Data Privacy
Söldner Consult GmbH (hereinafter: “we”, “us”) is pleased that you are visiting our website www.gitops-director.com (hereinafter: “website”).
Our principle is to collect only what we need and to process this information solely to provide you with the expected service.
Controller
The controller within the meaning of the General Data Protection Regulation (hereinafter: “GDPR”) for the processing of personal data on our website is:
Söldner Consult GmbH
Bucher Str. 79a
90419 Nuremberg
contact@gitops-director.com
For inquiries related to data protection or to exercise your rights as a data subject, you can contact us at any time via email at privacy@soeldner-consult.de.
Data Protection Officer
Our appointed Data Protection Officer is:
Kertos GmbH
Briennerstraße 41
80333 Munich
Germany
Email: dsb@kertos.io
What are personal data?
Personal data are all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, or IP address. Information that we cannot (or only with disproportionate effort) associate with you, e.g., through anonymization, is not considered personal data. The processing of personal data (e.g., collection, query, use, storage, or transfer) always requires a legal basis such as your consent.
Data Processing on Our Website
Provision and Use of the Website
Scope and Purpose of Data Processing
We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services or information.
When you access and use our website, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.
The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access is made (Referrer URL),
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
We process the aforementioned data for the following purposes:
- Ensuring a smooth connection setup of the website
- Ensuring a comfortable use of our website
- For IT security purposes
Legal Basis
Article 6 paragraph 1 lit. f GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a website and to enable secure and comfortable use, thus serving the protection of a legitimate interest of our company.
Storage Duration and Data Deletion
Once the aforementioned data are no longer necessary for the display of the website, they are deleted (at the latest after 30 days). The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, the user has no option to object. Further storage occurs in individual cases if required by law.
Third Parties
Hosting
The technical infrastructure for this website is provided by cloud servers from Amazon Web Services (AWS), offered by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. By using AWS, the following personal data are processed:
- Your IP address
- Date and time of the request
- Domain of the website
- Browser type used
The data processing is necessary to provide you with the requested website. The legal basis is Art. 6 para. 1 lit. f GDPR, with our legitimate interest in providing the technical infrastructure, as otherwise the operation of the website would not be possible.
The service provider is based in the EU and complies with the requirements of the GDPR. Additionally, a server location in Germany was chosen. However, it cannot be excluded that data are also transferred to the USA or other third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. “AWS” is certified within this framework, so such transfers are based on the legal basis of Article 45 GDPR. In addition, standard contractual clauses (SCCs) have been concluded to ensure an adequate level of data protection.
For further information on data protection at AWS, please visit: https://aws.amazon.com/de/compliance/data-privacy/.
Fonts
To display the contents of our website, we use “Google Fonts”, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”).
To integrate Google Fonts, the fonts are loaded from a Google server. The following data are usually transmitted:
- IP address
- Referrer URL
- Operating system
- Browser type
- Screen resolution
- Browser language setting
Your data are usually transferred to a Google server in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. “Google” is certified within this framework, so such transfers are based on the legal basis of Article 45 GDPR. We inform you that Google may share this information with third parties if required by law or if third parties process this data on behalf of Google.
For further information on data protection at Google, please visit: https://policies.google.com/privacy.
International Data Transfer
We primarily process your data within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be located outside the EEA in so-called “third countries.” The General Data Protection Regulation (GDPR) sets high standards for the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in a third country, the provider’s level of data protection is first assessed. A provider is only selected if they can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are based within the EEA or in third countries, each service provider must enter into a data processing agreement with us. For service providers outside the EEA, additional requirements must be met. According to Articles 44 ff. GDPR, personal data can be transferred to service providers that meet at least one of the following conditions:
•The European Commission has determined that the third country ensures an adequate level of protection (e.g., USA and UK).
•Standard contractual clauses have been included in our contract with the data recipient (including any additional measures, if necessary).
•Other appropriate safeguards as provided in Article 46 GDPR (e.g., binding corporate rules).
•In specific exceptional cases in accordance with Article 49 GDPR
Recipients of Personal Data
Within our company, only those individuals who need your personal data for their respective purposes have access to it. Your personal data will only be shared with external recipients if we are legally authorized to do so or if you have given your consent. Below is an overview of the respective recipients:
- Data Processors: Group companies or external service providers, e.g., in the areas of technical infrastructure and processing, maintenance, and payment processing, which are carefully selected and monitored. The data processors may only use the data according to our instructions.
- Public Authorities: Authorities and state institutions, such as tax authorities, public prosecutors, or courts, to whom we transmit personal data (must), e.g., to fulfill legal obligations or to protect legitimate interests.
Captcha
To provide the technical infrastructure and various applications, we use so-called “cloud providers.”
On our website, we use the service “reCAPTCHA,” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). When using the service, the following data is transmitted to Google:
- IP address
- Referrer URL
- Operating system
- Mouse movements/keyboard inputs
- Length of stay
- Device settings (e.g., language settings or location)
The purpose of “reCAPTCHA” is to determine whether an automated user or a real person is behind the user, in the event of contacting us via our contact form. The service thus protects against a failure of the website due to a high number of automated requests. The information is usually transmitted to a Google server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-US Data Privacy Framework. “Google” is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.
The data is deleted after transmission.
Due to the protection of the website and the associated assurance of the provision of the website, we have a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Further information on data protection at Google can be found at: https://policies.google.com/privacy.
Cookies
Scope and Purpose of Data Processing
We use cookies on our website. Cookies are data records that are stored on your computer when you visit our website and allow your browser to be reassigned. Cookies store information such as your language settings, the duration of your visit to our website, or the entries you made there.
There are different types of cookies. Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and are stored in the user’s browser for a predefined period. First-party cookies are set by the website the user is visiting. Only this website is authorized to read information from the cookies. Third-party cookies are set by organizations that do not operate the website the user is visiting.
Cookies can also be distinguished between technically necessary, functional, and advertising cookies. The former are necessary to ensure basic functions of the website (e.g., storage of language settings). Functional cookies collect information about user behavior and whether they receive error messages. Advertising cookies, on the other hand, are used to provide the user with tailored advertising.
Legal Basis
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR due to the described purposes of use, as we have an interest in the user-friendly presentation of our website. If you have given us your consent to the use of functional and advertising cookies through a notice provided by us on the website (“cookie banner”), the legality of the use is also based on Art. 6 para. 1 sentence 1 lit. a GDPR.
Storage Duration and Data Deletion
Once the data transmitted to us via cookies is no longer necessary to fulfill the purposes described above, this information will be deleted. Further storage occurs in individual cases when required by law.
Configuration of Browser Settings
Most browsers are set by default to accept cookies. However, you can configure your browser to accept only certain cookies or no cookies at all. We would like to point out that you may no longer be able to use all the functions of our website if you disable cookies in the browser settings. You can also delete cookies already stored in your browser via your browser settings or view the storage duration. It is also possible to set your browser to notify you before cookies are stored. Since different browsers may vary in their respective functions, we ask you to use the respective help menu of your browser for configuration options.
Consent Management
To manage consent for the use of cookies, we use the management tool from Complianz, Kalmarweg 14-5, 9723 JG, Groningen, Netherlands. Complianz helps us store and enforce your preferences regarding the use of cookies on our portal. Your consent data is transmitted to Complianz. The service provider is based in the EU and complies with the GDPR requirements. For more information on data protection at Complianz, please visit: https://complianz.io/legal/privacy-statement/
Data processing is necessary to provide you with the legally required consent management and to fulfill our documentation obligations. The legal basis is Art. 6 para. 1 lit. c GDPR as well as Art. 6 para. 1 lit. f GDPR, justified by our interest in complying with the legal requirements for consent management.
Cookielist
| NAME | Provider | Purpose | Duration |
| _ga | Google Analytics | distinguish unique users by assigning a randomly generated number as a client identifier. | 13 month |
| rc::a | Google Recaptcha | distinguish between humans and bots. | unlimited |
| rc::c | Google Recaptcha | distinguish between humans and bots during a user’s browsing session and contributes to the overall website security. | Session |
Analytics and Tracking
We use tracking and analysis tools to ensure continuous optimization and customized design of our website.Various tracking technologies are used on our website. These may include additional measures, in addition to the aforementioned cookies, such as creating a recognizable value by combining different device and browser information (Device Fingerprinting). With the help of tracking measures, we are also able to statistically record the use of our website by visitors and use the insights gained to further develop our online offerings for you. The data is processed according to your consent in accordance with Art. 6 para. 1 lit. a) GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.
Google – Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).Google Analytics uses cookies and similar tracking methods such as Device Fingerprinting.
The information stored in these cookies, e.g. about the time, location, and frequency of your use of our website, is usually transferred to a Google server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. “Google” is certified under this framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. In addition, standard contractual clauses (SCC) have been concluded with “Google”. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may also collect other personal data in addition to the IP address. We point out that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.
Google will use the information generated by the cookie to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
You can generally prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we point out that in this case, you may not be able to use all the functions of this website to their full extent.
You can revoke your consent to processing and transfer to third countries at any time. The legality of the processing carried out up to the point of revocation remains unaffected.
For more information on data protection at Google, please visit: https://policies.google.com/privacy.
Data Security and Security Measures
We are committed to treating your personal data confidentially. To prevent manipulation, loss, or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
However, we point out that due to the structure of the Internet, it cannot be ruled out that data protection regulations and the above-mentioned security measures are not observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – e.g. during transmission by e-mail – can be viewed by third parties. We have no technical influence on that. It is your responsibility as a user to protect the data you provide from misuse by encryption or other means.
Data Retention
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also occur if this is provided for by European or national legislators in EU regulations, laws, or other regulations to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the mentioned standards expires unless further storage of the data is necessary for the conclusion or fulfillment of a contract.
Rights of the Data Subject
Regarding your personal data, you have the following legal rights towards us:
Right of Access
You have the right to request confirmation as to whether we process personal data about you. If this is the case, you have the right to access this personal data and further information, e.g. about the processing purposes, the recipients, and the planned duration of storage or the criteria for determining the duration.
Right to Rectification
You have the right to request the immediate correction of inaccurate data. Considering the purposes of the processing, you have the right to request the completion of incomplete data.
Right to Erasure (“Right to be Forgotten”)
You have the right to request erasure if processing is not necessary. This is the case, for example, if your data is no longer needed for the original purposes, if you have withdrawn your consent under data protection law, or if the data has been unlawfully processed.
Right to Restriction of Processing
You have the right to request the restriction of processing, e.g. if you believe that the personal data is inaccurate.
Right to Data Portability
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.
Right to Withdraw Your Consent under Data Protection Law
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the point of withdrawal.
Notwithstanding these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.
Version History
| Date | Version | Notes |
| 15.05.2025 | 1.0 | First Version |