Privacy notice

Core Technologies GmbH, Dilldorfer Allee 24, 45257 Essen, Germany. Managing director: Sebastian Voß. Email: impressum@coretechnologies.de. Phone: +49 (201) 85 89 4833.

We are not legally required to appoint a DPO and have not done so. For any privacy question, please contact privacy@coretechnologies.de.

We use the definitions of Art. 4 GDPR (personal data, processing, controller, processor).

Hosting: Amazon Web Services EMEA SARL, region eu-central-1 (Frankfurt), via AWS Amplify Hosting with CloudFront CDN. AWS acts as an EU-based processor under a DPA (Art. 28 GDPR).

Technical logs captured: truncated/pseudonymised IP, date/time, URL, HTTP status and bytes, referrer, user-agent.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in provision and security.
Retention: up to 30 days, then automatic deletion.

We run Plausible Analytics on our own infrastructure inside our AWS account in Frankfurt (ECS Fargate). No third party has access. Core Technologies GmbH is the sole controller.

Plausible uses no cookies, no fingerprinting, and collects no personal data as defined by GDPR. Aggregate, anonymous metrics only: page views, referrer (domain), device/browser/OS, approximate country derived in-memory and immediately discarded.

IP addresses are never stored. No cross-site or cross-session profiling. No consent required and no cookie banner shown (Recital 26 GDPR; § 25(2)(2) TTDSG).

Legal basis: Art. 6(1)(f) GDPR. Retention: aggregate metrics indefinitely; no personal data.

When you contact us by email or via a form, your data (name, email, message) is processed to handle your enquiry. Email delivery via Amazon SES eu-central-1, under a processor agreement.

Legal basis: Art. 6(1)(b) or 6(1)(f) GDPR. Retention: until your enquiry is resolved and any statutory retention periods (§ 147 AO, § 257 HGB) have elapsed.

For discovery calls we use Microsoft Bookings as part of our Microsoft 365 Business tenant. Clicking "Book a call" opens the booking page in a new tab on outlook.office.com; we do not embed the page in an iframe.

Microsoft processes the data you provide (name, email, company, time slot, optional message) to confirm the appointment and sends the confirmation from our @coretechnologies.de domain. Our M365 tenant sits inside the EU (Microsoft EU Data Boundary). Microsoft Ireland Operations Ltd. acts as processor under the Microsoft Products and Services Data Protection Addendum (DPA). Transfers outside the EU generally do not occur; where Microsoft sub-processes do process data outside the EU, the EU Standard Contractual Clauses (Art. 46 GDPR) apply.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient scheduling).

Content is managed in Sanity (EU dataset). Sanity processes no visitor data; pages are served statically from a build artefact.

We use no trackers from Google, Meta, LinkedIn or any advertising network. No consent or advertising cookies.

• Amazon Web Services EMEA SARL (hosting, SES, Frankfurt) — DPA
• Sanity Inc. / Sanity AS (CMS, EU dataset) — DPA
• Microsoft Ireland Operations Ltd. (Microsoft 365, Bookings; EU tenant) — DPA / Microsoft DPA

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21). An informal email to privacy@coretechnologies.de is sufficient.

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf. https://www.ldi.nrw.de

Art. 32 GDPR measures: TLS throughout, access restrictions on production, logging and security monitoring.

We update this notice when data processing changes.