Privacy Policy
This English translation is provided for convenience only. The German version is legally binding.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
2. Overview
This website is deliberately designed to be data-minimal: it sets no cookies, uses no analytics or tracking services and loads no content from third-party servers (e.g. external fonts, maps or embedded videos). Personal data is processed only to the technically necessary extent described below.
3. Hosting and server log files
This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server is located in a data centre in Germany. Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.
When you visit the website, the web server automatically processes information in so-called server log files which your browser transmits:
- IP address of the requesting device
- date and time of access
- requested page or file and the amount of data transferred
- browser type and version as well as operating system (user agent)
- referrer URL (previously visited page)
Processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the technical provision, stability and security of the website (e.g. defence against attacks). The log files are not merged with other data sources and are automatically deleted after 15 days at the latest.
4. TLS encryption
For security reasons, this website uses TLS encryption (recognisable by "https://" and the lock symbol in your browser's address bar). Data you transmit to us cannot be read by third parties.
5. Fonts
This website uses fonts that are stored locally on our own server (self-hosting). When you visit the website, no connection to servers of Google or other third parties is established and no data is transferred to third parties.
6. Local storage (localStorage / sessionStorage)
This website uses two types of browser-internal storage that remain exclusively on your device and contain no personal data:
- Language preference (localStorage, entry "scendo_lang"): If you switch the website language, your browser stores your choice persistently until you clear it.
- Intro animation (sessionStorage, entry "sc-splash"): On the first visit to the home page, a brief animated splash is shown. To display it only once per browser session, your browser stores an entry for the duration of that session. It is automatically deleted when you close the browser window or tab.
Both storage operations are technically necessary for the function you requested (§ 25 (2) no. 2 TDDDG) and therefore do not require consent. You can delete the entries at any time via your browser settings.
7. Report configurator and payment
As long as you are only filling in the configurator, your entries (e.g. name or brand, sources, email address) are processed exclusively locally in your browser. They are transmitted to us only once you actively start the order by clicking "Continue to payment", in order to process your order.
The following data are processed: the selected report type (brand or person) and any add-on options, your email address, the content and sources you provide, and your language setting. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures and performance of the contract).
Payment service provider (Stripe). Payment is handled by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. For this you are redirected to a payment page hosted by Stripe. You enter your payment details (e.g. card data) exclusively there; we neither collect nor store them. Stripe processes your email address and payment information to handle and secure the payment and is partly an independent controller for this purpose. For details see Stripe's privacy policy: stripe.com/privacy.
Further processing. After successful payment we transmit your order, TLS-encrypted, to a further server operated by us (hosted by Hetzner Online GmbH, Germany), on which the report is produced. The data are not passed on to any other third parties.
Retention. The order data on our servers are deleted at the latest 14 days after processing is completed. Payment records stored by Stripe are subject to statutory retention periods, in particular under tax and commercial law; the legal basis for this is Art. 6 (1) (c) GDPR.
8. Contact by email
If you contact us by email, your details (email address, content of the message) will be stored for the purpose of processing the enquiry and for possible follow-up questions. The legal basis is Art. 6 (1) (b) GDPR insofar as your enquiry relates to the performance of a contract or pre-contractual measures, and otherwise Art. 6 (1) (f) GDPR (legitimate interest in the effective handling of enquiries). We do not pass on these data without your consent. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and no statutory retention obligations apply.
9. Your rights
As a data subject, you have the following rights:
- access to your data stored by us (Art. 15 GDPR)
- rectification of inaccurate data (Art. 16 GDPR)
- erasure (Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- objection to processing based on Art. 6 (1) (f) GDPR (Art. 21 GDPR)
To exercise these rights, an informal email to the address given above is sufficient.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany, www.ldi.nrw.de.
10. Validity of this privacy policy
This privacy policy is currently valid (as of June 2026). Further development of the website or changes in legal requirements may make it necessary to amend this privacy policy. The current version can always be found on this page.