English (US)

Privacy Policy

This privacy policy informs you about how we process personal data when visiting this website and when contacting us.

1. Data Controller

sekskant – Marco Borm (sole proprietorship)
c/o IP-Management #4232
Ludwig-Erhard-Str. 18
20459 Hamburg
E-Mail: impressum@sekskant.de

A data protection officer is not appointed as there is no legal obligation to do so.

2. Data Processing

We operate a B2B information website without sales and without tracking. We only process personal data to the extent necessary for providing this website, for communication, or to fulfill legal obligations.

2.1 Website Access / Server Log Data

Data: IP address, date/time including time zone, requested URL/path, referrer URL, HTTP status code, transferred data volume, user agent.
Purpose: Technical operation, content delivery, security (e.g., defense against attacks), error analysis.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure, stable web offering).
Storage duration: We store access data exported by us for a maximum of 30 days and then delete or anonymize it; longer storage only on a case-by-case basis (e.g., in case of security incidents).

2.2 Contact via Email / Contact Form

Data: Sender address, content, attachments, timestamp, metadata; for forms, additionally the entered fields.
Purpose: Processing your inquiry; initiation/handling of business relationships.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual communication) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication).
Storage duration: Deletion after completion of processing; we retain business-relevant communication according to legal requirements (§ 257 HGB, § 147 AO, usually 6–10 years).

2.3 Telephone/Voice Messages (Answering Machine)

Data: Phone number (if transmitted), time, duration, possibly recorded message.
Purpose: Callback in ongoing projects as well as security/abuse or legal matters.
Legal basis: Art. 6 para. 1 lit. f GDPR.
Storage duration: 14 days; we delete non-business messages immediately.

3. Cookies, Tracking and Embedded Content

We do not use cookies and do not use analytics tools or external embeddings (e.g., Google Fonts CDN, YouTube, Maps). Fonts, scripts, and media are provided locally or via our hosting provider. Should this change, we will update this declaration and obtain consent where required (§ 25 TTDSG, Art. 6 para. 1 GDPR).

4. Hosting / Data Processing Agreement

This website is operated on Amazon Web Services (AWS) (Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg).
Region/Origin: eu-central-1 (Frankfurt). Delivery may occur via the global Amazon CloudFront edge network (transient, worldwide processing for latency optimization).
Legal basis: Art. 6 para. 1 lit. f GDPR (operationally necessary outsourcing) in conjunction with Art. 28 GDPR (data processing agreement). We have a data processing agreement (DPA) with AWS.

Logs: We have not activated additional access/real-time logs. AWS processes technical logs for operation and security. Where we export logs, storage occurs only as described above under 2.1.

5. Recipients / Categories of Recipients

Hosting/Infrastructure: Amazon Web Services EMEA SARL
Email/Communication Provider: Microsoft 365 (Exchange Online) – Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Telecommunications Provider (telephone/VoIP, if used)
IT Maintenance/Support (case-by-case basis)

No sharing for advertising purposes takes place.

6. Third Country Processing

Origin hosting takes place in the EU (Frankfurt). Due to CDN delivery via worldwide edge locations, transient processing outside the EEA may occur. Email mailboxes are processed in Microsoft 365 within the EU (EU data region). In exceptional cases, administrative support access from third countries may occur; we base such processes on Art. 46 GDPR (standard contractual clauses) and additional protective measures.

7. Storage Periods

We only process personal data for as long as necessary for the respective purposes or legal obligations exist. After that, we delete or anonymize the data.

8. Obligation to Provide

Server log data is automatically processed when accessing the website. For contact via form/email, the information marked as mandatory fields is required to process your inquiry.

9. Your Rights

You have rights to information (Art. 15), rectification (Art. 16), deletion (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection to processing under Art. 6 para. 1 lit. e or f (Art. 21 GDPR). Where processing is based on consent, you can revoke it at any time with effect for the future (Art. 7 para. 3 GDPR). You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

10. Security

We use TLS encryption, role-based access, and current security measures on our hosting infrastructure; log data is stored separately from other personal data.

11. Changes to this Declaration

We adapt this privacy policy when data processing or the legal situation changes. You can find the current version on this page.

Status

Status: September 4, 2025