Privacy Policy

This privacy policy informs you about how we process personal data when visiting this website and when contacting us.

1. Data Controller#

Marco Borm
sekskant - Marco Borm
Kolonnenstr. 8
10827 Berlin
E-Mail: impressum@sekskant.de

A data protection officer is not appointed as there is no legal obligation to do so.

2. Data Processing#

We operate a B2B information website without sales and without tracking. We only process personal data to the extent necessary for providing this website, for communication, or to fulfill legal obligations.

2.1 Website Access / Server Log Data#

Data: IP address, date/time including time zone, requested URL/path, referrer URL, HTTP status code, transferred data volume, user agent.
Purpose: Technical operation, content delivery, security (e.g., defense against attacks), error analysis.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure, stable web offering).
Storage duration: We store access data exported by us for a maximum of 30 days and then delete or anonymize it; longer storage only on a case-by-case basis (e.g., in case of security incidents).

2.2 Contact via Email / Contact Form#

Data: Sender address, content, attachments, timestamp, metadata; for forms, additionally the entered fields.
Purpose: Processing your inquiry; initiation/handling of business relationships.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual communication) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication).
Storage duration: Deletion after completion of processing; we retain business-relevant communication according to legal requirements (§ 257 HGB, § 147 AO, usually 6–10 years).

2.3 Telephone/Voice Messages (Answering Machine)#

Data: Phone number (if transmitted), time, duration, possibly recorded message.
Purpose: Callback in ongoing projects as well as security/abuse or legal matters.
Legal basis: Art. 6 para. 1 lit. f GDPR.
Storage duration: 14 days; we delete non-business messages immediately.

3. Cookies, Tracking and Embedded Content#

We do not use cookies and do not use analytics tools or external embeddings (e.g., Google Fonts CDN, YouTube, Maps). Fonts, scripts, and media are provided locally or via our hosting provider. Should this change, we will update this declaration and obtain consent where required (§ 25 TTDSG, Art. 6 para. 1 GDPR).

4. Hosting / Data Processing Agreement#

This website is hosted with OVHcloud. The contractual hosting provider and processor under the data processing agreement is OVH SAS, 2 rue Kellermann, 59100 Roubaix, France.
Location/hosting: The hosting infrastructure we use for this website is located in France.
Legal basis: Art. 6 para. 1 lit. f GDPR (operationally necessary outsourcing) in conjunction with Art. 28 GDPR (data processing agreement). We have a data processing agreement (DPA) with OVH.

Logs: OVH processes technical logs and security-related data to the extent required for operation, stability, incident handling, and security of the services. Where we export or evaluate logs ourselves, storage only takes place as described above under 2.1.

5. Recipients / Categories of Recipients#

Hosting/Infrastructure: OVH SAS, Roubaix, France
Email/Communication Provider: Microsoft 365 (Exchange Online) – Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Telecommunications Provider (telephone/VoIP, if used)
IT Maintenance/Support (case-by-case basis)

No sharing for advertising purposes takes place.

6. Third Country Processing#

This website is hosted in France within the European Union. Under the DPA concluded with OVH, stored content is not relocated to a country outside the EU or outside a country covered by an adequacy decision without our consent. However, the DPA states that OVH and its authorized subprocessors may access content remotely where necessary to provide the services, in particular for security-related work and incident management. If such processing takes place outside the EU/EEA in a country without an adequacy decision, OVH states in the DPA that it will implement appropriate safeguards under Chapter V GDPR, in particular standard contractual clauses or other permitted safeguards. Email mailboxes are processed in Microsoft 365 within the EU (EU data region). In exceptional cases, administrative support access from third countries may occur; we base such processes on Art. 46 GDPR (standard contractual clauses) and additional protective measures.

7. Storage Periods#

We only process personal data for as long as necessary for the respective purposes or legal obligations exist. After that, we delete or anonymize the data.

8. Obligation to Provide#

Server log data is automatically processed when accessing the website. For contact via form/email, the information marked as mandatory fields is required to process your inquiry.

9. Your Rights#

You have rights to information (Art. 15), rectification (Art. 16), deletion (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection to processing under Art. 6 para. 1 lit. e or f (Art. 21 GDPR). Where processing is based on consent, you can revoke it at any time with effect for the future (Art. 7 para. 3 GDPR). You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

10. Security#

We use TLS encryption, role-based access, and current security measures on our hosting infrastructure; log data is stored separately from other personal data.

11. Changes to this Declaration#

We adapt this privacy policy when data processing or the legal situation changes. You can find the current version on this page.

Status#

Status: March 18, 2026

sekskant - Marco Borm