top of page

Privacy Policy

Introduction

With the following privacy policy, cybterra GbR (hereinafter referred to as ‘cybterra or ‘the Controller’) would like to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes,  and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). The company accepts the contents of this Policy as binding upon itself and undertakes to ensure that all data processing pursued by it will comply with the requirements of this Policy and the applicable legislation. The third parties working with or for cybterra who have or may have access to personal data are expected to have read and understood this Policy and to comply with it. 

Status: October 31, 2025

Table of Contents

  • Introduction

  • Responsible Party 

  • Overview of Processing 

  • Relevant Legal Bases 

  • Security Measures 

  • Provision of the Website

  • Transfer of Personal Data. International Data Transfers 

  • General Information on Data Storage and Deletion 

  • Rights of Data Subjects 

  • Contact and inquiry management

Responsible Party

cybterra GbR

Vertretungsberechtigte Personen: Eduard Schumacher, Denis Friedrich

E-Mail-Adresse: info@cybterra.com

Overview of Processing

cybterra may process the following information in order to respond to requests submitted through the Website/via email: 

  • full name;

  • (business) email address; 

  • any other information included in the enquiry / request,

 

The personal data provided will be used for the purposes of processing and responding to received requests based on the following legitimate interests of the Controller:

  • to clarify, provide additional information and respond to questions about its services/solutions and the information available on its Website;

  • to improve the quality of its services and facilitate business to client communication. 

​

Whenever a question/request concerns contract related issues, the data processing will be performed on the basis that it is necessary for the performance of a contract with an existing client or in order to take steps at the request of a potential client prior to entering into a contract with them.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy. 

Consent (Art. 6 (1) (a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes. 

Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 

Legal obligation (Art. 6(1)(c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject. 

Legitimate interests (Art. 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

​

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transfer, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply. 

Security Measures

In accordance with legal requirements, we take appropriate technical and organizational measures to ensure an appropriate level of data protection. 
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling electronic access to the data as well as access, storage, transfer, and separation. We use only secure communication channels in order to transfer information. Furthermore, we have established data handling procedures to ensure that the rights of data subjects are exercised.

Provision of the Website

The Controller may employ tools and cookies to administer the Website, to enable the access to the Website and to ensure its stability and security. Furthermore, such processing serves the statistical analysis and to tailor its content according to users’ preferences. 

​

With each visit to the Website, cybterra may automatically collect information that your browser transmits to us. This information may also be stored in cybterra’s system's log files. The following data may be collected:

​

  • The browser software you use, as well as its version and language.

  • The operating system you use.

  • The subpages of the Website you visit.

  • The date and time of your visit to our website.

  • Transferred data volume.

  • The country (but not the precise location) from which you accessed the Website.

  • The duration of your stay on the Website.

​

When such processing is not essential for the proper functioning of the Website, the Controller only stores cookies on  your device and/or tracks them after having obtained your consent.

​

The processing is necessary to safeguard the predominant legitimate interests of the data controller (Art. 6 para. 1 lit. f GDPR). For more information on the tools and cookies used on the Website, including any data sharing taking place in this regard, please refer to the Website cookie banner, available here.

​

The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of emails (e.g., the providers involved) and the contents of the respective emails, are processed. As a rule, emails are encrypted during transmission and as a data at rest. cybterra does not accept any responsibility for the transmission of emails between the sender and the recipient on our server; legal basis: legitimate interests (Art. 6 (1) (f) GDPR). 

Transfer of Personal Data. International Data Transfers  

As part of our processing of personal data, cybterra may use third parties to support certain activities in the course of our business. Personal data are disclosed to third parties only with enough guarantees to ensure an adequate level of protection and the existence of a legal basis and / or good reason for this. Where this is legal and / or necessary, data may be access by specific recipients, such as:

​

  • central and local regulatory authorities that have the power to receive / request information;

  • crime prevention and detection authorities and regulatory authorities that have the power to request information;

  • judicial authorities in the manner and conditions provided for by national law;

  • banks and banking institutions, in connection with the administration of payments;

  • lawyers, professional consultants, accounting service providers and auditors.

  • service providers for the purposes of providing and maintaining software products for the implementation of certain internal processes, storage, exchange and tracking of information. 

​

Product/Service: WIX Analytics Tools, WIX hosting

Company: Wix.com Ltd. 

Privacy Policy: https://www.wix.com/about/privacy

Process: Web analytics services that allow us to display the right website to the user and analyze some website metrics 

​

In connection with some of the above processes and services, some of your data may be transferred outside the European Union / European Economic Area. The transfer of such personal data takes place only with appropriate guarantees to ensure an adequate level of protection and compliance with all provisions of the applicable legislation regarding the transfer. For example, an official decision made by the European Commission that a third country, a territory or one or more specified sectors within that third country or the international organisation ensures an adequate level of data protection. Also, adherence to the standard contractual clauses approved by the European Commission provides such safeguards.

General Information on Data Storage and Deletion 

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data. 

​

The data are stored until the expiration of the terms specified in the applicable German legislation. For example:

​

  • invoices and financial documents: according to the terms under §147 (3) German Fiscal Code (Abgabenordnung);

  • relevant accounting and commercial information: according to the terms of §257 of the German Commercial Code (Handelsgesetzbuch);

  • other documents - up to 5 years from the provision of the service / termination of the relationship, in accordance with the statutory limitation period for possible claims under our contract.

  • in the event of a dispute, the data may be processed for the period necessary for the establishment, exercise of or defense from complaints and legal claims.​

​

The data is processed until the consultancy has been executed / the request has been administered and for an additional period of no more than 6 months unless further retention is necessary for the establishment, exercise or defence of legal claims.

​

In the case of data collected for the provision of the website, this occurs when the respective session ends. Log files are deleted after 30 days.

​

Rights of Data Subjects 

At any time while the Controller owns or processes their personal data, data subjects have the following rights:​

​

1. Right to information

Data subjects have the right to be informed about the collection and use of their personal data which this Privacy Policy is aimed at.

 

2.  Right of access

Upon request by a data subject, the Controller shall disclose whether their personal data is being processed, either directly or by processors acting under its instructions. The information provided will include:

  • the categories of data being processed,

  • the source of the data,

  • the purposes, legal basis, and duration of processing,

  • details of the processor and its processing activities,

  • the circumstances and consequences of any personal data breach, along with measures taken to remedy it, and

  • where data is transferred, the legal basis for such transfer and the identity of the recipient.

This information will be supplied free of charge unless the request is manifestly unfounded or excessive, in which case a fee may be imposed.

​

3. Right to rectification

The data subject shall have the right to request the rectification or updating of personal data concerning them where such data are incomplete, inaccurate, inappropriate, or obsolete. The Controller is obliged to inform both the data subject and any recipients to whom the data have been disclosed of the rectification. Such notification may be dispensed with where it is demonstrated to be impossible or would entail a disproportionate effort.

​

4. Right to erasure

Personal data shall be subject to erasure where:

  • the processing has been carried out unlawfully;

  • the data are no longer required for the purposes for which they were originally collected or otherwise processed;

  • the data subject withdraws consent, where processing was based on such consent, and no other legal ground exists for the continuation of processing;

  • the data subject, on grounds relating to their particular situation, objects to processing carried out on the basis of the Controller’s legitimate interests, and no overriding legitimate grounds justify the processing;

  • the statutory retention period prescribed under applicable legislation has expired; or

  • erasure has been ordered by a court of law or the competent supervisory authority.

 

Notwithstanding the foregoing, the Controller may retain personal data in any of the above circumstances where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

 

The Controller shall notify the data subject, as well as any recipients to whom the personal data have been disclosed, of any rectification undertaken. Such notification may be dispensed with where it is demonstrated to be impossible or would involve disproportionate effort.​

​

5. Right to restriction

Instead of erasing the personal data, the Controller may impose a restriction on its processing where:

  • the data subject so requests, or contests the accuracy of the personal data, for a period sufficient to enable the Controller to verify such accuracy;

  • the processing is unlawful, yet the data subject opposes erasure and instead requests restriction of processing;

  • the Controller no longer requires the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;

  • the data subject has objected to the processing of their personal data for direct marketing purposes; or

  • verification is pending as to whether the Controller’s legitimate interests override those of the data subject.

Where processing is restricted, personal data may be processed solely to the extent that the grounds preventing their erasure continue to subsist.

The Controller shall notify the data subject and any recipients to whom the personal data have been disclosed of the restriction of processing. Such notification may be dispensed with where it is demonstrated to be impossible or would entail disproportionate effort.​​

​

6. Right to object

On grounds relating to their particular situation, data subjects have the right to object to the processing of personal data performed on the basis of the legitimate interest of the Controller or to the processing for direct marketing purposes. In the latter case, the Controller should suspend such processing immediately upon receiving the objection, without undue delay.​

​

7. Right to object to automatic decision-making, including profiling

Data subjects retain the right, on grounds connected to their particular circumstances, to object to the processing of their personal data where such processing is carried out on the basis of the Controller’s legitimate interests, or where it is undertaken for direct marketing purposes. In the case of objections to direct marketing, the Controller shall cease such processing promptly upon receipt of the objection, without undue delay.

​​​​

8. Right to data portability

Data subjects shall have the right to request that the Controller furnish them with the personal data held concerning them, in a structured, commonly used, and machine‑readable format. This right applies where the Controller processes such data on the basis of the data subject’s consent or a contractual relationship, and where the processing is performed by automated means.​

​

9. Right to withdraw consent for processing

Where the Controller processes personal data on the basis of the data subject’s consent, the data subject shall have the right to withdraw such consent at any time, free of charge. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to its withdrawal.

​​​​

10. Remedies in case of violations of data subject rights

If data subjects consider that their privacy and data protection rights have been violated, they may:

​

  1. lodge a formal complaint with the respective supervisory authority. The contact details of the BBDI are, as follows:

​

​​​

   2. take legal action before a court to appeal the actions/decisions of the BBDI (after having previously lodged a complaint with the BBDI);

   3. bring a legal action in court against the Controller and claim compensation for any damages incurred as a result of the processing of personal data carried out by the Controller.

Contact and inquiry management

In order to exercise any of their rights or obtain more information about the protection of their personal data, data subjects may contact the Controller by email (at the Controller’s contact details indicated above in the beginning of this Statement). The Controller may ask data subjects to provide additional information that may be needed to verify their identity.

The Controller responds to any requests related to data subjects’ rights as soon as possible in the form in which the request was made, but in any case, no later than within 30 days from its filing. 

​

When you contact us via our contact form, by email, or through other means of communication, we process the personal data you provide in order to respond to and process your request. This usually includes information such as your name, contact details, and, if applicable, other information that you provide to us and that is necessary for proper processing. We use this data exclusively for the stated purpose of establishing contact and communication; legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR). 

bottom of page