1. Name and Address of the Data Controller

The data controller, within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws, and further data protection regulations, is:

FASTND GmbH
Münchener Straße 31
82049 Pullach i. Isartal
Germany

Represented by: Marcus Venmann
Email: info@fastnd.io
Phone: +49 170 6373541
Commercial Register: HRB 306657

2. General Information on Data Processing

a) Scope of Personal Data Processing

We process our users' personal data primarily only to the extent necessary to provide a functional website, our content, and services. Processing typically occurs only with the user's consent, unless legally permitted otherwise.

b) Legal Basis for Processing

Art. 6 (1) (a) GDPR – Consent; Art. 6 (1) (b) GDPR – Performance of a contract or pre-contractual measures; Art. 6 (1) (f) GDPR – Legitimate interests (e.g., security, website performance, optimization)

c) Data Retention and Erasure

Personal data will be deleted or blocked once the purpose of storage no longer applies. Retention may occur if required by statutory preservation periods (e.g., tax regulations). After these periods expire, the data will be deleted or blocked.

3. Data Security (SSL/TLS Encryption)

Our website utilizes SSL/TLS encryption to securely transmit confidential content and requests. You can identify an encrypted connection by "https://" and the lock symbol in your browser's address bar.

4. Collection of Access Data / Server Log Files

Each time you access our website, specific data is automatically stored in server log files:

• Browser type and version

• Operating system used

• Referrer URL

• Host name of the accessing device

• Time of the server request

• IP address

Purpose: Ensuring system stability, security, and technical operation.

Legal basis: Art. 6 (1) (f) GDPR

Retention period: Max. 7 days, followed by deletion (except in the case of a security-relevant event).

5. Use of Cookies

Our website uses cookies and similar technologies.

a) Types of Cookies

• Technically essential cookies: Required for the core operation of the website.

• Statistics and marketing cookies: Used for analyzing and optimizing our services (e.g., HubSpot tracking).

b) Legal Basis

• Technically essential cookies: Art. 6 (1) (f) GDPR

• All other cookies: Subject to your explicit consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG (German Telecommunications-Telemedia Data Protection Act)

c) Cookie Consent Management

The cookie banner and consent management are managed via HubSpot (HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany).

You can revoke or adjust your consent at any time via the "Cookie Settings" link in the banner.

6. Integration of HubSpot (CRM, Forms, Tracking, Cookie Banner)

We utilize HubSpot as an integrated marketing, sales, and CRM system.

Controller: HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany.

HubSpot operates as a data processor pursuant to Art. 28 GDPR. A corresponding Data Processing Agreement (DPA) has been executed.

a) HubSpot Tracking (Web Analytics & Marketing)

• Scope of Processing: Anonymized/truncated IP address, device properties, pages visited, duration of visit, and referrer URL.

• Purpose: Analyzing website traffic and optimizing our marketing campaigns.

• Legal Basis: Consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG).

• Revocation: Can be revoked at any time via the cookie banner.

b) HubSpot Contact Forms & CRM

• Scope: Name, email address, message, and other user-submitted data.

• Purpose: Processing inquiries and customer relationship management.

• Legal Basis: Art. 6 (1) (b) GDPR; additionally, Art. 6 (1) (a) GDPR if marketing consent is granted.

• Retention Period: For as long as necessary or required by statutory retention obligations.

c) Cookie Banner via HubSpot

The cookie consent tool provided by HubSpot logs your consent state to fulfill accountability obligations under Art. 7 (1) GDPR.

d) Data Transfer to Third Countries (USA)

• Safeguard: Data transfers to HubSpot Inc., USA, are primarily based on the EU–US Data Privacy Framework (DPF), provided HubSpot is certified under this framework, thus ensuring an adequate level of data protection. If the DPF is not applicable in individual cases, EU Standard Contractual Clauses (SCCs) serve as appropriate safeguards under Art. 46 GDPR.

• Risk Warning: There remains a residual risk that US authorities may intercept or access data.

7. Your Rights as a Data Subject

Under the GDPR, you hold the following rights:

• Right of access (Art. 15)

• Right to rectification (Art. 16)

• Right to erasure / "Right to be forgotten" (Art. 17)

• Right to restriction of processing (Art. 18)

• Right to data portability (Art. 20)

• Right to withdraw consent (Art. 7 (3))

• Right to object (Art. 21)

Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR.

If data is processed for direct marketing purposes, you have the right to object to this processing at any time.

To exercise your rights—specifically for access and deletion of your data stored via HubSpot on our systems—please use the following link:

https://na1.hs-data-privacy.com/request/LB3Sya3i9jUSHb0xZWBHDw

8. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

Competent Authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Mailing Address: Postfach 1349, 91504 Ansbach, Germany
Visitor Address: Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de/de/index.html