, message) to handle inquiries.
• • Analytics/marketing data (e.g., events/conversions) for reach measurement & optimization — usually only after consent.
• • App data (when using a demo/app) in Supabase (Auth/DB/Storage), depending on features.

• • Art. 6(1)(b) GDPR – Performance of a contract / pre-contract steps (e.g., project inquiry).
• • Art. 6(1)(f) GDPR – Legitimate interest (security, stability, abuse prevention).
• • Art. 6(1)(a) GDPR – Consent (e.g., analytics/marketing/conversion tracking).

This website is provided via Vercel. For delivery and protection of the site, technically necessary data is processed (e.g., server logs, IP address, user agent, referrer, timestamp).

Purpose: provide the website, analyze errors, defend against attacks (e.g., DDoS), optimize delivery. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

For app features (e.g., login/accounts, database, file storage) we use Supabase. Depending on use, this may include account data (email), technical metadata, and content/data stored in the database.

Purpose: provide authentication, data storage, file storage, and app logic. Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract) and/or Art. 6(1)(f) GDPR (operation/security).

If you contact us (e.g., by email, phone, or contact form), we process the data you provide to handle your request and follow-up questions.

Legal basis: Art. 6(1)(b) GDPR (pre-contract/contract) or Art. 6(1)(f) GDPR (general communication/organization).

Depending on your selection in the consent/cookie banner, we use cookies or similar technologies. Technically necessary cookies may be set without consent. Analytics/marketing usually only takes place with consent.

We use Google Tag Manager to manage website tags centrally. Tag Manager itself generally does not create user profiles, but may technically transmit data (e.g., IP address) to deliver tags.

Legal basis: Art. 6(1)(a) GDPR (consent) — unless configured as purely technically necessary. We recommend controlling Tag Manager via consent management.

We use Google Analytics (GA4) to analyze website usage and measure conversions (e.g., “contact sent”). Events are captured and evaluated.

Legal basis: Art. 6(1)(a) GDPR (consent). Without consent, analytics/conversion tracking is not executed or only in a restricted manner (depending on technical configuration).

• • Purposes: reach measurement, funnel optimization, performance measurement of campaigns.
• • Scope: page views, interactions, technical parameters (browser/device), events/conversions.

When using services such as Google, processing of data in third countries (e.g., USA) cannot be ruled out. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and/or applicable certification mechanisms).

We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations. Contact inquiries are generally deleted once fully processed, unless legal obligations require otherwise.

• • Access (Art. 15 GDPR)
• • Rectification (Art. 16 GDPR)
• • Erasure (Art. 17 GDPR)
• • Restriction of processing (Art. 18 GDPR)
• • Data portability (Art. 20 GDPR)
• • Objection (Art. 21 GDPR)
• • Complaint to a supervisory authority (Art. 77 GDPR)

You can withdraw consent at any time with effect for the future. You can also object to processing based on legitimate interests if reasons arising from your particular situation apply.

To do so, write to us at info@mvpwerk.de.

We reserve the right to update this Privacy Policy if legal requirements, services, or data processing change. The current version published on this page applies.