Privacy Policy

Date: 28 February 2026

Language and translations: This privacy policy is provided in several languages. The German version is authoritative. Translations are provided solely for the sake of clarity. Mandatory rights under the law of the data subject’s habitual residence remain unaffected.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:
Mark Reinhardt (sole trader)
"Contrima" is a service provided by Mark
Reinhardt Email: info@contrima.com

2. Overview: What data we process and why

We process personal data in order to technically provide, secure and improve this online service (“Contrima”) and to communicate with you.

We process personal data in particular on the following legal bases:

  • Art. 6(1)(b) GDPR (contract / pre-contractual measures),
  • Art. 6(1)(c) GDPR (legal obligation),
  • Art. 6(1)(f) GDPR (legitimate interests, e.g. secure and stable provision, detection of misuse and fraud),
  • Art. 6(1)(a) GDPR (consent, e.g. newsletters or optional cookies/tools).

Where we process data on the basis of consent, you may withdraw your consent at any time with effect for the future.

3. Hosting (AWS, Ireland region)

This website is operated in the AWS Ireland (EU) region. Data generated when accessing the website is processed on the systems of our hosting provider.

Hosting provider (data processor):
Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg ("AWS")

4. Access data / server log files

Every time the website is accessed, the web server automatically processes information in so-called server log files. This may include, in particular: the IP address (or a technically equivalent identifier),

  • IP address (or a technically equivalent identifier),
  • date and time of the request,
  • page/file accessed (URL/path),
  • referrer URL,
  • browser type/version and operating system,
  • status codes/error messages,
  • amount of data transferred.

The purpose of processing is to ensure the technical provision, stability and security of the website (e.g. error analysis, defence against attacks). The legal basis is Article 6(1)(f) of the GDPR (legitimate interest in secure operation).

The log files are only stored for as long as is necessary for the purposes stated, and are subsequently deleted or anonymised, unless further retention is required for evidential purposes (e.g. in the event of security incidents).

5. Encryption (TLS/SSL)

For security reasons, we use transport encryption (TLS/SSL) to protect transmitted content as effectively as possible. Please note that data transmission over the internet may nevertheless be subject to security vulnerabilities.

6. Cookies and similar technologies

Our website may use cookies or similar technologies. We distinguish between:

  • Technically necessary cookies (e.g. session cookies for login/language selection/page navigation),
  • Optional cookies/tools (e.g. analytics/marketing), which are only used with your consent.

Technically necessary cookies are required to provide the website. The legal basis for storing/reading them on end devices is Section 25(2)(2) of the German Telecommunications Data Protection Act (TDDDG); the subsequent processing of personal data is based on Article 6(1)(f) of the GDPR (legitimate interest) or Article 6(1)(b) of the GDPR (if the cookie is necessary for the performance of a contract).

We do not currently use any web analytics or marketing tools (e.g. Google Analytics). Should this change, we will amend the Privacy Policy and – where necessary – obtain consent in advance.

7. User account / Login (where offered)

Where we offer the option to create a user account or log in, we process the data required for this purpose (e.g. email address, login details, technical session data). This processing is carried out to provide the user account, enable login and ensure the security of the system.

The legal basis is generally Article 6(1)(b) of the GDPR (implementation of pre-contractual measures/contract) and Article 6(1)(f) of the GDPR; (security interests, prevention of misuse).

Note: Passwords are not stored in plain text, but are generally stored as a hash value (technical security procedure).

8. Contact

If you contact us by email, we process the data you provide (e.g. name, email address, content of the message), in order to deal with your enquiry.

The legal basis is Article 6(1)(b) of the GDPR (insofar as it concerns (pre-)contractual communication) or Article 6(1)(f) of the GDPR; (general enquiries; legitimate interest in efficient communication).

Contact form: We do not currently provide a contact form. As soon as a contact form becomes available, the data collected there (mandatory/optional fields) will be processed exclusively for the purpose of handling the enquiry. This privacy policy will then be updated if necessary (e.g. if additional services such as spam protection are implemented).

9. Newsletter

We do not currently offer a newsletter. As soon as a newsletter becomes available, we will update this privacy policy and, in doing so, will transparently outline the email service provider (if external), the double opt-in procedure, any performance tracking, and options for unsubscribing.

10. Sending emails via AWS SES

We use Amazon Simple Email Service (AWS SES) to send system and transactional emails (e.g. confirmations, notifications). In particular, the email address, name (where applicable) and technical metadata of the email (e.g. delivery information) are processed.

The legal basis is Article 6(1)(b) of the GDPR (where sending is necessary for the performance of a contract) or Article 6(1)(f) of the GDPR (legitimate interest in reliable email delivery).

11. Recipients / Data processors

We use service providers who process data on our behalf (data processing in accordance with Article 28 of the GDPR). These include, in particular:

  • Amazon Web Services EMEA SARL – hosting / infrastructure (Ireland region),
  • Amazon Web Services (AWS SES) – sending of emails.

12. Transfer to third countries

Where personal data is transferred to countries outside the European Economic Area (EEA) in connection with the use of AWS/AWS SES, this is done only in compliance with the requirements of Articles 44 et seq. of the GDPR (e.g. through appropriate safeguards such as standard contractual clauses and/or recognised certifications).

13. Retention period

We process and store personal data only for as long as is necessary for the respective purposes or as required by law; thereafter, the data is deleted or anonymised.

14. Your rights

Within the framework of the legal requirements, you have the following rights in particular:

  • Right of access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object to processing based on Article 6(1)(f) GDPR (Article 21 GDPR).

15. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement occurred. The competent authority for our registered office is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)
PO Box 10 29
32 70025
Stuttgart Email: poststelle@lfdi.bwl.de
Website: baden-wuerttemberg.datenschutz.de

16. Changes to this Privacy Policy

We may amend this privacy policy if the legal situation, services or data processing practices change. The version published on this page at any given time shall apply.

17. Obligation to provide data

You are generally not obliged to provide personal data when visiting the website for purely informational purposes. If you contact us or (where offered) use a user account, certain details are required in order to process your enquiry or to provide the service.

18. No exclusively automated decision-making

Exclusively automated decision-making, including profiling within the meaning of Article 22 of the GDPR, does not currently take place. Security mechanisms (e.g. automatic detection of unusual access attempts) may result in access being temporarily restricted.

© 2026
All rights reserved.
ContactTerms of UsePrivacy Policy