Privacy Policy
PRIVACY POLICY
for the website www.steinmetz-ai.com
Version: 2026-03-16
1. Controller
The controller responsible for data processing on this website is:
Alexander Steinmetz
IT-Beratung, Alexander Steinmetz
Schoellerstr. 11
74321 Bietigheim-Bissingen
Germany
Email: [E-Mail wird geladen]
Phone: +49 17656724014
2. General information and scope
This Privacy Policy provides information about the processing of personal data when using this website and when contacting us via the communication channels listed on the website.
The offering is aimed exclusively at companies, legal entities under public law, and special funds under public law (B2B). Even in a B2B context, personal data may be processed, especially data relating to contact persons, employees, representatives, or other natural persons on the customer side.
3. Purposes and legal bases of processing
We process personal data only to the extent permitted by law. The relevant legal bases include in particular:
- Article 6(1)(b) GDPR, insofar as processing is necessary for pre-contractual measures or for the performance of a contract;
- Article 6(1)(f) GDPR, insofar as processing is necessary for the purposes of our legitimate interests or those of a third party and no overriding interests of the data subject oppose this;
- Article 6(1)(a) GDPR, insofar as consent has been given.
Our legitimate interests lie in particular in the secure operation of the website, the efficient handling of inquiries, appointment scheduling, and the enforcement and defense of legal claims.
4. Hosting and provision of the website
Our website is hosted via the following service:
GitHub Pages
GitHub, Inc.
88 Colin P Kelly Jr St
San Francisco, CA 94107
USA
GitHub is a subsidiary of Microsoft Corporation. As the hosting provider is located in the USA, a transfer of personal data to the USA cannot be ruled out. GitHub bases such transfers in particular on the EU-U.S. Data Privacy Framework and on standard contractual clauses.
4.1 Server log files
When this website is accessed, the web server processes technically necessary information in so-called server log files. This may include in particular:
- IP address
- date and time of access
- page or file accessed
- amount of data transferred
- status code
- referrer URL
- browser type and browser version
- operating system
The processing takes place for the purpose of providing the website, ensuring stability and security, as well as error analysis and abuse detection.
The legal basis is Article 6(1)(f) GDPR.
The retention period for log files is governed by the hosting provider's policies. Further information can be found in GitHub's privacy statement (https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement).
4.2 Data processing agreement
To the extent that the hosting provider processes personal data on our behalf, this is carried out on the basis of the GitHub Pages terms of service and the GitHub Data Protection Agreement pursuant to Article 28 GDPR.
5. Contacting us
5.1 Contact by email
If you contact us by email, we process the data you provide to us, in particular:
- name
- email address
- company reference
- content of your message
- other information that you voluntarily provide
The processing takes place for the purpose of handling your inquiry, communicating with you, and, where applicable, initiating or performing a contract.
The legal basis is Article 6(1)(b) GDPR insofar as the matter concerns pre-contractual or contractual communication; otherwise, Article 6(1)(f) GDPR applies. Our legitimate interest lies in the appropriate and efficient handling of inquiries.
5.2 Contact by telephone
If a phone number is listed on the website and you contact us by telephone, we process the data communicated during the conversation and, where applicable, your phone number insofar as it is transmitted.
The processing takes place for the purpose of handling your request, communicating with you, and, where applicable, initiating or performing a contract.
The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, respectively.
5.3 No own contact form
This website currently does not operate a separate contact form. Data is therefore generally only transmitted to us if you actively contact us by email, phone, or via an external communication service.
6. Appointment booking via Calendly
We offer the option to book an appointment via an external link through Calendly. Calendly is not embedded into this website. Therefore, simply visiting this website does not cause the Calendly service to collect data on this website.
Only if you click the booking link do you leave our website and get redirected to an external Calendly page. As part of appointment booking, the following data in particular may be processed:
- name
- email address
- company
- requested appointment
- voluntary additional information or notes
To the extent that the appointment booking serves to initiate or perform a contract, the legal basis is Article 6(1)(b) GDPR. Otherwise, processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in efficient and user-friendly appointment scheduling.
The provider of the booking service is:
Calendly, LLC
115 E Main St., Ste A1B
Buford, GA 30518
USA
According to publicly available information from Calendly, Calendly regularly processes personal data in connection with appointment bookings as a processor for the respective customer. In addition, Calendly may act as an independent controller for its own purposes, for example when visiting its own website or using its own services.
Please note that when using Calendly, a transfer of personal data to the USA or other third countries cannot be ruled out. According to Calendly's published information, Calendly bases such transfers in particular on the EU-U.S. Data Privacy Framework and on standard contractual clauses where applicable.
Further information can be found in Calendly's privacy notices.
7. External links and external communication services
7.1 LinkedIn
This website contains links to our profile or presence on LinkedIn. LinkedIn is not embedded into this website. No LinkedIn plugins and no LinkedIn tracking tags are used on this website.
Simply visiting this website therefore does not initially transmit any data to LinkedIn. Only by clicking the link do you leave this website. From that point on, further data processing takes place under LinkedIn's own responsibility.
Please note that, according to LinkedIn's own statements, LinkedIn may also transfer data outside the EU or EEA, in particular to the USA.
7.2 Telegram
We optionally offer a contact channel via Telegram. If you use this communication channel, the data you transmit to us, in particular your username, profile name, message content, and other information that you voluntarily provide, will be processed for the purpose of handling your inquiry.
The legal basis is Article 6(1)(b) GDPR insofar as the communication serves to initiate or perform a contract; otherwise, Article 6(1)(f) GDPR applies. Our legitimate interest lies in an additional contact option voluntarily chosen by you.
Please note that communication via Telegram involves processing by Telegram as an independent controller. According to publicly available information from Telegram, processing may also take place in third countries. If you want especially confidential communication, please use email as the preferred contact channel.
8. Cookies, local storage, and similar technologies
This website currently does not use analysis, marketing, or profiling tools.
However, technically necessary cookies or comparable technologies, such as local storage, may be used to the extent necessary for the secure and functional operation of the website. Such technically necessary processing takes place on the basis of Article 6(1)(f) GDPR and, where applicable, in accordance with the German TDDDG.
If services requiring consent or optional technologies are used on this website in the future, they will only be activated after appropriate information has been provided and, where legally required, after your consent has been obtained.
9. Recipients of data
Personal data is disclosed only to those recipients to the extent required to fulfill the purposes stated above. Recipients may include in particular:
- hosting and IT service providers
- email and telecommunications service providers
- appointment booking service providers
- authorities and courts where there is a legal obligation
- other processors or external service providers insofar as this is necessary for contract performance or for safeguarding legitimate interests
10. Transfers to third countries
We transfer personal data to countries outside the European Union or the European Economic Area only to the extent necessary for the use of the communication or booking services you have chosen or where the respective service provides for this for technical reasons.
To the extent that we can influence the choice of service providers and a transfer to a third country takes place, we ensure that such transfer occurs only under the legal requirements of Articles 44 et seq. GDPR, in particular on the basis of an adequacy decision, appropriate safeguards, or other legally permissible mechanisms.
11. Storage period
We store personal data only for as long as necessary for the respective purposes. Afterwards, the data is deleted unless statutory retention obligations, contractual requirements, or legitimate interests in further storage prevent deletion.
For inquiries, the following generally applies:
- pure contact inquiries: deletion after final processing unless follow-up communication is required;
- contract-related communication: storage for the duration of the contractual relationship and afterwards within statutory retention periods;
- documents relevant under tax and commercial law: storage in accordance with statutory retention periods.
12. Obligation to provide data
The provision of personal data is not required by law. However, it is necessary if you wish to contact us, book an appointment, or initiate a contractual relationship. Without the required information, we may not be able to process your request or may only be able to process it incompletely.
13. Automated decisions
Automated decision-making, including profiling within the meaning of Article 22 GDPR, does not currently take place in connection with this website.
14. Your rights
In accordance with the applicable legal provisions, you have in particular the following rights:
- right of access under Article 15 GDPR
- right to rectification under Article 16 GDPR
- right to erasure under Article 17 GDPR
- right to restriction of processing under Article 18 GDPR
- right to data portability under Article 20 GDPR
- right to object under Article 21 GDPR
- right to withdraw any consent given with effect for the future
15. Right to object
To the extent that we process personal data on the basis of Article 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object to this processing at any time.
16. Right to lodge a complaint
You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
17. Data security
We take appropriate technical and organizational measures to protect personal data against loss, manipulation, unauthorized access, and other unauthorized processing. This includes in particular encrypted transmission of the website via TLS or HTTPS, where technically available.
18. Updates to this Privacy Policy
We reserve the right to amend this Privacy Policy if the website, the services used, or the legal framework conditions change. The version published on this website shall apply in each case.