Privacy Policy

2. General Information on Data Processing

We process personal data of visitors to this website only to the extent necessary to provide a functional and secure website, or where you voluntarily provide us with data, for example when contacting us by email.

The processing is carried out on the basis of the General Data Protection Regulation (GDPR), in particular Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract or for pre-contractual measures, and Art. 6(1)(f) GDPR, where we have a legitimate interest in the secure and stable operation of our website.

3. Hosting and Technical Provision of the Website

This website is hosted via Cloudflare Pages. Provider: Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107 USA

When you access our website, technically necessary data is processed to display the website, deliver it securely, and protect it against misuse. This may include in particular the following data:

IP address date and time of access page accessed / URL browser type and browser version operating system referrer URL technical connection and security information

The purpose of this processing is the secure, stable, and efficient provision of the website as well as the detection and prevention of technical disruptions or abusive access. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure, stable, and high-performance operation of our website. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework. To the extent that data is transferred to the USA, such transfers take place on the basis of the European Commission's adequacy decision of 10 July 2023 (Art. 45 GDPR) and, additionally, on the basis of Standard Contractual Clauses (Art. 46 (2) (c) GDPR).

4. Cookies, Consent and Web Analytics

4.1 Consent management (cookie banner)

On your first visit we show you a consent banner. Cookies and services that require consent (the "Statistics" and "Marketing" categories) are only loaded and executed after you have actively consented. You can select individual categories, reject all, or accept all; rejecting is just as easy as accepting. We store your choice in a strictly necessary cookie ("rynex_consent", retained for 12 months) together with the time and version of your decision, so that we can demonstrate your consent.

The legal basis for the consent-requiring services is your consent under Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You can change or withdraw your consent at any time with effect for the future via the "Cookie settings" link in the footer (Art. 7(3) GDPR). The lawfulness of processing carried out before withdrawal remains unaffected.

To deliver and consent-gate the services below we use Google Tag Manager (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). The Tag Manager is loaded only after your consent and does not itself set analytics cookies.

4.2 Cloudflare Web Analytics (no consent required, legitimate interest)

We use Cloudflare Web Analytics for reach measurement. The service is cookieless and neither stores nor reads information on your device; it is therefore exempt from consent under § 25(2) no. 2 TDDDG. It collects aggregated usage data (e.g. pages viewed, referrer, approximate region, device type, load times). According to Cloudflare, no identification of individuals or cross-device tracking takes place. The legal basis is our legitimate interest in privacy-friendly reach measurement (Art. 6(1)(f) GDPR).

Right to object (Art. 21 GDPR): you may object to this processing at any time on grounds relating to your particular situation, informally by email to [email protected]. The provider is Cloudflare, Inc. (USA); for transfers to the USA see section 4.7.

4.3 Google Analytics 4 (Statistics – consent)

After your consent we use Google Analytics 4 (Google Ireland Ltd.; Google LLC, USA) to analyse usage behaviour (reach, sources, time on site, conversions). It sets cookies (including _ga, _ga_*, retained up to 2 years) and processes usage and device data. IP addresses are truncated for EU traffic and not stored by Google. "Google Signals" is disabled; restricted data processing ("Do not sell or share") is enabled. User/event-level retention is limited in the Google Analytics settings to 14 months. The legal basis is your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG).

4.4 Google Ads (Marketing – consent)

After your consent we use Google Ads (Google Ireland Ltd.; Google LLC, USA) to measure the success of our adverts (conversion tracking) and for remarketing. This sets cookies (e.g. _gcl_*, retained up to about 90 days) and transmits usage data to Google. The legal basis is your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG).

4.5 LinkedIn Insight Tag (Marketing – consent, joint controllership)

After your consent we use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; LinkedIn Corporation/Microsoft, USA) to measure the success of our LinkedIn campaigns, for reach analysis and for retargeting. It sets cookies (e.g. li_*, bcookie; retained up to about 6 months) and transmits usage data to LinkedIn.

For the collection and transmission of data via the Insight Tag, we and LinkedIn Ireland are joint controllers within the meaning of Art. 26 GDPR. We have entered into LinkedIn's joint-controller arrangement for this purpose; the essence of it is available in LinkedIn's Insight Tag information. For the subsequent processing under LinkedIn's own responsibility, LinkedIn is the point of contact; you may exercise your data-subject rights both with us and with LinkedIn. The legal basis is your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG).

4.6 Cloudflare Turnstile (technically necessary)

On the contact form page, Cloudflare Turnstile is used to protect against automated requests (bot and spam protection). For this purpose, Turnstile processes technical connection information (in particular IP address, browser and device information, and a security token) and sets a non-tracking, technically necessary cookie. According to Cloudflare, no profiling or cross-site tracking takes place. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in preventing abusive use of the contact form. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Cloudflare. Where Cloudflare otherwise uses technically necessary cookies, these serve solely the secure, functional provision of the website.

4.7 Data transfers to the USA

With Google Analytics, Google Ads and Google Tag Manager (Google LLC), the LinkedIn Insight Tag (LinkedIn Corporation/Microsoft) and Cloudflare Web Analytics (Cloudflare, Inc.), personal data may be transferred to the USA. The named US recipients are certified under the EU-US Data Privacy Framework; transfers take place on the basis of the European Commission's adequacy decision of 10 July 2023 (Art. 45 GDPR) and, additionally, on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR). Despite these safeguards, access by US authorities cannot be entirely ruled out.

5. Contact by Email

If you contact us by email, we process the personal data you provide, in particular your email address, your name, your message and, where applicable, any additional information you voluntarily provide.

The purpose of the processing is to handle and respond to your inquiry.

The legal basis is Art. 6(1)(b) GDPR, insofar as your inquiry relates to the conclusion or performance of a contract. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of incoming inquiries.

The data will be deleted once your inquiry has been finally processed, unless statutory retention obligations prevent deletion.

6. Contact Form

When you use the contact form on this website, we process the personal data you provide. In particular, we process the mandatory fields first name, last name and email address as well as your consent to this Privacy Policy, and – where you provide them voluntarily – your phone number and the content of your message. In addition, for security purposes, your IP address and the time of submission are processed where this is necessary to prevent abusive requests.

The purpose of the processing is to handle and respond to your inquiry and to secure the transmission process.

The legal basis is Art. 6(1)(b) GDPR, insofar as your inquiry relates to the conclusion or performance of a contract. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of incoming inquiries and in protecting the contact form against automated abuse.

For the email delivery of form submissions to us, we use the service Mailjet operated by Sinch Email France SAS, 4 rue Jules Lefebvre, 75009 Paris, France. Mailjet operates its infrastructure within the European Union; as a rule, no transfer of personal data to third countries takes place in the context of contact form delivery. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Mailjet.

Data submitted via the contact form is stored in our email inbox and deleted once your inquiry has been finally processed, unless statutory retention obligations prevent deletion.

7. External Fonts and External Content

According to the current status, no fonts from Google Fonts, Adobe Fonts or comparable external providers are loaded on this website. Fonts and static content are provided locally or via the website itself.

The analytics and marketing services we use, and their legal bases, are described in section 4.

If external content or services are integrated in the future, this Privacy Policy will be updated accordingly.

8. Recipients of Personal Data

Personal data is only disclosed to recipients where this is necessary for the operation of the website, the handling of your inquiry or the fulfilment of legal obligations.

Possible recipients include in particular:

• Hosting and CDN service providers (Cloudflare, Inc.)
• Bot and spam protection for the contact form (Cloudflare Turnstile)
• Email delivery service for the contact form (Sinch Email France SAS / Mailjet)
• Analytics provider (Google Ireland Ltd. / Google LLC – Google Analytics, Google Tag Manager)
• Marketing services (Google Ireland Ltd. / Google LLC – Google Ads; LinkedIn Ireland Unlimited Company / Microsoft – LinkedIn Insight Tag)
• Technical IT service providers
• Email providers, if you contact us by email
• Authorities or other bodies, where there is a legal obligation

9. Storage Period

We store personal data only for as long as necessary for the respective purposes or for as long as statutory retention obligations apply.

Technical data processed in connection with the operation of the website is stored only for as long as necessary for security, error analysis and website operation.

Email inquiries are deleted after final processing, unless statutory retention obligations or legitimate interests in further storage apply.

10. Your Rights

Subject to the statutory requirements, you have the following rights:

• Right of access to the data stored about you
• Right to rectification of inaccurate data
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent granted with effect for the future

If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority.

For North Rhine-Westphalia, the competent authority is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia Kavalleriestraße 2–4 40213 Düsseldorf Germany

Email: [email protected]

11. No Automated Decision-Making

Automated decision-making, including profiling, does not take place on this website.

12. Updates to this Privacy Policy

We reserve the right to update this Privacy Policy if technical, legal or organizational changes occur.

Status: May 2026 (update: contact form and bot protection activated)