crAIdon

Privacy Policy

Last updated: May 4, 2026

This privacy policy informs you in accordance with Art. 13 and Art. 14 of the EU General Data Protection Regulation (GDPR) about the nature, scope, and purpose of the processing of personal data on this website (the “Website”).

1. Controller

The controller within the meaning of the GDPR is:

Paul Fast

Steinstraße 48

32547 Bad Oeynhausen

Germany

kontakt@craidon.de

+49 151 50629100

A data protection officer is not legally required and has not been appointed.

2. General Information on Data Processing

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data takes place only with the user's consent (Art. 6 (1)(a) GDPR), to perform a contract or pre-contractual measures (Art. 6 (1)(b) GDPR), or on the basis of legitimate interests (Art. 6 (1)(f) GDPR).

3. Server Log Files

When you access this website, technical data is automatically collected by our hosting provider and stored in server log files transmitted by your browser. The following data is collected:

  • IP address of the requesting device
  • Date and time of the request
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser type and version
  • User's operating system
  • Referrer URL (previously visited page)

This data is processed to ensure error-free operation of the website and to defend against attacks. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in a secure and stable web service). The data is deleted after a short period unless it is needed to investigate a specific security incident. The data is not merged with other data sources.

4. Hosting (Vercel)

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA (“Vercel”). When you access the website, Vercel processes technical connection data (in particular IP address) as a processor within the meaning of Art. 28 GDPR in order to deliver the content and ensure availability. We have concluded a Data Processing Addendum with Vercel. Transfers to the USA take place on the basis of the EU-US Data Privacy Framework (adequacy decision of the EU Commission of 10 July 2023) and additionally on the basis of the EU Standard Contractual Clauses. Vercel is certified under the Data Privacy Framework. Legal basis is Art. 6 (1)(f) GDPR. Further information: https://vercel.com/legal/privacy-policy.

5. Domain Registration (IONOS)

The domain craidon.de is registered with IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. As part of domain administration, IONOS processes the master data of the domain owner that is mandatory under DENIC eG guidelines. Personal data of visitors to this website is not processed by IONOS as part of the pure domain registration. Further information: https://www.ionos.com/terms-gtc/terms-privacy/.

6. Lead Database (Supabase)

Inquiries you submit via the contact form are stored in a database we operate with Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992 (Supabase). The data is processed under a data processing agreement pursuant to Art. 28 GDPR; we have concluded such an agreement with Supabase including the EU Standard Contractual Clauses. Insofar as data is transferred to third countries (in particular the USA), this is done on the basis of the Standard Contractual Clauses and – where applicable – the EU-US Data Privacy Framework. Legal basis is Art. 6 (1)(b) GDPR (initiation of a contractual relationship) and/or Art. 6 (1)(f) GDPR (efficient processing of your inquiry). Further information: https://supabase.com/privacy.

7. Contact and Inquiry Forms

Our website provides two inquiry forms: a general contact form and a free potential analysis form. When using the contact form, we process the following personal data:

  • Name
  • Email address
  • Content of the message
  • Time of submission

When using the potential analysis form, we additionally process voluntarily provided information about your company (industry, number of employees), internal processes and workflows, as well as your goals and current digitisation status. This data is used exclusively to prepare an individual potential analysis and for any follow-up questions. All form data is processed without disclosure to third parties and stored exclusively in our Supabase database (see section 6). Legal basis is Art. 6 (1)(b) GDPR (pre-contractual measures) and Art. 6 (1)(f) GDPR (legitimate interest in efficient inquiry handling). Providing your data is voluntary. We store your inquiry until the purpose of processing no longer applies or until you request deletion, unless statutory retention obligations apply.

8. Cookies

This website does not actively set its own cookies and does not use any tracking, analytics, or marketing cookies. It is possible that our hosting provider sets technically necessary cookies (e.g. for load balancing or security); these are permitted without consent under § 25 (2) no. 2 TDDDG, as they are strictly necessary for the operation of the website.

9. No Web Analytics, No Tracking

We do not use any web analytics services (e.g. Google Analytics, Matomo) or any tracking, profiling, or marketing tools on this website.

10. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” prefix in your browser's address bar and the lock icon.

11. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7 (3) GDPR)

An informal message to the email address listed in the legal notice is sufficient to exercise your rights.

12. Right to Object

Insofar as we process personal data on the basis of legitimate interests pursuant to Art. 6 (1)(f) GDPR, you have the right to object at any time to such processing on grounds relating to your particular situation (Art. 21 GDPR). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR). The competent supervisory authority for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestraße 2–4

40213 Düsseldorf

https://www.ldi.nrw.de

14. No Automated Decision-Making

We do not use automated decision-making within the meaning of Art. 22 GDPR – including profiling.

15. Updates to This Privacy Policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services, e.g. when introducing new features. The version that is current at the time of your next visit will then apply.