Telefon-Icon
+49 7231 941-123
E-Mail-Icon
info@apollon.de
Demo anfordern
Demo anfordern

Privacy Policy

This privacy policy explains how we collect, process, and protect your personal data when you visit our website www.apollon.de. We take data protection very seriously and comply with the General Data Protection Regulation (GDPR) and all applicable German data protection laws.

1. Privacy at a Glance

General Information

The following overview provides a simple overview of what happens to your data when you visit our website. More detailed information can be found in the sections below.

Data Collection on Our Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator (hereinafter “we” or “us”). You can find the contact details of the operator in the “Information about the responsible party” section of this privacy policy.

How do we collect your data?

Your data is collected in various ways. Some data is provided by you directly, such as when you fill out contact forms or subscribe to our newsletter. Other data is collected automatically by our IT systems when you visit the website, such as access log files or through the use of cookies and similar tracking technologies.

What do we use your data for?

We process your personal data for various purposes, including to respond to your inquiries, send newsletters, analyze website usage, optimize our marketing efforts, and ensure the security of our website.

What rights do you have?

You have the right to obtain information about your personal data stored by us at any time, to request correction or deletion of your data, to restrict processing, to data portability, and to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

2. General Information and Mandatory Disclosures

Information About the Responsible Party

The responsible party for data processing on this website as defined by the General Data Protection Regulation is:

apollon GmbH+Co. KG
Maximilianstr. 104
75172 Pforzheim
Germany
Phone: +49 7231 941-123
Email: info@apollon.de
Website: www.apollon.de

Managing Directors: Norbert Weckerle, Tobias Marks
Personally liable partner: apollon Verwaltungs-GmbH
VAT ID: DE297662610
Commercial Register: AG Mannheim HRA 705979

Right to Information, Correction, Deletion, and Restriction of Processing

You have the right, at any time, to obtain information about what personal data we have stored about you, where it comes from, who we share it with, and how long we store it. You also have the right to request correction or deletion of this data or to restrict the processing of this data. To exercise these rights, please contact us using the contact details provided above.

Right to Data Portability

You have the right to receive the personal data we hold about you in a structured, commonly used, and machine-readable format and to transmit this data to another controller without obstruction from us, provided the processing is based on your consent or a contract with you, and the processing is carried out by automated means.

Right to Object

You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your rights, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Withdraw Consent

If you have given your consent to data processing, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg (LfDI)
Postfach 10 29 32
70025 Stuttgart
Germany

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the “https://” prefix in the address bar of your browser and by the lock icon in your browser’s address bar. If SSL or TLS encryption is enabled, data you transmit to us cannot be read by third parties.

3. Data Collection on This Website

Cookies and Consent Management (Borlabs Cookie)

What are cookies?

Cookies are small text files that are stored on your device and can be read when you visit our website again. Cookies help us understand how you use our website, improve your browsing experience, and personalize content and advertisements.

Consent Management System

We use Borlabs Cookie, a consent management system that helps us manage your cookie and tracking preferences in compliance with the GDPR. When you visit our website, you will see a consent banner asking you to agree to the use of cookies and tracking technologies.

Legal Basis: Art. 6(1)(a) GDPR (Consent)

Data Processing: Your consent preferences are stored locally on your device. Borlabs Cookie stores this information to remember your preferences on future visits to our website.

Storage Duration: Your consent preferences are stored for up to 365 days.

Third-Party Recipients: Borlabs GmbH (Consent management service provider)

Data Transfer to Third Countries: No transfer outside the EU/EEA.

Note on TTDSG (German Telecommunications Digital Services Data Protection Act)

Insofar as cookies or comparable technologies that are not technically necessary are used on this website, this is done exclusively on the basis of your consent pursuant to § 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR. You can revoke your consent at any time via our cookie consent tool. Technically necessary cookies are set on the basis of § 25(2) TTDSG.

Server Log Files

Data Collection:

When you access our website, our web server automatically records information in log files. This information is collected for every request and includes:

  • Your IP address
  • The browser type and version you use
  • Your operating system
  • The referrer (the page from which you came to our website)
  • The pages you access on our website and the time you spent on each page
  • The time and date of your access
  • HTTP status codes (such as 404 – Not Found or 200 – OK)
  • The amount of data transmitted
  • Whether your request was successful

Purpose: Server log files are used to ensure the functionality and security of our website, to analyze website usage patterns, to troubleshoot technical problems, and to optimize server performance. Log files also help us identify and prevent unauthorized access attempts and cyberattacks.

Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interests) – We have a legitimate interest in maintaining the security of our website and ensuring its proper functioning. IP addresses are classified as personal data under CJEU (European Court of Justice) case law. While we do not use server log data to identify individual users, a personal reference cannot be entirely excluded.

Storage Duration: Server log files are typically stored for 30 days before being automatically deleted.

Third-Party Recipients: Hostinger (Web hosting provider)

Data Transfer to Third Countries: The data is processed on servers located in Germany (no transfer outside the EU).

Contact Forms (Gravity Forms, Contact Form 7)

Data Collection:

When you use our contact forms to send us an inquiry or message, the following data is collected:

  • Your name
  • Your email address
  • Your company name (if provided)
  • Your phone number (if provided)
  • Your message or inquiry text
  • Any file attachments you upload
  • The date and time of your submission
  • Your IP address

Purpose: We use the information you provide through contact forms to respond to your inquiries, provide you with requested information, and communicate with you regarding your request. We may also use this information to improve our services and understand customer needs.

Legal Basis: Art. 6(1)(b) GDPR (Performance of a Contract) – You are requesting our response, – We have a legitimate interest in responding to your inquiries and improving our services.

Recipients: The contact form data is processed by Gravity Forms and Contact Form 7, plugins that store the data on our website servers. We may also share your information with relevant departments within our company to respond to your inquiry.

Storage Duration: Contact form submissions are stored indefinitely unless you request deletion. We recommend deleting old inquiries regularly.

Third-Party Recipients: Hostinger (Web hosting provider)

Data Transfer to Third Countries: No transfer outside the EU/EEA.

Inquiry via Email and Phone

Data Collection:

If you contact us directly via email or phone, we collect the information you provide us, which may include:

  • Your name
  • Your email address or phone number
  • Your company name
  • Your inquiry or message content

Purpose: We use this information to respond to your inquiry and provide you with the information or assistance you requested.

Legal Basis: Art. 6(1)(b) GDPR (Performance of a Contract) – You are requesting our response, – We have a legitimate interest in responding to your inquiries.

Storage Duration: Email and phone inquiries are stored for as long as necessary to respond to your request and may be archived for record-keeping purposes for up to 7 years for tax and legal compliance purposes.

Third-Party Recipients: Relevant departments within our company.

Newsletter (Pipedrive Campaigns)

If you wish to receive our newsletter, we require your email address and information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter (double opt-in).

We use Pipedrive Campaigns for sending our newsletter, a service provided by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. Pipedrive processes your email address and, if applicable, your name for the purpose of newsletter delivery.

Data processed: Email address, name (optional), open and click behavior

Legal basis: Art. 6(1)(a) GDPR (consent)

Storage duration: Your data is stored as long as you are subscribed to the newsletter. After unsubscribing, your data will be deleted.

Server location: Data processing takes place on servers in the EU (Estonia). No transfer to third countries takes place.

Opt-out: You can unsubscribe from the newsletter at any time via the unsubscribe link in every newsletter.

Pipedrive Privacy Policy: https://www.pipedrive.com/en/privacy

4. Analytics and Advertising Tools

Google Tag Manager (via TAGGRS Server-Side)

What is Google Tag Manager?

Google Tag Manager is a tag management system by Google LLC that allows us to manage and deploy tracking codes and marketing pixels on our website without requiring code modifications. We use Google Tag Manager in a server-side configuration via TAGGRS Server-Side (sst.apollon.de).

Data Collection:

When you visit our website, Google Tag Manager collects information about your interactions, including:

  • Pages you visit
  • Buttons and links you click
  • Forms you submit
  • Your scroll depth on pages
  • Time spent on pages
  • Events and conversions

Purpose: We use Google Tag Manager to manage and coordinate various analytics and advertising tools, to track user behavior, measure campaign effectiveness, and optimize our marketing efforts.

Legal Basis: Art. 6(1)(a) GDPR (Consent) for non-essential tracking, for performance measurement.

Storage Duration: Event data is processed in real-time and stored according to the retention settings of the individual tools configured through Google Tag Manager.

Third-Party Recipients: Google LLC and other tools configured through Google Tag Manager

Data Transfer to Third Countries: Google Tag Manager transfers data to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

Google Analytics 4

What is Google Analytics 4?

Google Analytics 4 is an analytics service provided by Google LLC that helps us understand how users interact with our website. Google Analytics 4 uses advanced analytics capabilities including machine learning to provide insights into user behavior.

Data Collection:

Google Analytics 4 collects a variety of data about your interactions with our website, including:

  • Your anonymized IP address (truncated)
  • Cookie identifiers
  • Pages you visit and their URLs
  • Referring page/source
  • Browser type and version
  • Operating system
  • Device type and device model
  • Screen resolution
  • Language settings
  • Events you trigger (page views, clicks, form submissions, video plays, etc.)
  • Approximate geographic location (based on IP address, at country or region level)
  • Time and duration of your visit
  • User ID (if you are logged in)

Purpose: We use Google Analytics 4 to understand how users use our website, which content is most popular, where users come from, and how they interact with our services. This information helps us improve our website, content, and user experience, identify technical issues, and measure the effectiveness of our marketing campaigns.

Legal Basis: Art. 6(1)(a) GDPR (Consent) – You have consented to the use of Google Analytics through our consent management system.

Google Analytics 4 anonymizes IP addresses by default. We have concluded a data processing agreement (Art. 28 GDPR) with Google.

Data Anonymization: IP addresses are anonymized in Google Analytics (the last octet is removed). We have also activated IP anonymization features to further protect your privacy.

Storage Duration: User data in Google Analytics is automatically deleted after 14 months of no activity.

Third-Party Recipient: Google LLC (Analytics service provider)

Data Transfer to Third Countries: Google Analytics transfers data to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

Google Analytics Privacy Controls:

  • Opt-Out: You can prevent Google Analytics from tracking your data by installing the Google Analytics Opt-Out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.
  • Additional Information: For more information about Google Analytics privacy practices, visit https://policies.google.com/privacy and https://policies.google.com/technologies/cookies.

Google Ads / Conversion Tracking

What is Google Ads Conversion Tracking?

Google Ads Conversion Tracking is a tool provided by Google LLC that allows us to track whether users who click on our Google advertisements on other websites subsequently complete desired actions on our website, such as making a purchase, filling out a contact form, or subscribing to our newsletter.

Data Collection:

When you click on one of our Google advertisements, Google places a conversion tracking cookie on your device. When you perform a tracked action on our website, the conversion tracking pixel records this action and sends it to Google’s servers.

Information collected includes:

  • Your anonymized IP address
  • Conversion events (purchase, contact form submission, etc.)
  • Conversion value
  • Time of conversion
  • Product information (if applicable)
  • Conversion ID

Purpose: We use Google Ads Conversion Tracking to measure the effectiveness of our advertising campaigns, understand which ads lead to conversions, optimize our advertising spend, and improve the performance of our ad campaigns.

Legal Basis: Art. 6(1)(a) GDPR (Consent) – You have consented to conversion tracking through our consent management system, for performance measurement.

Storage Duration: Conversion tracking cookies are stored for 90 days.

Third-Party Recipient: Google LLC (Advertising and conversion tracking service provider)

Data Transfer to Third Countries: Google Ads Conversion Tracking transfers data to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

Opt-Out Options:

  • You can disable Google Ads personalization by visiting Google’s Ads Settings at https://myaccount.google.com/ads.
  • You can opt out of conversion tracking by blocking third-party cookies in your browser settings.

Microsoft Clarity (Heatmaps and Session Recording)

What is Microsoft Clarity?

Microsoft Clarity is a behavior analytics service provided by Microsoft Corporation that records and analyzes user interactions on our website. Clarity creates heatmaps showing where users click, scroll, and move their mouse, and records session replays showing how users navigate through our website.

Data Collection:

Microsoft Clarity collects the following data:

  • Mouse movements and clicks
  • Scroll depth on pages
  • Keyboard input (only non-sensitive fields)
  • Pages visited and their URLs
  • Browser type and version
  • Operating system
  • Device type
  • Screen resolution
  • Referrer information
  • Session duration
  • General geographic location (country level)
  • Anonymized IP address

Data Masking: Microsoft Clarity automatically masks sensitive data such as email addresses, passwords, payment information, and personal identification numbers to protect user privacy.

Purpose: We use Microsoft Clarity to understand how users interact with our website, identify usability issues, optimize website design and functionality, and improve user experience. Heatmaps help us understand which areas of our website receive the most attention, and session replays help us identify problems users encounter while navigating our site.

Legal Basis: Art. 6(1)(a) GDPR (Consent) – You have consented to session recording through our consent management system, for website optimization.

Storage Duration: Session recordings are retained for up to 90 days.

Third-Party Recipient: Microsoft Corporation (Analytics and session recording service provider)

Data Transfer to Third Countries: Microsoft Clarity transfers data to Microsoft’s servers in the United States. Microsoft is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

Opt-Out: You can opt out of Microsoft Clarity tracking by visiting https://clarity.microsoft.com/privacy.

LinkedIn Insight Tag

What is the LinkedIn Insight Tag?

The LinkedIn Insight Tag is a tracking pixel provided by LinkedIn Ireland Unlimited Company that allows us to track conversions from LinkedIn advertising campaigns and understand the behavior of LinkedIn users visiting our website.

Data Collection:

The LinkedIn Insight Tag collects the following data:

  • Your LinkedIn profile ID (if you are logged into LinkedIn)
  • Pages you visit on our website
  • URL parameters and referrer information
  • Device information (browser, OS, device type)
  • General geographic location
  • Timestamp of page visits
  • Conversion events

Purpose: We use the LinkedIn Insight Tag to track conversions from LinkedIn advertising campaigns, measure campaign ROI, build LinkedIn advertising audiences, and understand the behavior of LinkedIn users on our website.

Legal Basis: Art. 6(1)(a) GDPR (Consent) – You have consented to LinkedIn tracking through our consent management system, for campaign measurement.

Storage Duration: LinkedIn Insight Tag cookies are stored for 90 days.

Third-Party Recipient: LinkedIn Ireland Unlimited Company (Social media advertising and analytics service provider)

Data Transfer to Third Countries: The LinkedIn Insight Tag transfers data to LinkedIn’s servers in the United States and Ireland. LinkedIn is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

LinkedIn Privacy Policy: For more information about how LinkedIn uses your data, visit https://www.linkedin.com/legal/privacy-policy.

Leadinfo B.V. (B2B Visitor Identification)

What is Leadinfo?

Leadinfo B.V. is a B2B lead generation service that identifies companies visiting our website by analyzing IP addresses and other non-personal indicators. Leadinfo helps us understand which organizations are interested in our services and supports our B2B sales and marketing efforts.

Important Note: Leadinfo uses company-level identification based on IP addresses and publicly available business data. Leadinfo does NOT personally identify individual users or process personal data that identifies specific individuals. Instead, Leadinfo associates website visits with company information, such as company name, industry, company size, and geographic location.

Data Collection:

Leadinfo collects the following information:

  • IP address of website visitors
  • Company name (identified through IP address analysis and business data)
  • Industry
  • Company size
  • Geographic location (country, region)
  • Pages visited on our website
  • Time and date of visit
  • Device and browser information
  • Referrer information

Personal Data: Leadinfo does not identify or process personal data about individual users. The identification is performed at the company level using IP-based geolocation and public business data. No individual user profiling takes place.

Purpose: We use Leadinfo to identify companies visiting our website, understand which organizations have interest in our services, support our sales team with lead information, and measure the ROI of our marketing activities at the company level.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Storage Duration: Company visit data is retained for up to 90 days in our Leadinfo account.

Third-Party Recipient: Leadinfo B.V., Rivium Quadrant 151, 2909LC, Capelle aan den IJssel, Netherlands

Data Transfer to Third Countries: Leadinfo transfers data to its servers in the Netherlands (EU). No transfer outside the EU/EEA.

Opt-Out: You can prevent Leadinfo from identifying your company by contacting Leadinfo directly or by blocking third-party cookies in your browser settings.

Leadinfo Privacy Policy: For more information, visit https://www.leadinfo.com/privacy-policy.

Leadfeeder / Dealfront (B2B Visitor Identification)

What is Leadfeeder / Dealfront?

Leadfeeder (now part of Dealfront) is a B2B lead generation service that identifies companies visiting our website using IP address analysis and business intelligence data. Like Leadinfo, Dealfront helps us understand which organizations are interested in our services for B2B lead generation purposes.

Important Note: Dealfront uses company-level identification based on IP addresses and publicly available business data. Dealfront does NOT personally identify individual users or process personal data that identifies specific individuals. Dealfront associates website visits with company information only.

Data Collection:

Dealfront collects the following information:

  • IP address of website visitors
  • Company name (identified through IP address analysis and business data)
  • Industry
  • Company size and revenue
  • Geographic location
  • Pages visited on our website
  • Time and date of visit
  • Browser and device information
  • Referrer source

Personal Data: Dealfront does not identify or process personal data about individual users. Company-level identification only.

Purpose: We use Dealfront to identify companies visiting our website, understand company-level interest in our services, support sales and marketing efforts, and measure B2B campaign effectiveness.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Storage Duration: Company visit data is retained according to Dealfront’s data retention policies.

Third-Party Recipients: Dealfront Group (formerly Leadfeeder), Helsinki, Finland / Germany offices

Data Transfer to Third Countries: Data processing location: Dealfront has operations in Finland (EU) and Germany (EU). Data may be transferred to third-country locations as described in Dealfront’s privacy policy.

Opt-Out: You can opt out of Leadfeeder/Dealfront tracking by visiting https://www.dealfront.com/privacy.

5. Plugins and External Services

YouTube (Video Embeds)

What is YouTube?

We embed videos from YouTube, a video platform operated by Google LLC, on our website to provide multimedia content to our visitors. We use YouTube’s privacy-enhanced embedded mode (“privacy mode”) to minimize data collection.

Data Collection:

When you view a YouTube video embedded on our website, YouTube may collect the following information:

  • Your anonymized IP address
  • Cookie identifiers
  • Video watched and watch duration
  • Playback events (play, pause, seek)
  • Browser and device information
  • Approximate geographic location

Privacy Mode: We use YouTube’s privacy-enhanced embedded mode, which means YouTube does not store information about your visit on its servers unless you click to play the video. If you click to play the video, YouTube will collect viewing data as described above.

Purpose: We embed YouTube videos to provide multimedia content, educational materials, product demonstrations, and other video content relevant to our services.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Storage Duration: YouTube’s cookies are stored according to YouTube’s privacy policy (typically up to 180 days).

Third-Party Recipient: Google LLC (Video hosting and analytics service provider)

Data Transfer to Third Countries: YouTube is operated by Google LLC, located in the United States. Your data is transferred to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

YouTube Privacy: For more information about YouTube’s privacy practices, visit https://policies.google.com/privacy and https://www.youtube.com/intl/en/howyoutubeworks/user-settings/privacy/.

Google Maps (Embedded Maps)

What is Google Maps?

We embed interactive maps from Google Maps, a mapping service operated by Google LLC, on our website to display our location, office address, and other location-based information. Google Maps allows visitors to view directions, contact information, and nearby locations.

Data Collection:

When you interact with an embedded Google Map on our website, Google may collect the following information:

  • Your IP address
  • Your approximate geographic location
  • Browser type and version
  • Operating system
  • Device information
  • Searches you perform in the map
  • Places you view or click on
  • Directions you request
  • Time and duration of map usage
  • Cookie identifiers

Purpose: We embed Google Maps to help visitors find our office location, view directions to our premises, and understand our geographic presence.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Storage Duration: Google Maps cookies are stored according to Google’s privacy policy.

Third-Party Recipient: Google LLC (Mapping and location services provider)

Data Transfer to Third Countries: Google Maps transfers data to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework (DPF) and provides adequate safeguards for your personal data.

Google Maps Privacy: For more information about Google Maps privacy practices, visit https://policies.google.com/privacy and https://www.google.com/maps/about/privacy/.

Google Web Fonts (Locally Hosted)

This website uses the Open Sans font for consistent display. The fonts are installed locally on our server. No connection to Google servers is established. No data is transmitted to Google.

Chatbase (AI Chatbot)

What is Chatbase?

We use Chatbase, an AI-powered chatbot service provided by Chatbase.co Inc., to provide automated customer support and answer frequently asked questions on our website. The Chatbase chatbot uses artificial intelligence to understand your questions and provide relevant responses.

Data Collection:

When you interact with the Chatbase chatbot on our website, Chatbase collects the following information:

  • Your chat messages and questions
  • The chatbot’s responses
  • Chat session ID
  • Timestamp of messages
  • Your IP address
  • Browser and device information
  • Approximate geographic location
  • Email address (if you provide it during the chat)
  • Name (if you provide it)

Purpose: We use Chatbase to provide automated customer support, answer common questions about our services, qualify leads, and collect contact information for follow-up communications. The chatbot learns from interactions to improve its responses over time.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Data Processing by Chatbase: Chatbase processes your chat data to understand your questions, generate responses, and improve the AI model. Your chat messages may be used to train and improve the Chatbase AI system, though personal information is typically anonymized for this purpose.

Storage Duration: Chat conversations are retained for up to 90 days for quality assurance and improvement purposes. Longer retention may occur if you provide contact information and engage in a business transaction.

Third-Party Recipient: Chatbase.co Inc., 4700 Keele Street, Toronto, ON, Canada

Data Transfer to Third Countries: Chatbase is located in Canada. Your chat data and any personal information you provide is transferred to Chatbase’s servers in Canada, which is outside the EU/EEA. Chatbase has agreed to Standard Contractual Clauses (SCCs) for the transfer of personal data from the EU to Canada, which provide adequate safeguards for your personal data.

Your Rights: You can request deletion of your chat history at any time. Your chat data is not linked to your user profile unless you explicitly provide contact information.

Important: Please do not enter sensitive personal data (e.g., health information, financial data) into the chatbot. Inputs are transmitted to the provider\’s servers.

Chatbase Privacy: For more information about Chatbase’s privacy practices, visit https://www.chatbase.co/privacy.

Wordfence (Website Security)

What is Wordfence?

We use Wordfence, a website security service provided by Wordfence, Inc., to protect our website from malicious attacks, unauthorized access attempts, and other security threats. Wordfence monitors website traffic and analyzes suspicious activity patterns.

Data Collection:

Wordfence collects the following information from all website visitors:

  • IP address
  • HTTP request headers
  • User agent information
  • Request URLs and parameters
  • HTTP status codes
  • Time and date of requests
  • Geographic location information
  • Information about suspicious or malicious requests

Purpose: We use Wordfence to monitor website security, detect and block malicious traffic, identify potential cyberattacks, prevent brute-force login attempts, scan for malware, and protect sensitive data from unauthorized access.

Legal Basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 25(1) TTDSG

Data Anonymization: Wordfence implements various security measures and may anonymize data to protect privacy. Specific identifiers and personal information are protected.

Storage Duration: Security logs are typically retained for 30 days before being automatically deleted, though threat intelligence data may be retained longer.

Third-Party Recipient: Wordfence, Inc. (Website security service provider)

Data Transfer to Third Countries: Wordfence is located in the United States. Security data is transferred to Wordfence’s servers in the United States for analysis and threat detection. Wordfence has implemented Standard Contractual Clauses (SCCs) to ensure adequate safeguards for personal data transferred from the EU to the United States.

Data Sharing: Wordfence may share anonymized and aggregated threat intelligence data with other Wordfence users and security organizations to improve collective security.

Wordfence Privacy: For more information about Wordfence’s privacy practices and security measures, visit https://www.wordfence.com/privacy/.

6. Hosting

Hostinger (Web Hosting Provider)

What is Hostinger?

Our website is hosted on servers provided by Hostinger, a web hosting company. Hostinger provides the infrastructure and technical resources necessary to make our website accessible on the internet.

Server Location: Our website is hosted on servers located in Germany.

Data Processing by Hostinger:

As the hosting provider, Hostinger has access to all data stored on our website servers, including:

  • Website files and content
  • Database records containing contact form submissions and newsletter data
  • Server log files containing visitor IP addresses and access information
  • Backup copies of our website data
  • Email communications sent through our contact forms

Purpose: Hostinger processes this data to:

  • Store and deliver our website content to visitors
  • Maintain website functionality and availability
  • Create backup copies of our website for disaster recovery
  • Monitor server performance and security
  • Provide technical support when needed

Legal Basis: Art. 6(1)(b) GDPR (Performance of a Contract) – The use of a web hosting provider is necessary for us to provide access to our website. Additionally, Art. 6(1)(f) GDPR (Legitimate Interests) applies for server security and maintenance.

Data Protection Agreement: We have a Data Processing Agreement (DPA) with Hostinger that ensures compliance with GDPR and establishes clear terms regarding data protection and security responsibilities.

Data Security Measures: Hostinger implements comprehensive security measures including:

  • SSL/TLS encryption for secure data transmission
  • DDoS protection to prevent cyberattacks
  • Regular security updates and patches
  • Firewall protection
  • Access control and authentication mechanisms
  • Regular backup and disaster recovery procedures

Storage Duration: Data is retained on Hostinger’s servers as long as our website remains hosted with them. Backups are retained according to our backup retention policy.

Sub-processors: Hostinger may use sub-processors for specific services (CDN providers, security services, etc.). We have ensured that appropriate data protection agreements are in place.

Data Transfer to Third Countries: The primary server location is in Germany (EU). No transfer outside the EU/EEA.

Hostinger Privacy Policy: For more information about Hostinger’s privacy practices, visit https://www.hostinger.com/privacy.

Your Data Protection Rights in Summary

Under the GDPR, you have the following rights concerning your personal data:

  • Right to Access: You have the right to request access to your personal data and receive a copy of the data we hold about you.
  • Right to Rectification: You have the right to request correction or completion of your personal data if it is inaccurate or incomplete.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (the “right to be forgotten”).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
  • Right to Object: You have the right to object to certain types of processing, particularly for marketing purposes.
  • Right to Withdraw Consent: If you have given your consent, you can withdraw it at any time without affecting the lawfulness of processing before the withdrawal.
  • Rights Related to Automated Decision-Making: You have rights regarding automated decision-making and profiling.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us using the contact information provided at the beginning of this privacy policy.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our data processing practices, new technologies, regulatory requirements, or other factors. When we make material changes, we will notify you by updating the “Last Updated” date at the bottom of this page and, if necessary, by sending you an email notification or posting a prominent notice on our website.

Your continued use of our website following the posting of revised privacy policy means that you accept and agree to the changes. We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data.

Contact Us

If you have questions about this privacy policy, our data protection practices, or wish to exercise your data protection rights, please contact us:

apollon GmbH+Co. KG
Maximilianstr. 104
75172 Pforzheim
Germany
Phone: +49 7231 941-123
Email: info@apollon.de

We will respond to your inquiries within 30 days in accordance with GDPR requirements.

Last Updated: 18 March 2026