Privacy policy.

The controller responsible for data processing on this website is:

CITO GmbH
Jungfrauenthal 8
20149 Hamburg, Germany
Managing Director: Sebastian von Johnston
E-mail: info@cavrix.de
Phone: +49 (0)40 22637183

Within the framework of the applicable statutory provisions, you have the right at any time to:

• Access (Art. 15 GDPR): You may request information about the personal data we process about you.
• Rectification (Art. 16 GDPR): You may request the prompt rectification of inaccurate data or completion of the data we hold about you.
• Erasure (Art. 17 GDPR): You may request the erasure of the data we hold about you, provided no statutory retention obligation or other overriding reason applies.
• Restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your data.
• Data portability (Art. 20 GDPR): You have the right to receive data we process automatically on the basis of your consent or in performance of a contract in a common, machine-readable format.
• Objection (Art. 21 GDPR): For reasons arising from your particular situation, you may object to processing based on Art. 6 (1) (f) GDPR.
• Withdrawal of consent (Art. 7 (3) GDPR): You may withdraw any consent given at any time with effect for the future. The lawfulness of processing carried out up to the withdrawal remains unaffected.

We operate this website on infrastructure within the European Union (e.g. Google Cloud Run or IONOS). A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with the respective provider.

When the website is accessed, the server automatically records technical access data in so-called server log files. This includes, in particular, the IP address, browser type and version, the operating system used, the referrer URL, and the date and time of access.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a technically error-free, secure and stable provision of the online offering).

Retention period: Log files are generally deleted automatically after no more than seven (7) days, unless security-relevant events require longer storage.

If you contact us via our contact form or by e-mail, we process the data you provide (e.g. name, business e-mail address, company, message content) in order to handle your request.

For sending form messages, we use the service Resend (Resend, Inc.) as a processor. Resend processes the transmitted data exclusively for the technical delivery of the e-mail. A data processing agreement is in place with the provider; insofar as data is transferred to a third country, this is safeguarded by the EU Commission's standard contractual clauses.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures or contract initiation) and Art. 6 (1) (f) GDPR (legitimate interest in efficiently handling inquiries).

Retention period: For the duration of processing your request. We retain business correspondence in accordance with commercial and tax retention periods (6 years under Section 257 HGB and 10 years under Section 147 AO).

We use only technically necessary cookies that are required for the operation and security of the website. The legal basis for this is Section 25 (2) no. 2 TDDDG; no consent is required in this respect.

We do not use technically non-essential cookies or analytics or marketing technologies by default. Should we use consent-requiring technologies in the future (Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR), we will obtain your explicit consent in advance via a consent management tool and update this policy accordingly.

The processing of personal data in the context of providing our website and services takes place in principle within the European Union. Where, in an individual case, a transfer to a third country is necessary, this takes place only on the basis of an adequacy decision of the EU Commission or on the basis of appropriate safeguards, in particular standard contractual clauses.

Where we use AI-supported features, the customer data processed in doing so is not used to train the underlying AI models. This is contractually safeguarded with the infrastructure partners we use.

On the basis of the data you provide, we do not carry out any solely automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. All results generated by our systems serve a supporting purpose; every material decision is taken by a natural person.