Legal
Privacy Policy
Information on the processing of personal data under the GDPR and TDDDG (as of 2026). This statement is no substitute for individual legal advice.
1. Controller
The controller within the meaning of the GDPR is:
ONEflow GmbH, Sieglestraße 33 G, 70469 Stuttgart, represented by the managing director Christian Hirschmann, email: c.hirschmann@one-flow.de.
2. General information & legal bases
We process personal data only to the extent necessary. The legal bases are, in particular, Art. 6(1)(a) (consent), (b) (contract/pre-contractual measures) and (f) (legitimate interest) GDPR.
3. Hosting
This website is hosted by Hostinger International Ltd. with the server location within the European Union. A data processing agreement is in place with the provider (Art. 28 GDPR). When the page is accessed, technically necessary server log files (e.g. IP address, date/time, requested resource, volume of data transferred, user agent) are processed; the legal basis is Art. 6(1)(f) GDPR (secure, stable operation). Storage period: as a rule 7 days; longer storage only takes place in the event of security-relevant incidents until final clarification.
4. Fonts (self-hosted)
We use fonts that are served locally from our own server. The font files are embedded when the website is built and are self-hosted; at runtime there is no connection to third-party servers (in particular no Google Fonts CDN). No personal data is transferred to third parties for this purpose.
5. Cookies
We use exclusively technically necessary cookies that are required for the operation of the website; a consent banner is not required for these (Section 25(2) TDDDG). No marketing or tracking cookies are used.
6. Contact form
When you contact us via the contact form, we process the data you provide (name, organisation, email address, telephone number where applicable, and your message) in order to handle your enquiry. Legal basis: Art. 6(1)(b) and (f) GDPR. The transmission is encrypted (TLS). The data is sent to us by email and stored until your enquiry has been finally dealt with, but for no longer than 6 months; statutory retention obligations remain unaffected.
7. Contact by email / messenger
When you contact us by email, we process your details in order to handle the enquiry (Art. 6(1)(b)/(f) GDPR).
WhatsApp: This optional channel is operated by Meta Platforms Ireland Ltd.; this may involve a transfer of data to third countries (USA). We only use it if you actively contact us through it. If you do not wish this, please use the contact form or email.
8. Recipients / processors
Data is only passed on to processors on the basis of Art. 28 GDPR or where legally permitted or required. Currently, the hosting provider (Hostinger International Ltd.) is used, through which the contact form messages are also sent. No transfer to any other third parties takes place.
9. Your rights
You have the right of access (Art. 15), to rectification (Art. 16), to erasure (Art. 17), to restriction of processing (Art. 18), to data portability (Art. 20) and to object (Art. 21), as well as the right to withdraw any consent given at any time (Art. 7(3)). You have the right to lodge a complaint with a supervisory authority (Art. 77). The supervisory authority responsible for us is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI Baden-Württemberg), Lautenschlagerstraße 20, 70173 Stuttgart.
10. Status of this policy
Last updated: June 2026. We will amend this policy as soon as the data processing or the legal situation changes.