Name and contact details of the controller
Our controller (hereinafter referred to as “Controller”) within the meaning of Art. 4 No. 7 GDPR is:
Managing Director Adrian Schnell
Email address: adrian@schnell.expert
Types of data, purposes of processing and categories of data subjects
Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. Types of data we process
Usage data (access times, visited websites etc.), communication data (IP address etc.),
2. Purposes of processing pursuant to Art. 13 para. 1 c) GDPR
Technical and economic optimization of the website, enabling easy access to the website, improving user experience, making the website user-friendly, marketing / sales / advertising, creation of statistics,
3. Categories of data subjects pursuant to Art. 13 para. 1 e) GDPR
Visitors/users of the website,
The data subjects are collectively referred to as “users”.
Legal bases for the processing of personal data
Below we inform you about the legal bases for the processing of personal data:
If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis.
If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken at your request, Art. 6 para. 1 sentence 1 lit. b) GDPR is the legal basis.
If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention obligations), Art. 6 para. 1 sentence 1 lit. c) GDPR is the legal basis.
If the processing is necessary to protect vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) GDPR is the legal basis.
If the processing is necessary to safeguard our legitimate interests or those of a third party and your interests or fundamental rights and freedoms do not prevail, Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.
Disclosure of personal data to third parties and processors
Without your consent, we generally do not disclose data to third parties. If this should nevertheless be the case, disclosure is based on the aforementioned legal bases, e.g. when disclosing data to online payment providers for contract performance or due to a court order or a legal obligation to disclose data for the purpose of criminal prosecution, danger prevention or enforcement of intellectual property rights.
We also use processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to processors within the scope of a data processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, regularly monitor them and have granted ourselves a right to issue instructions regarding the data. In addition, processors must have implemented appropriate technical and organizational measures and comply with the data protection regulations pursuant to BDSG n.F. and GDPR.
Data transfer to third countries
With the adoption of the European General Data Protection Regulation (GDPR), a uniform basis for data protection in Europe has been created. Your data is therefore predominantly processed by companies to which GDPR applies. If processing by third-party services outside the European Union or the European Economic Area should nevertheless take place, they must meet the special requirements of Art. 44 et seq. GDPR. This means that processing is carried out on the basis of special safeguards, such as an officially recognized adequacy decision by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”.
If, due to the invalidity of the so-called “Privacy Shield”, we obtain your explicit consent for the transfer of data to the USA pursuant to Art. 49 para. 1 sentence 1 lit. a) GDPR, we point out the risk of secret access by US authorities and the use of data for surveillance purposes, possibly without legal remedies for EU citizens.
Deletion of data and storage duration
Unless expressly stated otherwise in this privacy policy, your personal data will be deleted or blocked as soon as the consent you have given for processing is revoked or the purpose for storage no longer applies or the data is no longer required for the purpose, unless further storage is required for evidentiary purposes or statutory retention obligations prevent deletion. This includes, for example, commercial law retention obligations for business correspondence pursuant to § 257 para. 1 HGB (6 years) and tax law retention obligations pursuant to § 147 para. 1 AO for documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still required for contract conclusion or contract performance.
Existence of automated decision-making
We do not use automated decision-making or profiling.
Provision of our website and creation of log files
If you use our website for informational purposes only (i.e. without registration or other transmission of information), we only collect the personal data that your browser transmits to our server. When you view our website, we collect the following data:
• IP address;
• Internet service provider of the user;
• Date and time of access;
• Browser type;
• Language and browser version;
• Content of the request;
• Time zone;
• Access status/HTTP status code;
• Amount of data transferred;
• Websites from which the request originates;
• Operating system.
This data is not stored together with other personal data of yours.
This data serves the purpose of delivering our website to you in a user-friendly, functional and secure manner with functions and content, as well as its optimization and statistical evaluation.
The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.
We store this data in server log files for a storage period of 14 days for security reasons. After expiry of this period, the data is automatically deleted unless further storage is required for evidentiary purposes.
Contact via contact form / email / fax / post
When contacting us via contact form, fax, post or email, your information is processed for the purpose of handling the contact request.
If consent has been given, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR applies. If the contact aims at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR is an additional legal basis.
Stand: 14.01.2026