Privacy Policy

1. Controller

ELIVA Digital Solutions GmbH
Dr.-Helene-Weber-Str. 23
45657 Recklinghausen
Email: kontakt@eliva.dev
Phone: +49 123 456 789

The above company is the controller within the meaning of the GDPR. Please verify these details against your actual company data and legal notice before publishing.

2. General Information on Processing on This Website

We process personal data only to the extent necessary to provide a functioning website, handle enquiries, or offer features explicitly requested by users. The relevant legal framework includes Article 6 GDPR, Section 25 TDDDG and the information duties under Article 13 GDPR.

Hosting and Server Log Files

When this website is accessed, the hosting provider processes technically necessary connection data. This typically includes the IP address, date and time of access, requested resource, referrer URL, browser and operating system information, and status codes. This processing is necessary to deliver the website, ensure stability and security, and defend against misuse.

The legal basis is Article 6(1)(f) GDPR. The recipient is the hosting provider actually used in production. Before publishing, you should complete this section with the concrete provider name and the actual log retention period if they differ from your internal documentation or data processing agreement.

Static Delivery of the Website

This web project is built as a static export. Based on the current source code state, no first-party analytics, tracking, or marketing scripts are loaded merely by visiting the website. If analytics or marketing services are added later, both the privacy notice and the consent mechanism must be updated before deployment.

3. Contacting Us

Contact Form

When you use the contact form, we process the data you provide to handle your enquiry. This includes in particular your name, email address, company, telephone number, message, and the time of submission.

Processing is carried out to take steps prior to entering into a contract or to handle other business enquiries on the basis of Article 6(1)(b) GDPR or Article 6(1)(f) GDPR. Without this information, we generally cannot process your enquiry properly.

We use Formspree, Inc., USA, for the technical delivery of the contact form. Formspree states that form data is hosted in the United States and that it uses Standard Contractual Clauses as a processor for transfers. More information from Formspree.

We store enquiries only for as long as necessary to process them, follow up on them, and comply with statutory retention obligations.

Enquiries by Email or Telephone

If you contact us by email or telephone, we process the contact and content data you provide solely to handle your request. The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.

4. Appointment Booking with Calendly

On the contact page, the embedded booking calendar is not loaded automatically. External Calendly content is only loaded after your explicit activation or when you open the scheduling page directly at Calendly.

Only after this activation can Calendly process personal data such as your IP address, device and browser information, timestamps, and potentially cookie or similar identifiers. If you book an appointment, the scheduling and contact data you enter is added.

The legal basis for loading the embedded calendar and any related access to information stored on your device is your consent under Section 25(1) TDDDG and Article 6(1)(a) GDPR. Consent is voluntary; alternatively, you can always contact us by email or telephone.

Calendly states in its privacy notice that it also processes personal data in the United States and relies, among other things, on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses for transfers. Calendly Privacy Notice.

5. Fonts and Other Third-Party Content

Fonts

The website uses fonts via next/font. Based on the current project state, the fonts are self-hosted during the build, so loading the page itself does not require an ongoing browser connection to Google for font rendering.

6. Recipients and International Transfers

Recipients of your data may include hosting providers, IT service providers, and communication or appointment-booking providers used in the individual case. If providers outside the EU/EEA are involved, transfers are made only on the basis of a lawful transfer mechanism, such as an adequacy decision, the EU-U.S. Data Privacy Framework, or Standard Contractual Clauses.

7. Retention Period

We delete personal data once the purpose of processing no longer applies and no statutory retention obligations or legitimate documentation interests prevent deletion. Mandatory legal retention periods remain unaffected.

8. Your Rights

Subject to the applicable legal requirements, you have the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing based on Article 6(1)(f) GDPR. You may withdraw consent with effect for the future at any time.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

10. Obligation to Provide Data / Automated Decisions

Where we collect data directly from you, providing the data is mandatory only to the extent required to process your enquiry or provide a feature you expressly requested. According to the current state of this web project, no automated decision-making including profiling takes place.

Last updated: April 6, 2026