Privacy Notice pursuant to Art. 12–14 GDPR

Last updated: July 2025

We appreciate your interest in our website. The protection of your personal data is important to us. This privacy notice explains which personal data we process when you visit our website, for which purposes, and what rights you have as a data subject.

Controller

inSyca IT Solutions GmbH,
Finsinger Feld 5,
D-85521 Ottobrunn,
Germany

Phone: +49 89 2154 6094
Email: contact@insyca.com

Privacy Contact Point

inSyca IT Solutions GmbH is currently not required to appoint a Data Protection Officer pursuant to Art. 37 GDPR and § 38 BDSG.
For any questions related to data protection, you may contact:

gdpr@inSyca.com
inSyca IT Solutions GmbH
Finsinger Feld 5
85521 Ottobrunn
Germany

Processing of personal data when visiting our website

When you access our website, your browser automatically transmits certain information to our server,
including:

  • IP address
  • Date and time of access
  • Requested page
  • Browser type and version
  • Operating system
  • Referrer URL

This processing is technically necessary to provide the website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure and functional website).

Server log data is deleted after a short period unless required for security purposes.

Hosting

Our website is hosted by:

webgo GmbH
Wandsbeker Zollstraße 95
22041 Hamburg
Germany

Processing is carried out based on a data processing agreement (Art. 28 GDPR).

Cookies and Consent Management

We use cookies and similar technologies to:

  • ensure essential website functions,
  • enable statistical analysis,
  • provide marketing and conversion tracking services.

Consent is managed through the consent tool “Real Cookie Banner.”
You can adjust or withdraw your consent at any time via the banner.

Legal bases:

  • Technically necessary cookies: Art. 6(1)(f) GDPR
  • Analytics/Marketing cookies: Art. 6(1)(a) GDPR and § 25 TTDSG (consent)

Services and Tools Used

Essential Services

Solid Security (formerly iThemes Security)
Provider: SolidWP, USA
Purpose: Protection of the website against attacks, brute-force attempts, and unauthorized access; securing login mechanisms and overall system integrity.
Processed data: IP address, username (in case of login attempts), timestamps of access, security-relevant events.
Third-country transfer: United States. The legal basis is Standard Contractual Clauses (SCCs).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring IT and website security).

TranslatePress
Purpose: Multi-language website functionality
Data processed: Language settings
Legal basis: Art. 6(1)(f) GDPR

Real Cookie Banner (Consent Tool)
Provider: devowl.io GmbH, Germany
Purpose: Managing user consent
Data processed: Consent status, browser data
Legal basis: Art. 6(1)(c) GDPR (legal obligation to manage consent)

Functional Services

Microsoft Bookings
Provider: Microsoft Corporation
Purpose: Online appointment booking
Data processed: IP address, browser data, booking details
Third-country transfers: Possible (USA), secured with SCCs and EU-US Data Privacy Framework
Legal basis: Art. 6(1)(a) GDPR (consent) / Art. 6(1)(b) GDPR (booking)

Analytics

Google Analytics (GA4)
Provider: Google Ireland Limited
Data processed: IP address (shortened), device data, usage behavior, click paths
Third-country transfer: USA, based on SCCs and EU-US Data Privacy Framework
Retention period: depending on your settings (typically 2–14 months).
Third-country transfer: USA, based on SCCs and EU-US Data Privacy Framework

Google Tag Manager
Purpose: Managing and loading analytics and marketing scripts
Note: Does not store cookies but may trigger tools that transfer data to Google
Legal basis: Art. 6(1)(a) GDPR (consent)

Marketing Services

Google Ads Conversion Tracking
Daten: Klick-IDs, Browserinformationen, Conversion-Ereignisse.
Third-country transfer: USA
Legal basis: Art. 6(1)(a) GDPR (consent)

LinkedIn Insight Tag
Provider: LinkedIn Ireland Unlimited Company
Data processed: IP address, device data, LinkedIn user ID (if logged in), page events
Purpose: Analytics, conversion tracking, retargeting
Third-country transfer: USA, secured with SCCs
Legal basis: Art. 6(1)(a) GDPR (consent)

Categories of Data Recipients

We may transmit personal data to:

  • internal departments of inSyca IT Solutions GmbH,
  • IT and hosting providers,
  • analytics and marketing service providers (only with consent),
  • public authorities, where legally required.

Data is not shared with third parties for advertising purposes without.

Retention Periods

We store personal data only as long as necessary for the specified purposes or as required by legal retention obligations.

  • Contact requests: up to 12 months
  • Log files: a few days or weeks
  • Cookies: according to the durations shown in the consent banner
  • Newsletter-/Marketingdaten: bis Widerruf

Third-Country Transfers

Some of the providers listed above operate in the United States or may process data there.
Transfers to the USA are conducted only on the basis of:

  • EU Standard Contractual Clauses (SCCs),
  • the EU-US Data Privacy Framework, or
  • your explicit consent (Art. 49(1) GDPR).

Please note that, despite safeguards, access by US authorities cannot be completely ruled out.

Rights of Data Subjects

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7 GDPR)

You can adjust your cookie preferences at any time via the consent banner.

Right to lodge a complaint with a supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Germany

Changes to this Privacy Notice

We may update this privacy notice to reflect legal or technical changes.