Free quick analysis

Privacy Policy

Last updated: 26 May 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

dicobis GmbH
Einsteinstraße 59
89077 Ulm (registered office in Ulm, additional location in Dortmund)
Germany

Represented by the managing director: Holger Lüke
Commercial register: HRB 746053, Local Court (Amtsgericht) of Ulm
VAT ID: DE 360 414 817
E-mail: hello@dicobis.com
Phone: +49 (0)731 493 720 0

Data Protection Officer

The appointment of a company data protection officer is not legally required. If you have any questions regarding data protection, please contact dicobis GmbH directly using the contact details provided above.

2. General Information on Data Processing

2.1 Scope of the Processing of Personal Data

As a matter of principle, we only process personal data of our users to the extent necessary to provide a functional website as well as our content and services. The processing regularly takes place only with the consent of the user (Art. 6 (1) lit. a GDPR) or where another legal basis applies (in particular Art. 6 (1) lit. b, c, f GDPR as well as Section 25 TTDSG or its successor provisions).

2.2 Legal Bases

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. For processing necessary for the performance of a contract, Art. 6 (1) lit. b GDPR applies. If the processing is carried out to fulfil a legal obligation, Art. 6 (1) lit. c GDPR serves as the basis. For the protection of legitimate interests, Art. 6 (1) lit. f GDPR is decisive. Section 25 TTDSG applies to the storage of information in the user’s terminal equipment and access thereto.

2.3 Data Erasure and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Longer storage may take place if this has been provided for by the European or national legislator in regulations, laws or other provisions (in particular retention obligations under commercial and tax law).

2.4 Data Transfers to Third Countries

Some of the services we use are operated by providers based in the USA. This may result in transfers of personal data to the USA. The providers are certified under the EU-US Data Privacy Framework or Standard Contractual Clauses (SCC) pursuant to Art. 46 (2) lit. c GDPR are in place as appropriate safeguards. Information on the respective providers can be found in the corresponding sections of this privacy policy.

3. Provision of the Website and Hosting

3.1 Hosting with Netlify

Our website is hosted by Netlify. The provider is Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA (“Netlify”). When you access our website, your requests are delivered directly by Netlify’s servers. In doing so, technically necessary data is collected that is required to provide the website, in particular:

  • IP address of the accessing device
  • Date and time of access
  • Information about the browser and operating system used
  • Referrer URL
  • Amount of data transferred and HTTP status code

The use of Netlify is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in presenting our website as reliably, performantly and securely as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TTDSG.

We have concluded a data processing agreement with Netlify pursuant to Art. 28 GDPR. As Netlify is a US-based provider, personal data is transferred to the USA in the course of hosting. Netlify, Inc. is certified under the EU-US Data Privacy Framework. In addition, Netlify bases the data transfer on Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR as an appropriate data protection safeguard. Further information can be found in Netlify’s privacy policy: https://www.netlify.com/privacy/

3.2 Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

4. Cookies and Comparable Technologies

4.1 General Information on Cookies

Our website uses cookies and comparable technologies (e.g. local storage). Cookies are small text files that are stored on your device. We distinguish between technically necessary cookies, which are required for the operation of the website, and optional cookies (in particular statistics and marketing cookies), which are only set after your express consent.

The legal basis for technically necessary cookies is Section 25 (2) no. 2 TTDSG in conjunction with Art. 6 (1) lit. f GDPR. The legal basis for all optional cookies and tracking technologies is Section 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a GDPR (consent). You may revoke your consent at any time with effect for the future.

4.2 Consent Management with Usercentrics

This website uses the consent management tool “Usercentrics” of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (“Usercentrics”) to obtain, manage and document users’ consents to data protection-relevant processing.

When you access our website, a consent banner is displayed through which you can grant or refuse your consent to certain processing operations. For this purpose, Usercentrics processes the following data:

  • Date and time of the visit
  • Device and browser information (user agent, screen resolution, language)
  • Anonymised IP address
  • Opt-in and opt-out data (consent yes/no per category/service)
  • An anonymised, randomised user ID (consent ID)

The consent data is stored as proof of consent pursuant to Art. 7 (1) GDPR. The legal basis for the use of Usercentrics is Art. 6 (1) lit. c GDPR (compliance with a legal obligation) as well as our legitimate interest in legally compliant management of user consents pursuant to Art. 6 (1) lit. f GDPR.

A data processing agreement pursuant to Art. 28 GDPR is in place with Usercentrics. For further information, please refer to the Usercentrics privacy policy: https://usercentrics.com/privacy-policy/

5. Tag Management

5.1 Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The Google Tag Manager is a technical solution that allows tracking and analysis tags to be managed and integrated into our website.

The Google Tag Manager itself (the tool as such) does not set cookies and does not collect personal data for tracking purposes. However, it enables the triggering of other tags, which in turn may collect data. Services delivered via the Google Tag Manager are only activated after corresponding consent has been granted via our consent management tool.

Technically, when the Tag Manager is accessed, your IP address is transmitted to Google, which is necessary for delivering the script. The legal basis for its use is Art. 6 (1) lit. f GDPR. We have a legitimate interest in fast, secure and efficient integration as well as central management of our website tags.

In the course of its use, data may be transferred to servers of Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework. In addition, we have concluded Standard Contractual Clauses with Google pursuant to Art. 46 (2) lit. c GDPR. Further information:

Google privacy policy: https://policies.google.com/privacy
Google Tag Manager use policy: https://www.google.com/intl/de/tagmanager/use-policy.html

6. Web Analytics

6.1 Google Analytics 4 (GA4)

Subject to your consent, this website uses functions of the web analytics service Google Analytics 4 (“GA4”). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies and comparable recognition technologies that enable an analysis of your use of our website. The information generated by cookies about your use of our website is generally transferred to a Google server in the USA and stored there.

We use Google Analytics 4 exclusively with activated IP anonymisation. The IP address of users is truncated within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.

The following data, among others, may be processed:

  • IP address (anonymised)
  • Pages visited, time spent, click paths
  • Source/referrer, search terms
  • Browser, operating system, device type, screen resolution
  • Approximate location (country/region, derived from the IP address)
  • Pseudonymous user and event identifiers

The legal basis for the data processing is Art. 6 (1) lit. a GDPR and Section 25 (1) TTDSG (consent). You may revoke your consent at any time via the cookie settings of our consent management tool.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework. In addition, Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR are in place. We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.

Retention period: Data stored at Google at user and event level that is linked to cookies, user identifiers or advertising IDs is anonymised or deleted after 14 months. Details:

Google privacy policy: https://policies.google.com/privacy
Google Analytics terms of use: https://marketingplatform.google.com/about/analytics/terms/de/
Browser add-on for deactivation: https://tools.google.com/dlpage/gaoptout?hl=de

7. Online Marketing and Conversion Tracking

7.1 Google Ads with Conversion Tracking

Subject to your consent, we use the online advertising programme “Google Ads” and, within the scope of Google Ads, conversion tracking and remarketing functions. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Ads sets a cookie on your computer (“conversion cookie”) if you have reached our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.

Processed data includes in particular:

  • Click and conversion data (e.g. enquiry form submitted, Calendly appointment booked)
  • Online identifiers (cookies, advertising IDs)
  • IP address
  • Browser, device and operating system information
  • Timestamp and referrer

Based on the information obtained with the conversion cookie, Google creates statistics about the visits to our website. We thereby receive the total number of users who clicked on our ad and which pages of our website they visited. No information is transmitted that would allow users to be personally identified.

The legal basis for the processing is Art. 6 (1) lit. a GDPR and Section 25 (1) TTDSG (consent). You may revoke your consent at any time via the cookie banner.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework. In addition, Standard Contractual Clauses are in place. We have concluded a data processing agreement or an agreement on joint controllership (Art. 26 GDPR) with Google to the extent required.

Google privacy policy: https://policies.google.com/privacy
Google’s information on conversion tracking: https://support.google.com/google-ads/answer/2407785

8. Webmaster and Search Engine Tools

8.1 Bing Webmaster Tools

We use the “Bing Webmaster Tools” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, or Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, to obtain information about the findability of our website in the Bing search engine and to optimise our content for search engines.

The Bing Webmaster Tools are integrated on our website via a verification mechanism (e.g. via a meta tag in the HTML header or a DNS entry). When you visit our website, no separate cookies are set as a result and no client-side tracking takes place. However, Microsoft gains access to publicly available content through the crawling of the website by the Bingbot and may process technical access data (e.g. the IP address of the crawler, the time of access).

Within the Bing Webmaster Tools themselves, Microsoft provides us with aggregated and partly pseudonymised statistical data, e.g. search queries, impressions, clicks, average position in the search results as well as information about pages indexed by Bing.

The legal basis for the use of the Bing Webmaster Tools is Art. 6 (1) lit. f GDPR. We have a legitimate interest in optimising our online presence and in achieving the highest possible visibility of our content in search engines.

Data transfer to the USA: Microsoft Corporation is certified under the EU-US Data Privacy Framework. In addition, Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR are in place. Further information:

Microsoft privacy statement: https://privacy.microsoft.com/de-de/privacystatement
Bing Webmaster Tools – privacy information: https://www.bing.com/webmasters/about

9. Rights of Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7 (3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please use the contact details provided in section 1.

9.1 Right to Object in the Case of Legitimate Interest

Insofar as the processing of your personal data is based on Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so arising from your particular situation.

9.2 Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. The competent authority for dicobis GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg)
Lautenschlagerstraße 20
70173 Stuttgart
https://www.baden-wuerttemberg.datenschutz.de

10. Data Security

We use technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

11. Validity and Amendment of this Privacy Policy

This privacy policy is currently valid and has the status indicated above. Due to the further development of our website and offerings or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.dicobis.com/en/privacy