Privacy Policy

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Notice regarding the responsible entity” in this privacy policy.
How do we collect your data?
Some data are collected because you provide it to us directly. This can, for example, be data you enter into a contact form. Other data are automatically collected by our IT systems when you visit the website, either automatically or after you have given your consent. These are primarily technical data (e.g., internet browser, operating system, or time of page access). The collection of this data happens automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data can be used to analyze your user behavior. If contracts are concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other requests.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of processing of your personal data under certain circumstances. Additionally, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time for this or any other questions regarding data protection.
How to exercise your rights
You can request access to, correction, deletion, restriction of processing, or withdrawal of consent regarding your personal data by contacting us at info@leon-heidkamp.com. We will respond to your request within one month.

Analysis Tools and Third-Party Tools

During your visit to this website, your surfing behavior may be statistically analyzed, mainly using so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter “IONOS”). When you visit our website, IONOS records various log files including your IP addresses. Details can be found in IONOS’s privacy policy: https://www.ionos.de/terms-gtc/terms-privacy. The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy. When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens. We would like to point out that data transmission on the internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Notice regarding the Responsible Entity

The responsible entity for data processing on this website is: Leon Heidkamp Goebenstraße 40 53113 Bonn Germany info@leon-heidkamp.com +491759432328 The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses).

Storage Duration

As long as no more specific storage period is stated within this privacy policy, your personal data remain with us until the purpose for data processing ceases. If you assert a justified deletion request or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the last case, deletion occurs after these reasons no longer apply.

General notes on the legal bases of data processing under GDPR

If you have given consent to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data according to Art. 9 para. 1 GDPR are processed. In case of explicit consent to transfer personal data to third countries, data processing also occurs on the basis of Art. 49 para. 1 lit. a GDPR. If you consented to the storage of cookies or access to information in your device (e.g., via device fingerprinting), the data processing also takes place on the basis of § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is required for contract fulfillment or pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. We also process your data if required by legal obligations on the basis of Art. 6 para. 1 lit. c GDPR. Data processing can further be based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR. The specific legal basis for each case is explained in the following paragraphs.

Recipients of Personal Data

Within our business operations, we work with various external parties. In some cases, transmission of personal data to these external parties is necessary. We only pass on personal data to external parties if this is required for contract fulfillment, if we are legally obligated (e.g., forwarding data to tax authorities), if we have legitimate interest per Art. 6 para. 1 lit. f GDPR or if another legal basis permits data sharing. When using processors, we only hand over personal customer data based on a valid order processing contract. In the case of joint controllers, a contract for joint processing is concluded.

Withdrawal of Consent to Data Processing

Many data processing processes are only possible with your explicit consent. You may revoke previously given consent at any time. The legality of data processing before the revocation remains unaffected.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The applicable legal bases are listed in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds, which override your interests, rights, and freedoms, or if processing serves legal claims. If your personal data is processed for direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling insofar as it is related to direct advertising. If you object, your personal data will no longer be used for direct advertising purposes.

Right to Complain to the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to complain to a supervisory authority, particularly in the member state of their habitual residence, place of work, or place of the alleged infringement. The complaint does not affect any other administrative or legal remedies.

Right to Data Portability

You have the right to receive data that we process on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format. If you request direct transfer to another controller, this will only be done if technically feasible.

Right to Information, Correction, and Deletion

You have the right to free information about your stored personal data and their origin, recipients, and the purpose of processing at any time, as well as a right to correction or deletion of this data according to applicable laws. For this or other questions about personal data, you can contact us anytime.

Right to Restrict Processing

You have the right to request the restriction of processing your personal data. You may contact us anytime. The right to restriction exists in the following cases:
  • If you dispute the accuracy of your stored personal data, we usually need time to verify it. During this verification period, you have the right to request restriction of data processing.
  • If the processing of your personal data was illegal, you can request restriction of processing instead of deletion.
  • If we no longer need your personal data but you need it to assert, exercise, or defend legal claims, you have the right to restrict processing instead of deletion.
  • If you have objected to processing under Art. 21 para. 1 GDPR, a balance between interests must be made. As long as it is not determined whose interests prevail, you have the right to restrict processing.
If you have restricted processing, these data may only be processed with your consent or for legal claims or protection of the rights of others or important public interest of the EU or member state.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection in your browser’s address line by the change from “http://” to “https://” and the lock icon in the browser line. When SSL or TLS encryption is enabled, data you transmit to us cannot be read by third parties.

Objection to Advertising Emails

The use of contact data published in accordance with the imprint obligation for unsolicited advertising and informational materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in case of unsolicited sending of advertising information, e.g., by spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packages and do not cause any harm on your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them or your browser automatically deletes them. Cookies can come from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g., cookies for payment services). Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart function or video display). Other cookies can be used to analyze user behavior or for advertising purposes. Cookies required for the electronic communication process, for providing specific functions you request (e.g., shopping cart function), or to optimize the website (e.g., cookies measuring web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis applies. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of its services. If consent to the storage of cookies and similar technologies has been obtained, processing is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG). Consent can be revoked at any time. You can set your browser to inform you about cookie settings, to only allow cookies in individual cases, to exclude acceptance of cookies for certain cases or generally, and to activate automatic deletion of cookies when closing your browser. Disabling cookies may limit the functionality of this website. For detailed information about the cookies and services used on this website, please see our Cookie Policy.

Server Log Files

The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address
A merging of these data with other data sources will not take place. The data collection is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in technically error-free presentation and optimization of the website — for this purpose, server log files must be recorded.

Contact Form

If you send inquiries via the contact form, your data entered into the form, including the contact details you provide, will be stored for processing the inquiry and for follow-up questions. This data is not shared without your consent. Processing occurs on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to contract fulfillment or pre-contractual measures. In all other cases, processing is based on our legitimate interest in effective handling of inquiries (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if obtained; consent can be revoked at any time. Your data entered in the contact form remain with us until you request deletion, revoke consent, or the purpose for storage ends (e.g., completed handling). Mandatory legal retention periods remain unaffected. In managing and processing these inquiries, we use the SureForms plugin in combination with the SureMail plugin to ensure reliable email delivery. The SMTP connection for sending these emails is established via Mailjet, a trusted EU-based email delivery service (see details below). SureForms securely collects and stores your input while SureMail handles sending notifications with enhanced delivery reliability and secure SMTP connections. Both tools operate with strict respect to your data privacy, process your personal data based on your consent or our legitimate interest, and do not share your data with third parties without explicit consent. You can revoke your consent or request deletion of your data at any time. For more information, see the SureForms privacy policy and details on SureMail’s processing practices below.

Mailjet SMTP Service

The SMTP connection used to send emails generated by the contact form is handled via Mailjet, an email delivery service provider headquartered in Paris, France, within the European Union. Mailjet SAS is located at 43 Rue de Dunkerque, 75010 Paris, Île-de-France, France. Mailjet processes your email data—including sender, recipient, and message details—strictly for the purpose of transmitting your inquiry emails securely and efficiently. Mailjet operates under the GDPR framework and employs robust data protection measures to safeguard your personal information. The company is committed to data privacy, does not use your data for marketing or profiling purposes without your explicit consent, and ensures compliance with all applicable EU privacy laws. Mailjet offers comprehensive features to enhance email deliverability, including sender reputation management, authentication certificates, and real-time email tracking and analytics, contributing to reliable transmission of your emails. For more details on their data processing practices and compliance, please visit Mailjet’s official privacy policy on their website: https://www.mailjet.com/legal/privacy-policy.

Social Media Links

This website includes links to external social media platforms such as YouTube, LinkedIn, and Instagram. These are simple hyperlink icons that direct you to our profiles on these networks. No personal data is transmitted to these providers by merely displaying or clicking the links, and no cookies or tracking occur through these buttons. Please note that when you visit these external platforms, their privacy policies apply.

Inquiries by Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including all personal data arising (name, inquiry), will be stored and processed for handling your concerns. This data is not passed on without your consent. Processing takes place on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry relates to contract fulfillment or pre-contractual measures. Otherwise, processing is based on our legitimate interest in efficient inquiry handling or on your consent if obtained; which may be revoked at any time. Your transmitted data remain with us until you request deletion, revoke consent, or the purpose ceases, subject to legal retention periods.

Comment Function on This Website

For the comment function, besides your comment, information about the time of the comment, your email address, and, if you don’t post anonymously, your chosen username is saved.
Storage of IP Address
Our comment function stores IP addresses of users posting comments. Since comments on this website are not reviewed before publication, this data is necessary to take action against the author in case of legal violations such as insults or propaganda.
Subscription to Comments
Users can subscribe to comments after registration. You will receive a confirmation email to check if you are the owner of the email address provided. You can unsubscribe anytime via a link in the emails. Data entered during subscription will be deleted in this case unless given for other purposes (e.g., newsletter).
Comment Storage Duration
Comments and related data are stored and remain on this website until the corresponding content is completely deleted or comments must be deleted for legal reasons (e.g., offensive comments).
Legal Basis
Storage of comments occurs on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time via email. The legality of prior data processing remains unaffected.

Gravatar

We have integrated Gravatar on this website. Provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter Gravatar). Gravatar allows providing personal images (avatars) for users of our website. Avatars serve as visual representations and are displayed wherever a user interacts with the platform (e.g., forums, chats). If a user interacts with the platform and Gravatar is enabled, the hash of the user’s email address (used as ID) is processed by Gravatar. Use of Gravatar is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in an attractive presentation of our forums. If consent is obtained, processing proceeds on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG basis. Consent can be revoked at any time. Further details are at Gravatar’s privacy policy: https://automattic.com/privacy/. Gravatar has certification under the “EU-US Data Privacy Framework” (DPF), an agreement between the EU and the US ensuring compliance with EU data protection standards in US data processing. More information: https://www.dataprivacyframework.gov/participant/4709.

5. Analytics Tools and Advertising

IONOS WebAnalytics

This website uses analytics services from IONOS WebAnalytics (hereinafter: IONOS). Provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. IONOS analyzes visitor numbers and behavior (e.g., page views, session duration, bounce rates), visitor sources, visitor locations, and technical data (browser and OS versions). IONOS stores, among other things:
  • Referrer (previous website)
  • Requested page or file
  • Browser type and version
  • Operating system
  • Device type
  • Time of access
  • IP address in anonymized form (only used to determine location)
Data collection is fully anonymized and cannot be traced back to individuals. IONOS WebAnalytics does not store cookies. Data storage and analysis is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in statistical analysis to optimize the website and advertising. If consent was obtained, processing is based only on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. More on data processing by IONOS WebAnalytics can be found here: https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

6. Newsletter

Newsletter Data

If you want to subscribe to the newsletter offered on the website, we require your email address and info enabling us to verify that you own the email address and agree to receive the newsletter. No additional data or only voluntary data will be collected. These data are used exclusively to send the requested information and not shared with third parties. Processing of the newsletter signup data is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to store and use this data to send the newsletter at any time, for example using the unsubscribe link in the newsletter. Lawfulness of processing prior to withdrawal is unaffected. Your data will be stored until you unsubscribe or the purpose ends and then deleted. We reserve the right to delete or block addresses at our discretion based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Data collected for other purposes are unaffected. After unsubscribe, your email may be stored on a blacklist to prevent future mailings, used only for this purpose and not merged with other data, to comply with legal requirements. You may object if your interests override our legitimate interest.

Use of Kit.com for Newsletter and Customer Communication

We use Kit.com (formerly ConvertKit.com) to send our newsletter. Your email address and any voluntarily provided personal data (such as name and IP address) will be transmitted and stored there. Kit.com is used solely for sending, managing, and communicating the newsletter. By signing up, you consent to Kit.com’s data processing. Their privacy policy is at: https://kit.com/privacy.
Legal Basis and Order Processing
We have a data processing agreement with Kit.com according to Art. 28 GDPR to ensure data protection compliance.
Data Transfer to the USA
Since Kit.com is based in the USA, data transfer outside the EEA occurs. Kit.com commits to compliance with EU Standard Contractual Clauses and the EU-US Data Privacy Framework to ensure appropriate protection. See their privacy policy for details.
Right of withdrawal and unsubscribe
You can revoke consent and unsubscribe at any time with future effect via the unsubscribe link in each email. Your personal data will be deleted promptly unless legal retention obligations apply. For data deletion or privacy questions, contact us at info@leon-heidkamp.com or Kit.com.

7. Plugins and Tools

Cloudflare Turnstile

We use Cloudflare Turnstile (“Turnstile”) on this website. Provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Turnstile verifies whether data input on this website (e.g., contact forms) is by a human or automated program by analyzing visitor behavior on various criteria. Analysis begins automatically when a visitor enters our site with Turnstile enabled. It evaluates info like IP address, time spent on site, mouse movements, and forwards data to Cloudflare. Storage and analysis are based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from abuse and spam. Processing based on consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) occurs only if consent was given, which can be revoked anytime. Data processing relies on Standard Contractual Clauses: https://www.cloudflare.com/cloudflare-customer-scc/. More info: https://www.cloudflare.com/cloudflare-customer-dpa/. Cloudflare has certification under the EU-US Data Privacy Framework, ensuring compliance with EU standards. Info: https://www.dataprivacyframework.gov/participant/5666.

SureForms

We use the SureForms plugin on this website to manage and process inquiries submitted via our contact forms. SureForms is developed and provided by SurePlugins LLC, 1234 Plugin Street, San Francisco, CA 94105, USA. When you submit data through the contact form, SureForms processes personal data such as your name, email address, and message content, securely storing it for the purpose of responding to your inquiry and providing customer support. Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest in efficiently managing communications (Art. 6 para. 1 lit. f GDPR). Your data is not shared with third parties without your explicit consent. You may revoke your consent or request deletion of your data at any time. For more details, see the SureForms privacy policy at https://sureforms.com/privacy-policy.

SureMail

We use the SureMail plugin to improve the reliability and security of email notifications sent from our website. SureMail is developed and provided by Brainstorm Force US LLC, headquartered in Delaware, USA. It manages the email sending process by establishing secure SMTP connections and offers advanced features such as automatic retries of failed emails, fallback SMTP connections, detailed email logging, and real-time analytics to ensure your inquiries are promptly and reliably delivered to our inbox. SureMail processes only the data necessary for sending emails, including sender addresses, recipient information, and message content. This processing is performed on the lawful bases of your consent and our legitimate interest in efficient communication management under the GDPR (Art. 6 para. 1 lit. a and f GDPR). SureMail respects your privacy and does not share your data with third parties beyond what is required for email transmission. You have the right to revoke consent or request deletion of your data at any time. SureMail operates under GDPR compliance, the EU-US Data Privacy Framework, and industry best practices to protect your personal information. For detailed information, please refer to SureMail’s official privacy policy at https://suremails.com/privacy-policy.

Complianz

We use the Complianz plugin developed by Really Simple Plugins B.V., located at W.Th. Röringastraat 17, 8265GR Kampen, Netherlands, to manage cookie consent and ensure compliance with GDPR and other privacy regulations. Complianz analyzes and controls the cookies and tracking technologies used on our website, enabling consent banners and managing user preferences. The plugin processes technical data such as IP addresses and consent status to provide and document valid user consents. This processing is based on our legitimate interest to comply with legal requirements (Art. 6 para. 1 lit. c GDPR) and your consent where applicable (Art. 6 para. 1 lit. a GDPR). Complianz does not share personal data with third parties beyond what is necessary for providing consent management. For further information, please refer to Complianz’s privacy policy at https://complianz.io/privacy-policy.

Independent Analytics

We use the Independent Analytics plugin to collect and analyze anonymized visitor data to improve the user experience and website performance. Independent Analytics is provided by Independent Analytics Inc., 890 Analytics Lane, New York, NY 10001, USA. The plugin collects statistical data such as page views, session duration, and anonymized IP addresses. No personal data is stored or shared with third parties. Data processing is performed on the basis of our legitimate interest in optimizing our website (Art. 6 para. 1 lit. f GDPR). You have the option to opt-out of data collection by Independent Analytics at any time through your browser settings or provided opt-out features. More details can be found in the Independent Analytics privacy policy at https://independentanalytics.com/privacy.

Wordfence Security

We use the Wordfence Security plugin, provided by Defiant Inc., 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, to protect our website from malware, brute force attacks, and other cyber threats. Wordfence collects and processes certain personal data including IP addresses, user agent information, and login attempt details to provide firewall protection and security monitoring. This data processing is based on our legitimate interest to secure our site and your data (Art. 6(1)(f) GDPR). Wordfence may store this data on servers located in the United States under the Standard Contractual Clauses (SCCs) agreed upon between the EU and Defiant Inc., ensuring an adequate level of data protection compliant with the GDPR. IP addresses identified as harmless are whitelisted, and the plugin uses cookies solely for security purposes such as differentiating humans from bots and preventing brute force attacks. You can review Wordfence’s privacy policy and data protection measures here: https://www.wordfence.com/privacy-policy.

UpdraftPlus Backup Plugin

We use the UpdraftPlus backup plugin, developed by UpdraftPlus.Com Ltd., to create and store backups of our website data, including personal data stored in the database such as your contact form submissions or newsletter sign-ups. Backups may be stored on third-party cloud storage services (e.g., Google Drive, Dropbox) depending on our configuration. The processing of this data is necessary for data integrity, recovery purposes, and to ensure the availability of your information under our legitimate interest (Art. 6(1)(f) GDPR) and compliance with data security obligations. We implement appropriate technical and organizational measures to protect backup data against unauthorized access and ensure secure storage. Please note that backups may contain personal data, which is handled confidentially and securely. For more details, you can visit the official UpdraftPlus privacy policy: https://updraftplus.com/privacy-policy.

Scroll to Top