Privacy Policy

1. Controller

Keystone Design Planungsgesellschaft mbH
Herseler Str. 2–10
50389 Wesseling
Germany

Represented by: Dipl.-Ing. Robin Henn (Managing Director)
Email: info@keystonedesign.de
Telephone: +49 175 44 39 215

Contact for data protection enquiries: RHenn@keystonedesign.de (alternatively: info@keystonedesign.de).

2. Data Protection Officer

Owing to the size of the company, no data protection officer is required to be appointed pursuant to § 38 BDSG (German Federal Data Protection Act). For data protection questions, please contact the entity named under 1.

3. Hosting and Server Log Files

This website is hosted in Germany by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen) in a data centre within the EU. When the site is accessed, technically necessary data is processed in server log files:

• IP address (truncated where technically feasible)
• date and time of access
• URL accessed and referrer
• user agent (browser, operating system)
• HTTP status and volume of data transferred

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure operation and error analysis). Storage period: a maximum of 30 days, after which the data is deleted or anonymised. A data processing agreement exists with the host (Art. 28 GDPR).

4. Consent Management (Consent Banner)

On your first visit you are shown a consent dialog. Statistics and marketing services (Sections 7 and 8) are loaded only after your active consent. To manage your consent we use the self-hosted consent manager Klaro; your decision is stored in a technically necessary entry in your browser (local storage/cookie) so that the dialog does not reappear on every visit.

In addition, the Google Consent Mode v2 is active: by default, analytics and advertising storage are set to “denied” and are only switched to “granted” after consent is given. You can withdraw or adjust your consent at any time with effect for the future via the consent dialog. Legal bases: § 25 (1) TDDDG (storage of / access to terminal equipment) and Art. 6 (1) lit. a GDPR (consent); for the technically necessary consent entry, § 25 (2) TDDDG.

5. Contact and Enquiry Form

If you contact us by email, telephone, WhatsApp or via the enquiry form, we process the transmitted data to handle your enquiry and for any follow-up communication. Enquiries submitted via the form are stored on our own server (Hetzner, Germany); notification is sent by email via our mail provider STRATO AG (Germany).

Data processed:

• name, email address, telephone number (if provided)
• content of your enquiry
• when using the form: project profile, location, construction volume (if provided)

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures and performance of a contract), and for enquiries not related to a contract Art. 6 (1) lit. f GDPR. Storage period: until the conclusion of the correspondence; in the event of a contract, until the expiry of the statutory retention periods (as a rule 6 years under the HGB / German Commercial Code, or 10 years under the AO / German Fiscal Code).

Spam protection: To protect the form we use Altcha – a self-hosted, privacy-friendly solution based on a proof-of-work computation. No external captcha service (e.g. Google reCAPTCHA), no cookies and no tracking data are used. Legal basis: Art. 6 (1) lit. f GDPR (protection against abusive use).

6. WhatsApp Communication

If you contact us via the WhatsApp link, the content and metadata of your message are transmitted via the servers of WhatsApp Ireland Ltd. (Meta group). The data processing is governed by WhatsApp’s terms (whatsapp.com/legal/privacy-policy-eea). Legal basis for our use of the channel: Art. 6 (1) lit. b GDPR (pre-contractual measures) and Art. 6 (1) lit. f GDPR (low-threshold contact channel).

7. Web Analytics (only with consent)

After your consent (Section 4) we use the following analytics services:

Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Measurement ID G-2GJ9C7643H. The IP address is processed in truncated form (anonymize_ip). Purpose: reach analysis and understanding of usage in order to improve the website.

Microsoft Clarity (Microsoft Ireland Operations Ltd., One Microsoft Place, Dublin 18, Ireland). Project ID wugf9w2vtj. Purpose: aggregated analysis of page usage (e.g. heatmaps, click/scroll behaviour) to optimise user guidance.

Legal basis: Art. 6 (1) lit. a GDPR (consent), § 25 (1) TDDDG. The processing does not take place at all if you do not consent.

8. Marketing and Conversion Tracking (only with consent)

After your consent we use the following advertising/conversion services in order to measure the success of our ads and to display relevant advertising:

Meta Pixel (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). Pixel ID 1369177005025703. Purpose: measurement of actions following a visit prompted by our ads displayed on Facebook/Instagram, as well as reach/remarketing functions. A joint controllership agreement exists with Meta (Art. 26 GDPR).

Google Ads Conversion Tracking (Google Ireland Limited). Conversion ID AW-17178295547. Purpose: measuring which ads lead to enquiries.

Legal basis: Art. 6 (1) lit. a GDPR (consent), § 25 (1) TDDDG. Without consent these services are not loaded.

9. Cookies and Local Storage

Without consent, this website sets only technically necessary entries (in particular the storage of your consent decision, Section 4). Only after your consent can the services named under Sections 7 and 8 set their own cookies or local storage entries. You can withdraw consent given at any time via the consent dialog.

10. Fonts

This website loads no fonts from external servers (in particular no Google Fonts CDN). Fonts provided locally or already present on your system are used. Your IP address is not transmitted to a font service provider.

11. Recipients and Processors

The following service providers process personal data on our behalf or receive it as independent controllers:

• Hetzner Online GmbH (Germany) — hosting (processing on our behalf, Art. 28 GDPR)
• STRATO AG (Germany) — email dispatch (processing on our behalf)
• Google Ireland Limited — Google Analytics 4, Google Ads (only after consent)
• Microsoft Ireland Operations Ltd. — Microsoft Clarity (only after consent)
• Meta Platforms Ireland Ltd. — Meta Pixel (only after consent); WhatsApp Ireland Ltd. (in the case of WhatsApp contact)

Specific data processing agreements are available for inspection on request.

12. Data Transfers to Third Countries

For the services named under Sections 6, 7 and 8, transfers to group companies in the USA may occur. These are based on the EU-US Data Privacy Framework (adequacy decision) or on EU standard contractual clauses pursuant to Art. 46 GDPR. We provide information on the safeguards on request.

13. Your Rights

You have the following rights (Art. 15 et seq. GDPR):

• access to the data processed (Art. 15)
• rectification of inaccurate data (Art. 16)
• erasure (Art. 17)
• restriction of processing (Art. 18)
• data portability (Art. 20)
• objection to processing based on legitimate interests (Art. 21)
• withdrawal of consent given, with effect for the future (Art. 7 (3))

Right to lodge a complaint with the competent supervisory authority: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf (ldi.nrw.de).

14. Currency of This Statement

We reserve the right to amend this statement should legal bases or the services used change. The respective current version applies.