Privacy Policy
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy listed below.
2. Responsible Party
The party responsible for data processing on this website is:
Daniel Gläser
Gläser IT-Solutions
Georgstraße 46
09111 Chemnitz, Germany
Phone: +49 173 6807991
Email: hi@glaeser-it.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
3. Data Collection at a Glance
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the “Responsible Party” section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This could be data that you enter in a contact form, for example.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
4. Hosting and Content Delivery Network (CDN)
Cloudflare
We use the Content Delivery Network (CDN) from Cloudflare. The technical processing is carried out by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Contractual partner and point of contact for the European Economic Area is Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany; the EU representative under the GDPR is Cloudflare Ireland Ltd., 25-28 North Wall Quay, Dublin 1, Ireland (together “Cloudflare”). Cloudflare is used to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of globally distributed servers that can deliver content to website users in an optimized manner. For this purpose, personal data may be processed in Cloudflare's server log files.
Cloudflare is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR in not operating our own content delivery network.
You have the right to object to the processing. Whether the objection is successful must be determined through a balancing of interests.
For more information, see Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/
Cloudflare Turnstile
We use Cloudflare Turnstile on this website. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA; the contractual partner for the EEA is Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany.
Turnstile is used to check whether an input (e.g., in a contact form) is made by a human or by an automated program. For this purpose, Turnstile analyzes the behavior of the website visitor based on various characteristics. For technical reasons, the Turnstile script is loaded shortly before a protected form becomes visible in your browser; the analysis begins once the script has loaded.
Data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and spam.
Cloudflare Turnstile does not store cookies in your browser. Cloudflare has implemented compliance measures for international data transfers based on EU Standard Contractual Clauses (SCCs). Cloudflare is also certified under the EU-US Data Privacy Framework.
Online Appointment Booking (Cal.com)
We use Cal.com on this website for online appointment booking. The provider is Cal.com, Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. For use in the EU, we use the EU-hosted version at cal.eu.
Loading notice:The Cal.com script is only loaded when you actively click on the “Book appointment” button. Without this active action, no data is transmitted to Cal.com; the connection to Cal.com is only established once you click.
When you book an appointment via Cal.com, the following data is collected and processed:
- Name and email address
- Selected appointment and time zone
- IP address and browser information
- Any additional information you may provide
Data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance or pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient appointment management).
Cal.com has implemented compliance measures for international data transfers based on EU Standard Contractual Clauses (SCCs).
For more information about data protection at Cal.com, please visit: https://cal.com/privacy
5. General Information and Mandatory Information
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Advertising Emails
The use of contact data published within the framework of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
Recipients of Personal Data
As part of our business activities, we only disclose your personal data if this is necessary for contract performance, we are legally obligated to do so, or you have given your consent. Recipients or categories of recipients of your personal data may in particular include:
- Processors (e.g., hosting providers, email service providers, ticketing systems) – see the respective sections of this privacy policy
- Tax advisors and accounting services for the fulfillment of legal retention and bookkeeping obligations
- Lawyers and courts for the pursuit or defense of legal claims
- Our professional liability insurer (Hiscox SA, Luxembourg) in the event of a claim, for the review and processing of liability claims
- Authorities and public bodies to the extent we are legally required to do so (e.g., tax authorities, social insurance carriers)
No data is transmitted to third parties for purposes other than those mentioned. The legal basis for disclosure depends on the specific case and is Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. c GDPR (legal obligation), or Art. 6 para. 1 lit. f GDPR (legitimate interests, in particular for the assertion, exercise, or defense of legal claims).
Note on Data Transfer to the USA and Other Third Countries
We use certain services from providers based in the USA. An adequacy decision of the European Commission exists for the USA (EU-US Data Privacy Framework, DPF). Personal data may be transferred to companies certified under the DPF on the basis of Art. 45 GDPR. Where a provider is not certified, or not certified for all of its services, we additionally base the transfer on EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR). The applicable safeguards are stated for each individual service in this privacy policy.
Irrespective of this, access by US authorities to data processed in the USA cannot be completely ruled out. We therefore select our providers carefully and use EU server locations where possible (e.g., Atlassian EU data residency, Resend EU region, sevDesk in Germany).
Automated Decision-Making
Automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR does not take place.
6. Data Collection on This Website
Cookies
This website uses two types of cookies: technically necessary cookies that are required for the operation of the website and do not require consent (§ 25 para. 2 no. 2 TDDDG, the German implementation of the ePrivacy Directive), and consent-based cookies for analytics and marketing purposes (Google Analytics 4 and Google Ads, e.g. cookies named _ga, _gid, _gat, _gcl, and IDE). Consent-based cookies are only set if you have agreed to them via our cookie banner (§ 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR); for details, see section 7 of this privacy policy.
NEXT_LOCALE: This cookie stores your language preference (German or English) so that the website is displayed in your chosen language. The cookie does not contain any personal data, is used solely for the functionality of the website, and is deleted no later than the end of your browser session (session cookie).
_cfuvid: This cookie is set by Cloudflare and serves the security of our website. It enables the Cloudflare Web Application Firewall (WAF) to distinguish individual visitors who share the same IP address (e.g., when using a shared network). The cookie is a session cookie and is automatically deleted at the end of your browser session. It only contains a randomly generated ID and does not collect any additional information from your browser. Its use is based on our legitimate interest in protecting our website from abusive access and attacks (Art. 6 para. 1 lit. f GDPR).
Local storage (localStorage):To store your design preference (light or dark color scheme), the website places the entry “theme” in your browser's local storage. The entry does not contain any personal data, is technically required for the presentation you have chosen (§ 25 para. 2 no. 2 TDDDG), and remains in your browser until you delete it.
Legal basis: The use of technically necessary cookies and comparable storage techniques is based on our legitimate interest in a technically flawless and optimized provision of our website (Art. 6 para. 1 lit. f GDPR).
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website - for this purpose, the server log files must be recorded.
The server log files are retained only for as long as is necessary for the security and error analysis of the operation and are continuously overwritten or deleted as part of automatic log rotation. Longer retention only takes place where a specific security incident requires it.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. For product-related inquiries (e.g., regarding managed service or archiving packages), we additionally process the technical parameters you provide in the form (such as the number of mailboxes or devices, systems in use) in order to prepare a suitable offer for you. We will not share this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. You are neither legally nor contractually required to provide your data; however, without the information needed for processing, we cannot handle your inquiry.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions - especially retention periods - remain unaffected.
Support Portal and Ticket System (Jira Service Management)
For processing support requests, we use the ticket system Jira Service Management. The provider is Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia, and for the European region Atlassian B.V., c/o Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, USA.
When you submit a request via our support form, the following data is collected and processed:
- Name and email address
- Company (optional)
- Phone number (optional)
- Type of request (support type and category)
- Subject and description of the request
- Priority of the request
- IP address and time of the request
Server location:We use Atlassian Cloud's EU data residency. Data is stored on Amazon Web Services (AWS) servers in the EU (Frankfurt and Dublin).
Legal basis: Processing is based on Art. 6 para. 1 lit. b GDPR (contract performance or pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient processing of support requests).
Data processing: A Data Processing Addendum pursuant to Art. 28 GDPR exists with Atlassian, which includes EU Standard Contractual Clauses (SCCs). Atlassian is certified according to ISO 27001, ISO 27018, and SOC 2.
Retention period: Support tickets are stored for the duration of processing and for a reasonable period for documentation and quality assurance purposes. Data is deleted no later than 36 months after ticket closure, unless legal retention obligations apply.
For more information about data protection at Atlassian, please visit: https://www.atlassian.com/legal/privacy-policy and for the Data Processing Addendum: https://www.atlassian.com/legal/data-processing-addendum
Email Delivery via Resend
We use Resend for sending emails from the contact form and for transactional business emails. The provider is Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA.
When you use the contact form, your entered data (name, email address, phone number if provided, and message) is transmitted via Resend's servers to deliver the email to us.
Server location:We use Resend's EU region (Ireland, eu-west-1) for email delivery. Email processing therefore takes place on servers within the European Union.
Data processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable email delivery). Resend processes the data on our behalf and is contractually obligated pursuant to Art. 28 GDPR to process the data only according to our instructions. Resend has published a Data Processing Addendum (DPA) including EU Standard Contractual Clauses.
For more information about data protection at Resend, please visit: https://resend.com/legal/privacy-policy
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data sent to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - especially statutory retention periods - remain unaffected.
Digital Business Card in Email Signatures (HiHello)
We use the service HiHello for digital business cards in our business email signatures. The provider is HiHello, Inc., 927 Industrial Ave, Palo Alto, CA 94303, USA.
Our email signatures contain a link to our digital business card on HiHello. Only when you actively click this link will you be redirected to the HiHello website. No data is transferred to HiHello before you click. When the digital business card is loaded, the following data may be collected by HiHello:
- IP address
- Browser type and version
- Operating system
- Date and time of access
- Referrer URL
- General location (city/region, derived from IP address)
Tracking notice: According to its own statements, HiHello may use web beacons (tracking pixels) and tracking links to generate statistics about views of the digital business card and, where applicable, about email opens. The exact functional scope depends on the specific product version and settings in use. We have no direct control over the content and scope of the processing carried out by HiHello.
Legal basis: The inclusion of the link in our email signatures is based on our legitimate interest in professional business communication and efficient contact exchange (Art. 6 para. 1 lit. f GDPR). Data processing by HiHello after the link is opened or any tracking pixels are triggered is carried out under the responsibility of HiHello as an independent controller.
Right to object and opt-out options: You can object to the data processing in connection with HiHello by (a) not clicking the link in our signature, (b) blocking external images in your email client (which prevents any tracking pixels from loading) or (c) informing us informally that you wish to receive our business emails without the HiHello link in the signature. In that case, we will send future emails to your address with a purely textual signature, without integrating the digital business card.
Data transfer to the USA: HiHello is based in the USA. HiHello is certified under the EU-US Data Privacy Framework and has appointed an EU representative (Lionheart Squared (Europe) Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, Ireland). EU Standard Contractual Clauses (SCCs) are also used as a safeguard for international data transfers. HiHello states that it does not sell data and uses encryption for transmission and storage.
Cookies: According to its own statements, HiHello only sets cookies on the domains hihello.com and hihello.me.
For more information about data protection at HiHello, please visit: https://hihello.com/legal/privacy
7. Analytics and Tracking Services
Cookie Consent Management (vanilla-cookieconsent)
This website uses the open-source tool vanilla-cookieconsent to manage your cookie consents in compliance with the GDPR.
Stored data: The tool sets a cookie named cc_cookie that stores your consent preferences (which cookie categories you have accepted or rejected). This cookie does not contain any personal data and has a lifetime of six months (182 days).
Proof of consent: To document given consents (Art. 7 para. 1 GDPR), we log the time and content of your selection on the server side. This logging takes place without your IP address and without any other identifying characteristics.
Legal basis: The use of the consent management tool is based on Art. 6 para. 1 lit. c GDPR (legal obligation to obtain and document consent pursuant to Art. 7 GDPR).
You can access and change your cookie preferences at any time via the “Cookie Settings” link in the footer of this website.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tag management system that allows us to centrally manage and integrate website tags (e.g., for analytics or marketing services).
Important note: Google Tag Manager itself does not set cookies. When the GTM script is loaded, your IP address is necessarily transmitted to Google for technical reasons. The GTM serves as a technical management tool for other tags and is only loaded after your consent. Prior to your consent, neither the GTM script nor any third-party tools are activated.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Google Analytics 4
This website uses Google Analytics 4 (GA4). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Google Analytics enables us to analyze how our website is used in order to continuously improve our services. Pseudonymized usage data (e.g., page views, session duration, interaction events) is collected for this purpose. IP anonymization is enabled, meaning your IP address is truncated before storage.
Retention period: Collected data is stored for 14 months and then automatically deleted.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent). Google Analytics is only activated after your explicit consent via our cookie consent banner.
Opt-out: You can revoke your consent at any time by adjusting your cookie settings via the corresponding link in the footer of this website.
Google Ads Conversion Tracking
This website uses Google Ads Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Conversion tracking allows us to measure the effectiveness of our Google advertising campaigns. If you reach our website via a Google ad and subsequently submit the contact form, this is recorded as a conversion.
Enhanced Conversions:We use the “Enhanced Conversions” feature. Your email address provided during contact is hashed locally (SHA-256) before being transmitted to Google. Google matches this hash against hashed data from Google accounts to more accurately attribute conversions.
Retention period: Conversion data is stored for 90 days.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent). Google Ads Conversion Tracking is only activated after your explicit consent.
Data Processing Agreement (Google)
For the Google services mentioned above (Google Analytics 4, Google Ads), we have concluded a data processing agreement with Google Ireland Limited pursuant to Art. 28 GDPR. Google processes the data on our behalf and is contractually obligated to process the data only in accordance with our instructions.
International data transfer: Google may transfer data to the USA. EU Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c GDPR serve as the guarantee for this transfer. Additionally, Google participates in the EU-US Data Privacy Framework and is certified accordingly.
For more information, please see Google's privacy policy: https://policies.google.com/privacy
8. Customer Data and Invoicing
Accounting (sevDesk)
For accounting and invoicing, we use the cloud-based accounting software sevDesk. The provider is sevDesk GmbH, Im unteren Angel 1, 77652 Offenburg, Germany.
As part of a business relationship, the following customer data is processed in sevDesk:
- Name and address
- Email address and phone number (if applicable)
- Invoice and payment data
- Service descriptions
Server location: Data is stored on servers in Germany (AWS Frankfurt).
Data processing is based on Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. c GDPR (fulfillment of legal obligations, particularly tax and commercial law retention requirements). A data processing agreement pursuant to Art. 28 GDPR exists with sevDesk. sevDesk is GoBD-compliant and, according to the provider, GDPR-compliant.
Retention period: Accounting-relevant data is stored in accordance with statutory retention periods: 8 years for accounting vouchers (§ 147 para. 3 of the German Fiscal Code, AO, as amended with effect from 2025), 10 years for books, records, and annual financial statements (§ 147 AO), and 6 years for commercial correspondence (§ 257 of the German Commercial Code, HGB). Data is deleted after expiration of these periods.
For more information about data protection at sevDesk, please visit: https://sevdesk.de/datenschutz/
9. Your Rights
You have the following rights with regard to personal data concerning you:
- Right to Information (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed.
- Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data concerning you.
- Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of personal data concerning you.
- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.
- Right to Object (Art. 21 GDPR): You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation.
- Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent (Art. 7 para. 3 GDPR): You have the right to withdraw consent once given to us at any time.
Notice of Your Right to Object (Art. 21 GDPR)
Where we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. Where your data is processed for direct marketing purposes, you may object to such processing at any time; your data will then no longer be used for direct marketing (Art. 21 para. 2 GDPR). An informal message to hi@glaeser-it.com is sufficient to object.
You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The supervisory authority responsible for us is:
Die Sächsische Datenschutz- und Transparenzbeauftragte (Saxon Commissioner for Data Protection and Transparency)
Devrientstraße 5
01067 Dresden, Germany
10. Currency and Changes to This Privacy Policy
This privacy policy is currently valid and has the status of July 2026.
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website under “Privacy Policy”.