Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

TOROTRON

Michael Coccejus

Bergstr. 4

55424 Münster-Sarmsheim

Email: office@torotron.com

2. Data Protection Officer

No data protection officer has been appointed, as there is no legal obligation to appoint one.

3. Provision of the website and server log files

3.1 Description of processing

When this website is accessed, the server automatically processes data in so-called server log files. The following data may be processed:

- IP address

- Date and time of the request

- Requested page/file (URL/path)

- Transferred data volume and status codes

- Referrer URL (if transmitted by the browser)

- Browser type and version

- Operating system

- Hostname of the accessing device (if recorded)

3.2 Purposes

Processing is carried out for the technical provision of the website and to ensure security, stability, and abuse detection (e.g. defense against attacks, error analysis).

3.3 Legal basis

Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and uninterrupted provision of the website).

3.4 Recipients

Recipient of the data is the hosting provider (infrastructure/server operation):

netcup GmbH

3.5 Storage period

Server log files are stored for 14 days and then deleted, unless further retention is required for evidentiary purposes (e.g. in security-related incidents).

4. Contact form and email communication

4.1 Description of processing and data categories

If you contact us via the contact form, we process the data you submit to handle your request. Mandatory fields are:

- Name

- Company

- Email address

In addition, message content is processed.

Your request is handled via email. The mail server is operated on the same VPS on which this website is hosted.

4.2 Purposes

Handling and responding to your request and, where applicable, initiating or executing a contractual relationship.

4.3 Legal basis

Processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures/performance of contract) insofar as the request relates to a (pre-)contractual service.

Otherwise, processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in handling and responding to inquiries).

4.4 Recipients

Within our organization, only those units that need access to process the request receive access.

No external email service provider is used for this. The hosting provider (netcup GmbH) may have access to the systems within the scope of infrastructure/server operation.

4.5 Storage period

Emails and inquiries are stored only as long as necessary to process the request. Longer storage occurs only where statutory retention obligations exist or where necessary for the assertion, exercise, or defense of legal claims.

5. Spam and abuse protection with ALTCHA

5.1 Description of processing

We use ALTCHA to protect our contact form against automated input, spam, and abusive requests.

ALTCHA is self-hosted by us. Processing takes place exclusively via our own technical infrastructure. No cookies are set in connection with ALTCHA, and no data is transmitted to external third parties as part of the CAPTCHA/spam protection function.

5.2 Purposes

Processing is carried out to protect our contact form and our systems against automated attacks, spam messages, and abusive use, and to ensure the availability and security of our website.

5.3 Legal basis

The legal basis for processing is Art. 6 para. 1 lit. f GDPR.

Our legitimate interest lies in protecting our website, our communication channels, and our IT infrastructure against abusive, automated, or harmful use.

5.4 Processed data

As part of the use of ALTCHA, technically necessary data may be processed, in particular:

- IP address

- Technical connection data

- Information about the browser and system used

- Date and time of access

- Challenge-/verification-related technical validation values

Processing is carried out exclusively for bot detection and abuse prevention.

5.5 Recipients of the data

The recipient of the data is exclusively the hosting or server operation used by us within the scope of our own infrastructure. No transfer to external CAPTCHA providers or other third parties takes place in connection with ALTCHA.

5.6 Storage period

The data processed in connection with ALTCHA is stored only as long as necessary for providing the function, detecting abuse, and for technical and security-related reasons. Insofar as server log files are affected, the retention periods for log data stated elsewhere in this privacy policy apply additionally.

5.7 Provision required or necessary

The provision of the technical data processed in connection with ALTCHA is required in order to use the protected form. Without this protective function, the form may not be usable at all or may only be usable to a limited extent for security reasons.

5.8 Transfer to third countries

No transfer of personal data to states outside the European Union or the European Economic Area takes place in connection with ALTCHA.

6. Backups

6.1 Description, purpose, and legal basis

Backups are created and retained in order to restore systems in case of errors. This processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in data security and recoverability).

6.2 Storage period

Backups are retained for 1 year and then overwritten or deleted.

Note: Data deleted in production systems may remain in backups until scheduled deletion/overwriting. Restoration from backups is performed only when required (e.g. for system recovery).

7. Transfers to third countries

No transfer of personal data to countries outside the EU/EEA takes place.

8. Automated decision-making/profiling

No automated decision-making, including profiling, takes place.

9. Data subject rights

You have the following rights regarding your personal data:

- Access (Art. 15 GDPR)

- Rectification (Art. 16 GDPR)

- Erasure (Art. 17 GDPR)

- Restriction of processing (Art. 18 GDPR)

- Data portability (Art. 20 GDPR)

- Objection (Art. 21 GDPR), insofar as processing is based on Art. 6 para. 1 lit. f GDPR

To exercise your rights, a notification to the above contact details is sufficient.

10. Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular with the authority of your habitual residence, your place of work, or the place of the alleged infringement.