Privacy Policy
Last updated: January 2025
1. Overview
This notice explains what personal data we process when you use this website, why we do so, and which rights you have. Personal data is any information that can identify you.
Who is responsible?
Vondos GmbH, Deisterstraße 20, 31785 Hameln, Germany
Phone: +49 5151 9818339
Email: [email protected]
Register court: Amtsgericht Hannover, HRB 206395
VAT ID: DE274835149
Managing directors: Fabian Simon, Dennis van der Zwaag
2. Hosting
The site is hosted by an external provider. All data collected via the website is stored on the hoster’s servers. Processing is based on Art. 6(1)(b) GDPR (contract initiation/fulfilment) and Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision).
3. Data security
We use TLS encryption for transport security. You can recognize an encrypted connection by the lock icon in your browser and the “https://” address line.
4. What data is collected?
Server log files
When you access the site, we automatically process browser type/version, operating system, referrer URL, host name, time of request and IP address. This is necessary to deliver the site and secure operations (Art. 6(1)(f) GDPR). Logs are kept for up to 7 days then deleted.
Contact form
If you submit the contact form, we process the details you provide (e.g. name, email, message) to handle your request (Art. 6(1)(b) GDPR if contractual; otherwise Art. 6(1)(f) GDPR legitimate interest in responding). Data is retained until the purpose ceases or you request deletion, unless legal retention periods apply.
Spam protection
To prevent abuse we use honeypot fields, a simple math captcha, minimum time-to-submit (3s), and rate limiting. Technical markers (e.g. timestamps, captcha token) are used only to detect spam and are not shared with third parties. We also set a short-lived session ID cookie (24h) to throttle repeated submissions (Art. 6(1)(f) GDPR).
5. Your rights
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing based on Art. 6(1)(e/f) GDPR (Art. 21 GDPR)
- Withdraw consent at any time with effect for the future
- Right to lodge a complaint with a supervisory authority
To exercise your rights, contact us using the details above. For supervisory authorities in Germany see: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.