Data protection-

Status: October 2025

1. Responsible person

CCS42 GmbH

Dankwartsgrube 72—74

23552 Luebeck

Germany

Represented by the managing directors: Steffen Labitzke, Arne Knöchel

Contact:

Telephone: +49 174 404 44 94

Email: welcome@ccs42.com

Data protection officer: A data protection officer has not been appointed at present, as the legal requirements under Article 37 GDPR in conjunction with Section 38 BDSG do not exist. If you have any questions about data protection, please use the contact details above.

Competent supervisory authority:

Independent State Center for Data Protection Schleswig-Holstein (ULD)

Holstenstraße 98, 24103 Kiel, Germany

Telephone: +49 431 988‑1200

Email: mail@datenschutzzentrum.de
Web: https://www.datenschutzzentrum.de/

Register entry:

Commercial register: Lübeck District Court, HRB 26247 HL

2. Hosting (Webflow)

We host our website at Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (“Webflow”). When the website is accessed, Webflow processes server log files (e.g. IP address, date/time, user agent, referrer, requested URL) to ensure the security and stability of operations and to prevent misuse.

The legal basis is Art. 6 para. 1 lit. f DSGVO (legitimate interest in the secure provision of the website).

Webflow acts as an order processor; we have concluded an order processing contract with Webflow in accordance with Art. 28 GDPR.

Third-country transfer: A transfer to the USA may take place. The legal bases are the EU-US Data Privacy Framework (DPF) adequacy decision and, in addition, the standard contractual clauses (Art. 46 GDPR). For information about Webflow subprocessors, visit Webflow's subprocessor list.

The storage period of log files depends on security requirements and is regularly deleted as soon as the purpose no longer applies.

3. Contact via forms (Webflow Forms, IONOS, Outlook)

If you contact us via a web form, we process the data you enter (e.g. name, email address, message, telephone number, if applicable) to process your request and any follow-up questions.

The entered form data is first processed on Webflow servers and from there forwarded to our mailboxes via email via IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. We use the Outlook/Microsoft 365 email service (Microsoft Corporation, One Microsoft Way, Redmond, WA, USA; responsible for EU offers: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) to process and store incoming emails.

Order processing and recipients

  • There are order processing contracts with Webflow and IONOS in accordance with Art. 28 GDPR.
  • Microsoft 365 (Outlook/Exchange Online): Depending on the contract drafting, Microsoft is a contract processor/sub-processor. Microsoft has been operating the EU Data Boundary for Microsoft Cloud since 2025, which means that customer content, pseudonymized diagnostic data and support data are generally processed within the EU/EFTA. In strictly justified exceptional cases (e.g. to rectify faults), a transfer to a third country may be necessary; standard contractual clauses and additional protective measures are provided for this purpose.

Legal basis

  • Art. 6 para. 1 lit. b GDPR (pre-contract/contractual communication),
  • Art. 6 para. 1 lit. f DSGVO (our legitimate interest in efficient communication).

Third country transfer

  • For Webflow and, where applicable, Microsoft, we base data transfers to the USA on the EU-US Data Privacy Framework (DPF) adequacy decision; in addition, standard contractual clauses (Art. 46 GDPR) are used.


Storage period

We delete inquiries as soon as they have been finally processed, provided that there are no legal storage obligations (e.g. under commercial or tax law).

4. Cookies, consent management and web analysis (Webflow Analytics)

We use Webflow Analytics to evaluate the use of our website (e.g. pages visited, length of stay). Cookies and similar technologies can be used for this purpose; among other things, IP address and device information can be processed and — depending on integration — transmitted to the USA.

The legal basis is your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG, which you give via our consent banner. No non-technically necessary cookies/trackers will be set without your consent. You can withdraw your consent at any time with effect for the future via the banner.

Order processing/transfer to third countries: Webflow acts as a contract processor (Art. 28 GDPR). We base transfers to the USA on the DPF adequacy decision and, in addition, on the standard contractual clauses (Art. 46 GDPR). Details about the cookies used and their expiry times can be found in the consent banner at any time.

5. Social media links (LinkedIn)

Our website only includes simple links to the LinkedIn profiles of individual team members. No social plug-ins or tracking scripts from LinkedIn are used.

This means that no data is automatically transferred to LinkedIn when you visit our website. Only when you actively click on one of the links do you leave our website and go directly to LinkedIn. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is solely responsible for the subsequent data processing.

The legal basis for the mere link is Art. 6 para. 1 lit. f DSGVO (our legitimate interest in providing further information about our team).

For more information on data processing by LinkedIn, please see the LinkedIn Privacy Policy.

6. Linking to Wikipedia

Our website just has a simple link to a Wikipedia post from a team member. There is no embedding of content (such as images, videos, scripts) from Wikimedia servers.

This means that when you visit our website, no data is automatically transferred to Wikipedia/Wikimedia. Only when you actively click on the link do you leave our website and go directly to the Wikipedia page (provider: Wikimedia Foundation, Inc., San Francisco, USA). The Wikimedia Foundation alone is responsible for the subsequent data processing.

The legal basis for pure linking is Art. 6 para. 1 lit. f DSGVO (our legitimate interest in providing further information).

Please review Wikipedia/Wikimedia's privacy policy and terms of use.

7. Recipients, categories of data and purposes

Depending on usage, we process the following categories of personal data: inventory and contact data, content data (messages in the form), use/meta data (log files, analytics).
Possible recipients: IT service providers (in particular Webflow, IONOS, Microsoft), affiliated companies, legal/consulting service providers, authorities in case of legal obligation. A transfer to third countries may take place (see Sections 2—4).

Purposes: Provision of the website, security/fault diagnosis, answering inquiries, reach measurement/statistics (only with consent), external communication (social media/Wikipedia links).

8. Legal bases

Art. 6 para. 1 lit. a DSGVO (consent), lit. b (contract/preliminary contract), lit. c (legal obligations), lit. f (legitimate interests: secure, functional website; communication; reach measurement only with consent). § 25 para. 1 TTDSG for seting/reading unnecessary cookies/technologies.

9. Storage period

We delete personal data as soon as the purpose no longer applies and there are no legal storage requirements. Log files are regularly deleted at short notice; contact requests after communication has been completed; analysis/consent data in accordance with the terms shown in the banner.

10. Obligation to provide data

There is no legal obligation to provide personal data when you visit our website. Certain information is required to use individual functions (e.g. contact form). No unnecessary cookies are set without consent.

11. Your rights (rights of data subjects)

You have the right


  • information (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • deletion (Art. 17 GDPR),
  • restriction (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection to processing based on Article 6 (1) (f) GDPR (Article 21 GDPR),
  • Withdrawal of consents granted (Article 7 (3) GDPR) with effect for the future,
  • Complaint with a supervisory authority (in particular ULD, see above; Art. 77 GDPR).

12. data security

We use TLS/SSL encryption and take organizational and technical measures to secure your data using the state of the art.

13. Timeliness of this privacy policy

This privacy policy is up to date and may be amended as a result of technical changes, new services or changes in the legal situation. The currently valid version can be found on this website at any time.