Skip to content
Heistermann Solutions Logo

Privacy Policy

In case of conflict, the German version of this privacy policy prevails.

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Simon Maximilian Heistermann
operating as Heistermann Solutions

Email: simon@heistermann-solutions.de

2. Data Protection Officer

We are not legally required to appoint a data protection officer. For data protection inquiries, please contact us at the address above.

3. Data Collection

3.1 Contact Form

When you use our contact form, we collect the following data:

  • Name
  • Email address
  • Company (optional)
  • Desired service
  • Message

3.2 Project Configurator

When you use our project configurator, we additionally collect information about project type, budget, timeline, and project description. This data is used exclusively for creating an individual proposal and is stored together with your contact details.

3.3 Call Booking (Cal.com)

We use Cal.com for scheduling consultations. When you book a call, your name, email address, and preferred time slot are transmitted to Cal.com. Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures). For more information, see the Cal.com Privacy Policy at https://cal.com/privacy.

3.4 Technical Data (Server Logs)

When you visit our website, the following technical data is automatically collected:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Timestamp of access

3.5 Email Contact

If you contact us by email, your email address, message content, and any attachments will be stored and processed for the purpose of handling your request. We will not share this data without your consent.

3.6 Web Analytics (Google Analytics 4)

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics is only activated after you have given your explicit consent via our cookie banner (opt-in). We use Google Analytics with IP anonymization enabled, so your IP address is truncated within the EU/EEA before transmission.

The following data is collected when consent is granted:

  • Page views and time on page
  • Device and browser information
  • Approximate location (based on anonymized IP address)
  • Referrer URL (how you arrived at our site)
  • Website interactions (clicks, scroll behavior)

We use Google Consent Mode v2. Without your consent, no analytics cookies are set and no data is transmitted to Google. You can withdraw your consent at any time via the cookie settings in the footer.

For more information about data protection at Google, see: https://policies.google.com/privacy

4. Purposes and Legal Basis

We process your personal data for the following purposes and on the following legal bases:

PurposeLegal Basis
Contact form / Project configuratorArt. 6(1)(b) GDPR (performance of pre-contractual measures)
Call booking via Cal.comArt. 6(1)(b) GDPR (performance of pre-contractual measures)
Server logs (technical data)Art. 6(1)(f) GDPR (legitimate interest in website security and stability)
Email communicationArt. 6(1)(b) GDPR (contract performance / pre-contractual measures)
Web analytics (Google Analytics 4)Art. 6(1)(a) GDPR (consent)

5. Processors and Third-Party Services

We use the following processors:

Vercel Inc.

USA (EU data processing, DPF certified)

Website hosting

IP address, technical access data

Supabase Inc.

USA (EU servers, SOC 2 Type II)

Database and backend for contact inquiries

Contact form data, project configurator data

Cal.com Inc.

USA (DPF certified)

Appointment booking system

Name, email address, appointment details

Resend Inc.

USA (DPF certified)

Email delivery (notifications for contact inquiries)

Email address, name, message content

Google Ireland Limited

Ireland / USA (DPF certified)

Web analytics (Google Analytics 4) - only with consent

Anonymized IP address, page views, device/browser information, interaction data

6. International Transfers

Some of our processors are based in the United States (Vercel, Supabase, Cal.com, Resend, Google). Data transfers to the USA are carried out on the basis of the EU-U.S. Data Privacy Framework (DPF) pursuant to Art. 45 GDPR or on the basis of Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework. All providers maintain appropriate data protection safeguards.

7. Cookies and Storage Technologies

This website uses cookies exclusively for Google Analytics and only after your explicit consent via our cookie banner.

On your first visit, a cookie banner is displayed where you can grant or deny your consent. Without your consent, no analytics cookies are set.

The following cookies are set by Google Analytics when consent is granted:

  • _ga - Distinguishes individual users (duration: 2 years)
  • _ga_<Measurement-ID> - Stores session status (duration: 2 years)
  • _gid - Distinguishes individual users (duration: 24 hours)

In addition, we use the local storage (localStorage) of your browser for the following purposes:

Local Storage (localStorage)

The following settings are stored locally in your browser:

  • hs-theme - Theme preference (dark/light mode)
  • hs-consent - Your cookie consent preferences (category, timestamp)
  • Language setting (German/English)

The localStorage data is not transmitted to servers and can be deleted at any time via your browser settings. Google Analytics cookies can be deleted via the cookie settings in the footer or through your browser settings.

8. Retention Periods

We store personal data only as long as necessary for the respective purpose or as required by statutory retention obligations:

DataDuration
Contact form data12 months after completion of the inquiry
Server logsApprox. 30 days
Cal.com bookingsAccording to Cal.com's retention policies
Business correspondence6 years (§ 257 HGB)
Invoices and tax-relevant documents10 years (§ 147 AO)
Google Analytics data26 months (default retention period in GA4)
Cookie consent (localStorage)Until withdrawal or deletion of browser data

9. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of access to your stored personal data (Art. 15 GDPR)
  • Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

To exercise your rights, please contact: simon@heistermann-solutions.de

10. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf
https://www.ldi.nrw.de

11. SSL/TLS Encryption

This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content, such as inquiries you send to us. You can recognize an encrypted connection by the "https://" prefix in your browser's address bar and the lock icon.

12. Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this page.

13. Severability

Should any provision of this privacy policy be or become invalid, the validity of the remaining provisions shall not be affected.

Last updated: March 2026

Imprint·Terms and Conditions
Available
Book Consultation