1. Controller
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Piotr Domowicz
Westfalenring 32
12207 Berlin
Germany
Phone: +49 151 262 354 28
Email: contact@circonis.com
VAT: DE350022597
2. Data We Collect
We collect and process personal data only to the extent necessary and on a lawful basis. The categories of data we process are as follows:
| Category | Data | Purpose | Legal Basis |
|---|---|---|---|
| Server / access logs | IP address, browser type, pages visited, timestamps | Security, error detection, fraud prevention | Art. 6(1)(f) GDPR — legitimate interest |
| Payment data | Card details, billing address, transaction ID | Processing your purchase via Stripe | Art. 6(1)(b) GDPR — contract performance |
| Analytics | Anonymised usage data, device type, traffic source | Understanding website usage via Google Analytics | Art. 6(1)(a) GDPR — consent (cookie banner) |
| Direct contact | Name, email address, phone number, message content | Responding to enquiries sent by email or phone | Art. 6(1)(f) GDPR — legitimate interest |
| Order / invoice data | Name, delivery address, email, VAT number (B2B) | Order fulfilment and VAT invoice issuance | Art. 6(1)(b) & (c) GDPR — contract & legal obligation |
We do not collect sensitive personal data (as defined in Art. 9 GDPR). We do not use automated decision-making or profiling that produces legal or similarly significant effects.
3. Hosting — All-Inkl
This website is hosted by ALL-INKL.COM — Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. All-Inkl operates data centres located exclusively in Germany, meaning your data remains within the European Union and is subject to German and EU data protection law.
When you access this website, your browser automatically transmits certain technical data to our server — including your IP address, the requested URL, browser type, operating system and the date and time of access. This data is temporarily stored in server log files for the purpose of system security, error analysis and abuse prevention. Log files are automatically deleted after a reasonable retention period.
All-Inkl acts as a data processor on our behalf under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. Their privacy policy is available at all-inkl.com/datenschutzinformationen.
4. Payment Processing — Stripe
All payments on this website are processed by Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Stripe"). Stripe is an authorised Payment Institution regulated by the Central Bank of Ireland.
When you make a purchase, you are directed to a Stripe-hosted checkout environment. Payment card data (card number, expiry date, CVC) is entered directly into Stripe's systems and is never transmitted to or stored by Circonis. We receive only a tokenised transaction reference and the outcome of the payment.
Stripe processes your payment data as an independent data controller for the purposes of fraud detection, payment processing and regulatory compliance. Stripe's processing is subject to their own Privacy Policy, available at stripe.com/privacy.
Stripe implements 3D Secure (3DS) / Strong Customer Authentication (SCA) as required by EU Payment Services Directive 2 (PSD2). Stripe uses cookies and fraud-detection signals during checkout — these are strictly necessary for payment processing and do not require separate consent.
The legal basis for transmitting your data to Stripe is Art. 6(1)(b) GDPR (performance of contract).
5. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies to collect information about how visitors use this website — including pages visited, time spent on the site, traffic source and device type. This information is used to compile reports and help us understand and improve the site.
We have configured Google Analytics with the following privacy measures:
- IP anonymisation is enabled — your IP address is truncated before storage.
- Data sharing with Google advertising products is disabled.
- We do not use Google Analytics Advertising Features.
Google Analytics data may be transferred to and stored on servers in the United States. Google LLC is certified under the EU–US Data Privacy Framework, providing an adequate level of data protection under Art. 45 GDPR.
Google Analytics cookies are only set with your explicit consent via our cookie banner. The legal basis is Art. 6(1)(a) GDPR. You may withdraw consent at any time by adjusting your cookie preferences. You may also install the Google Analytics Opt-out Browser Add-on to prevent data collection across all websites.
Google's privacy policy is available at policies.google.com/privacy.
6. Google Search Console & Google Tags
We use Google Search Console to monitor this website's presence in Google Search results. Search Console receives aggregated, anonymised data about search queries that lead users to our site. It does not place cookies on your browser and does not collect personally identifiable information from site visitors.
We use Google Tag Manager to manage and deploy tracking tags (including the Google Analytics tag) on this website. Google Tag Manager itself does not collect personal data — it is a tag management system that loads other scripts based on your cookie consent. Tags that collect personal data are only loaded after you have given your consent via the cookie banner.
The legal basis for any data processing initiated via Google Tag Manager is the legal basis applicable to the individual tag deployed (see Sections 5 and 7).
7. Cookies
This website uses cookies — small text files stored in your browser. We use the following categories of cookies:
| Category | Purpose | Examples | Consent Required |
|---|---|---|---|
| Strictly Necessary | Essential for the website and payment process to function | Stripe payment session cookies | No — always active |
| Analytics | Understanding how visitors use the site | Google Analytics (_ga, _gid, _gat) | Yes — opt-in via cookie banner |
You can manage or withdraw your cookie consent at any time via your browser settings or by clearing cookies. Please note that disabling strictly necessary cookies may affect the functionality of the checkout process.
8. Direct Contact
If you contact us by email or telephone, we process the personal data you provide (such as your name, email address, phone number and the content of your message) solely for the purpose of handling your enquiry and any follow-up communication.
We do not pass this data to third parties. Data shared in direct contact is retained only as long as necessary to resolve your enquiry, plus any applicable statutory retention periods (see Section 10).
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to business enquiries). Where your enquiry leads to a contract, the legal basis transitions to Art. 6(1)(b) GDPR.
9. Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — You may request correction of inaccurate data.
- Right to erasure (Art. 17) — You may request deletion of your data where there is no overriding legal basis for retention.
- Right to restriction of processing (Art. 18) — You may request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20) — You may request your data in a structured, machine-readable format.
- Right to object (Art. 21) — You may object to processing based on legitimate interest at any time.
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at the details in Section 1. We will respond within one month as required by Art. 12 GDPR.
10. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
- Order and invoice data — retained for 10 years in accordance with §§ 147 AO and 257 HGB (German fiscal and commercial retention obligations).
- Direct contact data — retained for the duration of the enquiry relationship, then deleted unless a commercial relationship follows.
- Server log files — automatically deleted after 30 days.
- Analytics data — retained by Google Analytics for 14 months (our configured retention period), then automatically deleted.
11. International Data Transfers
Some of our service providers — specifically Google (Analytics, Tag Manager, Search Console) and Stripe — may process data outside the European Economic Area (EEA), including in the United States.
Where data is transferred outside the EEA, we ensure adequate protection through one or more of the following mechanisms:
- EU adequacy decision under Art. 45 GDPR
- Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46 GDPR
- Certification under the EU–US Data Privacy Framework (where applicable)
Our hosting provider All-Inkl operates exclusively within Germany — no international transfer occurs in relation to hosting.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal requirements. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this policy periodically.
Where changes are material, we will take reasonable steps to bring them to your attention.
13. Contact & Right to Lodge a Complaint
If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact us:
Westfalenring 32, 12207 Berlin, Germany
Phone: +49 151 262 354 28
Email: contact@circonis.com
You also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Berlin is:
Friedrichstraße 219
10969 Berlin
Germany
datenschutz-berlin.de