Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

AKARA Solutions GmbH

Feldstraße 97

25421 Pinneberg

Germany

Represented by: Eike-Christian Ramcke

Email: info@akara-solutions.de

Phone: +49 40 228216020

Website: https://akara-solutions.de

2. Data Protection Officer

The appointment of a Data Protection Officer is not legally required for our company. For any data protection inquiries, please contact: datenschutz@akara-solutions.de

3. General Information on Data Processing

We process personal data of our users only insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users regularly occurs only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by law.

Legal Bases

We rely on the following legal bases for the processing of personal data:

Einwilligung (Art. 6 Abs. 1 lit. a DSGVO): Soweit wir die Einwilligung der betroffenen Person einholen, z. B. für Statistik- und Marketing-Cookies.Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO): Soweit die Verarbeitung zur Erfüllung eines Vertrags oder vorvertraglicher Maßnahmen erforderlich ist, z. B. bei Kontaktanfragen.Berechtigtes Interesse (Art. 6 Abs. 1 lit. f DSGVO): Soweit die Verarbeitung zur Wahrung unserer berechtigten Interessen erforderlich ist, z. B. für technisch notwendige Cookies, Server-Logfiles und Spam-Schutz.

4. Your Rights as a Data Subject

Right of access (Art. 15 GDPR): You have the right to request information about whether and which personal data we process about you. This includes information about the purpose of processing, the categories of data processed, the recipients, and the planned storage period.

Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or the completion of incomplete personal data stored by us.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, provided that the processing is not necessary for exercising the right to freedom of expression, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data, e.g. if you contest the accuracy ""of the data or the processing is unlawful.

Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transfer to another controller.

Right to object (Art. 21 GDPR): Where processing is based on legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to the processing at any time. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent (e.g. cookie consent), you have the right to withdraw your consent at any time. The lawfulness of processing carried out on the basis of consent prior to its withdrawal remains unaffected. You may withdraw your cookie consent at any time via the "Cookie Settings" link in the footer of the website.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR).

The supervisory authority responsible for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)

Holstenstraße 98, 24103 Kiel

www.datenschutzzentrum.de

A list of all supervisory authorities in Germany can be found at: www.bfdi.bund.de

5. SSL/TLS Encryption

This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock icon in your browser bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access logs, and other data generated via a website.

Host: netcup GmbH

Daimlerstraße 25

D-76185 Karlsruhe

Website: www.netcup.de

Legal basis: The use of the host is based on Art. 6(1)(f) GDPR (legitimate interest in a reliable presentation of our website) and Art. 6(1)(b) GDPR (performance of a contract with our customers).

We have concluded a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR with our host, which ensures that our host processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

Browser type and versionOperating system usedReferrer URL (the previously visited page)Hostname of the accessing computerIP address of the accessing computerTime of the server request

This data cannot be attributed to specific individuals. This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the smooth operation of our website and in improving our services.

Storage period: Server log files are automatically deleted after 90 days.

8. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit our website.

On your first visit to our website, you will be informed about the use of cookies via a cookie banner and asked for your consent. You may change or withdraw your cookie settings at any time via the "Cookie Settings" link in the footer of our website.

Strictly Necessary Cookies

These cookies are strictly necessary for the operation of the website and cannot be disabled.

Cookie	Zweck	Laufzeit	Anbieter
cookie_consent	Speichert Ihre Cookie-Einstellungen	365 Tage	Erstanbieter
csrftoken	Schutz gegen Cross-Site-Request-Forgery-Angriffe	Session	Erstanbieter (Django)
sessionid	Session-Verwaltung (nur bei Anmeldung im Administrationsbereich)	Session	Erstanbieter (Django)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically error-free and optimised operation of the website).

Analytics Cookies

Analytics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. These cookies are only set after your explicit consent.

[Specific analytics cookies will be listed here once an analytics tool is integrated, e.g. Matomo, Plausible, Google Analytics. Currently, no analytics cookies are in use.]

Legal basis: Art. 6(1)(a) GDPR (consent).

Marketing Cookies

Marketing cookies are used to display relevant advertisements and marketing campaigns to visitors. These cookies are only set after your explicit consent.

Currently, no marketing cookies are in use.

Legal basis: Art. 6(1)(a) GDPR (consent).

Managing Your Cookie Settings

You may adjust your cookie settings at any time:

Via our website: Click on "Cookie Settings" in the footer of the page.Via your browser: You can manage, restrict, or delete cookies in your browser settings. The procedure varies depending on the browser. Instructions can be found in your browser's help function.

Please note that disabling strictly necessary cookies may limit the functionality of our website.

9. Contact Form

When you submit an inquiry to us via the contact form on our website, the following data is collected and processed:

Name (required field)

Company (optional)

Email address (required field)

Phone number (optional)

Desired service / interest (required field)

Message (required field)

Consent to the Privacy Policy (required field)

IP address (automatically collected, stored in anonymised form)

Time of inquiry (automatic)

Purpose of Processing

The data is processed for the following purposes:

Processing your inquiry: Your information is used to respond to your contact inquiry and any follow-up questions.

Confirmation email: After submission, you will receive an automatic email confirmation containing your selected interest and the time of the inquiry.

Spam protection: Your IP address is collected in anonymised form (last octet set to 0) to detect and prevent abusive use. Additionally, we use a technical honeypot method (hidden form field) that detects automated spam submissions without processing personal data.

Rate limiting: To prevent abuse, the number of form submissions per IP address is temporarily recorded in the server cache (maximum 3 submissions per 60 minutes). This data is automatically deleted after the time period expires.

Legal Basis and Storage Period

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at the request of the data subject) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries and in protection against abuse).

Storage period: Your contact inquiry and the associated data are stored for the duration of processing your inquiry. Beyond that, we retain the data to comply with contractual and statutory retention periods (typically 6 months after completion of the inquiry; in the case of contract initiation, up to 3 years in accordance with the standard limitation period under § 195 BGB). The anonymised IP address is stored together with the contact inquiry and is subject to the same deletion periods.

Withdrawal and deletion: You may request the deletion of your contact data stored by us at any time, provided no statutory retention obligations apply. To do so, send an email to datenschutz@akara-solutions.de.

10. Email Communication

As part of the contact process via our contact form, we send the following emails:

Confirmation email to you: An automated email confirming receipt of your inquiry. This contains your selected service category and the time of the inquiry.

Notification email to us: An internal notification for processing your inquiry, containing your contact details and message.

Emails are sent via our email service provider:

Email provider: Sendinblue GmbH (Brevo)

Köpenicker Str. 126

10179 Berlin

Website: www.brevo.com/de/

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures).

We have concluded a Data Processing Agreement (DPA) with the email service provider.

11. Content Delivery Networks and External Resources

Font Awesome (Cloudflare CDN)

We use the Font Awesome service for displaying icons, which is delivered via the Content Delivery Network (CDN) of Cloudflare, Inc. When you access our pages, your browser establishes a connection to Cloudflare's servers, during which your IP address is transmitted to Cloudflare.

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the optimised presentation of our website).

Third-country transfer: Cloudflare is certified under the EU-US Data Privacy Framework (www.dataprivacyframework.gov). Further information on data protection at Cloudflare: www.cloudflare.com/privacypolicy/

HTMX (unpkg CDN)

For the dynamic loading function on the blog overview page, we use the JavaScript library HTMX, which is delivered via the CDN unpkg.com. When you access the blog page, your browser establishes a connection to unpkg's servers, during which your IP address is transmitted.

Provider: unpkg is operated by Cloudflare (see above).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the user-friendly design of our website).

12. Recipients and Processors

Your personal data is only disclosed to third parties in the cases described in this Privacy Policy or where you have expressly consented. The following categories of recipients may receive your data:

Hosting provider: Netcup — operation and maintenance of our website (DPA in place)

Email provider: Sendinblue GmbH (Brevo) — sending confirmation and notification emails (DPA in place)

CDN provider: Cloudflare, Inc. — delivery of fonts and scripts (EU-US DPF)

Darüber hinaus geben wir Ihre Daten nicht an Dritte weiter, es sei denn, wir sind gesetzlich dazu verpflichtet (z. B. gegenüber Strafverfolgungsbehörden oder Finanzbehörden).

13. Storage Periods Overview

Datenart	Speicherdauer	Grund
Server-Logfiles	90 Tage	IT-Sicherheit und Fehleranalyse
Kontaktformular-Daten	6 Monate nach Abschluss der Anfrage (bis zu 3 Jahre bei Vertragsanbahnung)	Bearbeitung, Verjährungsfristen
IP-Adresse (anonymisiert)	Zusammen mit Kontaktanfrage	Spam-Schutz, Rate-Limiting
Rate-Limiting-Daten (Cache)	60 Minuten	Missbrauchsschutz
Cookie-Consent-Einstellungen	365 Tage	Nachweis der Einwilligung
CSRF-Token	Browsersitzung	Sicherheit

14. Automated Decision-Making

No automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR takes place. Although AKARA Solutions GmbH offers services in the field of artificial intelligence, no AI-based automated decision-making processes are used on this website with respect to visitors.

15. Currency and Amendments to This Privacy Policy

This Privacy Policy is currently valid as of: April 2026.

Due to the further development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current version of the Privacy Policy can be accessed on this page at any time.