Privacy Policy

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR is:

Some Tech Work UG (haftungsbeschränkt)
Hans-Böckler-Str. 76
65199 Wiesbaden
Germany

Managing Director: Vineet Talwar
Email: admin[at]sometech[dot]work

As controller, we determine the purposes and means of processing personal data on this website.

If you have any questions regarding data protection or wish to exercise your data subject rights, you may contact us at the above address.

We have implemented appropriate technical and organizational measures (TOMs) pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk, including measures to protect confidentiality, integrity, availability, and resilience of processing systems.

Where we engage external service providers to process personal data on our behalf, such providers act as processors within the meaning of Art. 28 GDPR and are contractually bound accordingly.

2. Hosting and Content Delivery Network (AWS & CloudFront)

Our website is hosted on infrastructure provided by:

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
1855 Luxembourg

The hosting infrastructure is located within the European Union (AWS region: eu-central-1, Germany).

Nature and Scope of Processing

When you access our website, personal data may be processed on our hosting servers. This includes:

  • IP address
  • Date and time of access
  • Requested files
  • Browser type and version
  • Operating system
  • Referrer URL
  • Technical log data

This processing is necessary to:

  • Ensure technical functionality
  • Maintain system stability
  • Detect and prevent misuse
  • Ensure IT security

Legal Basis

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation).

We have concluded a Data Processing Agreement (DPA) with AWS pursuant to Art. 28 GDPR.

Data Transfers

Although hosting takes place within the European Union, AWS is part of a global corporate group headquartered in the United States.

It cannot be excluded that access to personal data by AWS Inc. or affiliated entities outside the EU may occur in isolated cases.

Where transfers to third countries occur, they are based on:

  • EU Standard Contractual Clauses pursuant to Art. 46 GDPR
  • Additional safeguards implemented by AWS

Despite these safeguards, it cannot be fully excluded that U.S. authorities may access data for surveillance purposes.

Storage Duration

Server log data is retained only for as long as necessary for security purposes and then deleted automatically.

To ensure fast and reliable delivery of website content worldwide, we use Amazon CloudFront as a Content Delivery Network (CDN).

Provider:

Amazon Web Services EMEA SARL
Luxembourg

Nature and Scope of Processing

When using the CDN, user requests are routed through distributed edge servers. In this process, the following data may be processed:

  • IP address
  • Browser information
  • Requested content
  • Date and time of request

The use of a CDN serves the purpose of:

  • Improving website loading times
  • Enhancing global availability
  • Protecting against overload and distributed denial-of-service (DDoS) attacks
  • Increasing system security

Legal Basis

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in efficient and secure content delivery).

Data Processing Agreement

CloudFront operates as part of AWS. A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded with AWS.

Third-Country Transfers

Due to the global architecture of content delivery networks, data routing may involve processing outside the European Union.

Where such transfers occur, they are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

3. Server Log Files

When you visit our website, the following data is automatically collected:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

Purpose: security, system stability, abuse prevention
Legal basis: Art. 6(1)(f) GDPR

Log files are retained for a limited period and deleted thereafter.

4. Contact Forms

If you contact us via a contact form on our website, we process the personal data you provide in order to handle your inquiry.

Categories of Data Processed

Depending on the form, this may include:

  • Name
  • Email address
  • Telephone number (if provided)
  • Company name (if provided)
  • Message content
  • Any additional information voluntarily submitted

Purpose of Processing

The data is processed for the purpose of:

  • Responding to your inquiry
  • Preparing offers
  • Initiating pre-contractual measures
  • Managing business communication

Legal Basis

Processing is carried out pursuant to Art. 6(1)(b) GDPR if your inquiry relates to pre-contractual or contractual matters.

In other cases, processing is based on Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries and maintaining business communication).

Storage and Internal Processing

Form submissions are stored within our WordPress system and database in order to ensure proper documentation and follow-up of inquiries.

Access to inquiry data is restricted to authorized personnel only.

We have implemented appropriate technical and organizational measures to protect submitted data.

Data Processing by Hosting Provider

The hosting provider (AWS) processes personal data on our behalf pursuant to a Data Processing Agreement under Art. 28 GDPR.

Retention Period

Inquiry data is stored only as long as necessary to process your request and fulfill any statutory retention obligations. If no contractual relationship results, the data is generally deleted after completion of the inquiry unless legal retention obligations apply.

5. Appointment Scheduling (Calendly)

We use Calendly for appointment scheduling.

Provider:
Calendly LLC
United States

When booking an appointment, personal data such as

  • Name
  • Email
  • Scheduling preferences

may be processed.

Legal basis: Art. 6(1)(b) GDPR.

As Calendly is a US-based provider, data transfers are based on Standard Contractual Clauses pursuant to Art. 46 GDPR.

6. Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

Google Analytics 4 enables us to analyze user interactions on our website in order to improve functionality, user experience, and business performance.

Nature and Scope of Processing

When activated, Google Analytics 4 processes the following categories of data:

  • IP address (processed in shortened form and not permanently stored)
  • Device information (browser type, operating system, screen resolution)
  • Approximate geographic location (country and city level)
  • Referrer URL
  • Pages visited and interaction events
  • Session duration
  • Click behavior and engagement metrics
  • Technical identifiers such as cookies and pseudonymous user IDs

Google Analytics 4 uses event-based tracking. User interactions are recorded as events and may be aggregated into statistical reports.

Legal Basis

Processing takes place exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR. Google Analytics is only activated after consent has been granted via our consent management platform (Complianz).

You may withdraw your consent at any time with effect for the future by adjusting your cookie settings.

IP Anonymization

Google Analytics 4 does not log or store full IP addresses. According to Google, IP addresses are shortened within the European Union or European Economic Area prior to storage or further processing.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with Google pursuant to Art. 28 GDPR. Google processes data on our behalf and in accordance with our instructions.

Data Transfer to Third Countries

Personal data may be transferred to Google LLC in the United States.

Such transfers are based on:

  • EU Standard Contractual Clauses pursuant to Art. 46 GDPR
  • Additional safeguards implemented by Google

Despite these safeguards, it cannot be excluded that U.S. authorities may access data for surveillance purposes.

Storage Duration

The retention period for Google Analytics data is configured within our GA4 settings and does not exceed 14 months unless otherwise required for legitimate business purposes.

Opt-Out Options

You may prevent the collection of your data by:

7. Google Tag Manager (GTM)

We use Google Tag Manager, a tag management system provided by:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

Google Tag Manager allows us to manage and deploy website tags and tracking technologies via a centralized interface.

Nature and Scope of Processing

Google Tag Manager itself does not create user profiles and does not independently store personal data.

However, when Google Tag Manager is loaded, the following data may technically be processed:

  • IP address
  • Browser information
  • Device information
  • Date and time of access

Google Tag Manager serves as a container that loads other tracking and analytics services. The actual processing of personal data depends on the tools integrated via Google Tag Manager (for example, Google Analytics or Hotjar).

Legal Basis

Google Tag Manager is activated only after you have provided explicit consent through our consent management platform (Complianz), where technically required.

Legal basis: Art. 6(1)(a) GDPR.

Where Google Tag Manager is used solely to deploy technically necessary services, processing may also be based on Art. 6(1)(f) GDPR (legitimate interest in efficient tag management and website operation).

Data Processing Agreement

We have concluded a Data Processing Agreement with Google pursuant to Art. 28 GDPR.

Data Transfer to Third Countries

Personal data may be transferred to Google LLC in the United States.

Such transfers are based on:

  • EU Standard Contractual Clauses pursuant to Art. 46 GDPR
  • Additional safeguards implemented by Google

Despite these safeguards, it cannot be excluded that U.S. authorities may access personal data for surveillance purposes.

Control of Third-Party Tags

All third-party tracking tools integrated via Google Tag Manager are configured to be activated only after user consent has been obtained via our consent management system.

You may withdraw your consent at any time via the cookie settings.

8. Hotjar (Behavior Analytics)

We use Hotjar, a behavioral analytics service provided by:

Hotjar Ltd.
Level 2, St. Julian’s Business Centre
3 Elia Zammit Street
St. Julian’s STJ 1000
Malta

Hotjar enables us to analyze user behavior on our website in order to improve usability, functionality, and overall user experience.

Nature and Scope of Processing

When activated, Hotjar may process the following categories of data:

  • IP address (processed in shortened form)
  • Device type and browser information
  • Operating system
  • Screen resolution
  • Approximate geographic location (country level)
  • Pages visited
  • Mouse movements
  • Click behavior
  • Scroll behavior
  • Time spent on pages
  • Interaction events

Hotjar may create pseudonymized usage profiles based on this data.

Hotjar provides session replay functionality. These session recordings reproduce user interaction patterns such as scrolling, clicking, and navigation behavior. According to Hotjar, sensitive fields such as form inputs are automatically suppressed and not intentionally recorded.

We do not use Hotjar to intentionally collect personal content entered into forms.

Legal Basis

Processing via Hotjar occurs exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR.

Hotjar is activated only after consent has been granted via our consent management platform (Complianz).

You may withdraw your consent at any time with effect for the future by adjusting your cookie settings.

Data Processing Agreement

We have concluded a Data Processing Agreement with Hotjar pursuant to Art. 28 GDPR.

Hotjar processes personal data strictly in accordance with our instructions.

Data Transfers

Hotjar is headquartered in Malta (European Union). However, it cannot be excluded that certain processing activities or sub-processors may involve transfers to third countries.

Where such transfers occur, they are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Storage Duration

Personal data collected via Hotjar is retained only for as long as necessary for analysis purposes and in accordance with our configured retention settings.

Profiling and Automated Decision-Making

The data collected via Hotjar is not used for automated decision-making within the meaning of Art. 22 GDPR.

Opt-Out

You may prevent Hotjar tracking by:

9. Embedded Content (YouTube, Google Maps, External APIs)

Our website may include embedded content from third-party providers, such as:

  • YouTube videos
  • Google Maps
  • External APIs
  • Other embedded media or scripts

When such content is activated, personal data may be transmitted to the respective third-party provider.

Categories of Data Processed

Depending on the embedded service, this may include:

  • IP address
  • Browser information
  • Device information
  • Date and time of access
  • Referrer URL
  • Interaction behavior
  • Technical identifiers (e.g., cookies)

These providers may process personal data for their own purposes and may combine this information with other data already stored about you.

Consent Requirement

Embedded third-party content that is not technically necessary is only activated after you have provided explicit consent via our consent management platform.

Legal basis: Art. 6(1)(a) GDPR in conjunction with §25 TTDSG.

Without your consent, embedded content is not loaded, and no data transfer occurs.

You may withdraw your consent at any time by adjusting your cookie settings.

YouTube

If YouTube videos are embedded on our website, the provider is:

Google Ireland Limited
Dublin, Ireland

Data may be transferred to Google LLC in the United States.

We use privacy-enhanced mode where technically possible. However, even in privacy-enhanced mode, data transmission to YouTube servers may occur when the video is activated.

Transfers to the United States are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Google Maps

If Google Maps is embedded on our website, the provider is:

Google Ireland Limited
Dublin, Ireland

When Google Maps is activated, personal data such as IP addresses may be transmitted to Google servers, including servers located outside the European Union.

Processing occurs only after explicit consent.

External APIs and Additional Embedded Services

Where external APIs or additional third-party services are integrated, personal data may be transmitted to the respective provider when the service is activated.

We ensure that such services are loaded only after consent where required.

Third-Country Transfers

Some embedded content providers are headquartered in the United States or use infrastructure outside the European Union.

Where personal data is transferred to third countries, such transfers are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Despite these safeguards, it cannot be fully excluded that authorities in third countries may access personal data for surveillance purposes.

No Automated Decision-Making

Embedded third-party content is not used by us for automated decision-making within the meaning of Art. 22 GDPR.

10. CRM (WordPress Database)

Customer data and inquiries are stored within our WordPress installation hosted on AWS servers within the EU.

We implement appropriate technical and organizational measures to protect stored data.

11. Email Communication (Zoho Mail)

We use Zoho Mail for business email communication.

Provider:
Zoho Corporation

Depending on the selected data center, personal data may be processed outside the EU.

Data transfers are based on Standard Contractual Clauses where applicable.

Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

12. Cookies and Consent Management

Our website uses cookies and similar technologies.

Cookies are small text files stored on your device that enable certain functionalities, improve user experience, and allow analysis of website usage.

Legal Framework

The storage of information on your device or access to information already stored on your device is governed by §25 TTDSG.

Processing of personal data collected via cookies is governed by the GDPR.

Necessary Cookies

We use technically necessary cookies that are essential for the operation, security, and functionality of the website.

These cookies enable core functions such as:

  • Page navigation
  • Security features
  • Load balancing
  • Consent storage
  • Session management

Legal basis:

  • §25(2) TTDSG (necessary storage)
  • Art. 6(1)(f) GDPR (legitimate interest in secure and stable website operation)

Analytics and Marketing Cookies

We also use cookies for analytics and marketing purposes, including but not limited to:

  • Google Analytics 4
  • Hotjar
  • Google Tag Manager (in connection with analytics tools)

These cookies allow us to:

  • Analyze website usage
  • Measure performance
  • Understand user behavior
  • Improve our services

Such cookies are only set after you have provided explicit consent.

Legal basis:

  • §25(1) TTDSG
  • Art. 6(1)(a) GDPR

Consent Management Platform

We use the consent management platform Complianz to obtain, document, and manage user consent.

When you first visit our website, you are presented with a cookie banner allowing you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your preferences

Your consent decision is stored in order to comply with documentation requirements under Art. 7 GDPR.

You may change or withdraw your consent at any time via the cookie settings link available on our website.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Proof of Consent

We log consent decisions in order to demonstrate compliance with legal requirements.

The stored consent data may include:

  • Consent status
  • Timestamp
  • Consent ID
  • Browser information

This processing is based on Art. 6(1)(c) GDPR (legal obligation to document consent).

Cookie Categories

Cookies used on this website are categorized as follows:

  1. Necessary

  2. Statistics/Analytics

  3. Marketing

A detailed list of cookies, including purpose and storage duration, is available via the cookie settings panel.

Storage Duration

Cookies are stored for different periods depending on their purpose.

Session cookies are deleted when you close your browser.

Persistent cookies remain on your device until deleted or until their defined expiration period has elapsed.

You may delete cookies at any time via your browser settings.

Third-Country Transfers

Where analytics or marketing tools are used, personal data may be transferred to third countries, including the United States.

Such transfers are based on EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Despite these safeguards, it cannot be fully excluded that authorities in third countries may access personal data for surveillance purposes.

Browser Controls

Most web browsers allow you to control cookies via browser settings.

Please note that disabling necessary cookies may limit the functionality of the website.

13. Data Retention

Personal data is retained only as long as necessary for the purpose collected, or as required by statutory retention obligations under German commercial and tax law.

14. Data Subject Rights

As a data subject within the meaning of the GDPR, you have the following rights:

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed.

If this is the case, you have the right to obtain access to:

  • The personal data being processed
  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipients
  • The planned storage period or the criteria used to determine it
  • The existence of your rights
  • The source of the data (if not collected directly from you)
  • The existence of automated decision-making, including profiling

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you.

You also have the right to request completion of incomplete personal data.

Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR)

You have the right to request the deletion of your personal data without undue delay if:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been processed unlawfully
  • Deletion is required to comply with a legal obligation

The right to erasure does not apply where processing is necessary for:

  • Compliance with a legal obligation
  • Establishment, exercise, or defense of legal claims

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing if:

  • You contest the accuracy of the data
  • The processing is unlawful and you oppose deletion
  • We no longer need the data, but you require it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability (Art. 20 GDPR)

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format.

You also have the right to transmit that data to another controller where technically feasible.

This right applies only where processing is based on consent or contract and carried out by automated means.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to processing of personal data based on Art. 6(1)(f) GDPR (legitimate interests).

If you object, we will no longer process your data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Where personal data is processed for direct marketing purposes, you have the right to object at any time without providing reasons.

Right to Withdraw Consent (Art. 7(3) GDPR)

If processing is based on your consent, you have the right to withdraw your consent at any time with effect for the future.

Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We do not carry out automated decision-making within the meaning of Art. 22 GDPR.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection law.

The competent supervisory authority for our company is:

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany

However, you may also contact the supervisory authority in your place of residence.

In case of any discrepancies, please contact us at

admin[at]sometech[dot]work

We may request additional information to verify your identity before processing your request.

Requests are handled in accordance with Art. 12 GDPR.