Privacy Policy
This Privacy Policy explains how personal data is processed when you visit the website https://www.thebootcode.io ("Website") or contact us through it. We process personal data only in accordance with the EU General Data Protection Regulation (GDPR/DSGVO) and the German Federal Data Protection Act (BDSG). The Website is directed at businesses; we do not sell online courses and we do not run analytics, advertising or newsletter services on it.
1. Controller
The controller responsible for the processing of personal data on this Website within the meaning of Art. 4(7) GDPR is:
Dr.-Ing. Christian Meurisch R&D Lab
Mühlbachweg 12
D-74889 Sinsheim, Germany
Phone: +49 (0) 7265 499320
Email: info@thebootcode.io
We have not appointed a data protection officer, as we are not legally required to do so.
2. Server Log Data When You Visit the Website
Each time you access the Website, our systems and those of our hosting and CDN providers automatically collect standard technical data that your browser transmits. This includes:
your IP address,
the date and time of the request,
the requested URL and referring URL,
the browser type, browser version and operating system (user agent),
and the amount of data transferred and the HTTP status code.
This data is processed to enable the delivery of the Website, to ensure its stability and security, and to defend against attacks. The legal basis is our legitimate interest in the secure and reliable operation of the Website pursuant to Art. 6(1)(f) GDPR.
Retention: Server and access logs are stored for approximately 7 to 14 days and are then deleted or anonymised, unless a specific incident (for example a security event) requires longer retention until the matter has been resolved.
3. Cookies
This Website uses only technically necessary cookies, if any, that are required for the basic functioning and security of the site. We do not use analytics, tracking or marketing cookies, and we do not build user profiles. For this reason, no cookie-consent banner is required and none is displayed.
4. Contact and Project Inquiry Forms
The Website provides two forms — "Request an estimate" and "Pitch us / Startup" — through which you can submit a business inquiry. When you use one of these forms, we process the data you provide, namely:
your name,
your company name (optional),
your business email address,
your message, and
any PDF document you upload (for example a requirements document or business plan).
We use this data solely to receive, assess and respond to your inquiry and to take any pre-contractual steps you request. The submission is sent to and stored on our own backend, which runs on our hosting and CDN provider's infrastructure (Cloudflare). No third-party form service is involved.
Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures at your request and, where applicable, of a contract) and Art. 6(1)(f) GDPR (our legitimate interest in efficiently handling and documenting business inquiries).
Retention: We delete inquiry data once the inquiry has been settled and no further processing is needed, unless statutory retention obligations require longer storage. In particular, documents that are relevant for tax or commercial-law purposes must be retained for the statutory periods (e.g. under § 257 HGB and § 147 AO, up to 6 or 10 years); such data is restricted from further processing and deleted after these periods expire.
5. Recipients and Processors
We use the following service providers to operate the Website. Where these providers process personal data on our behalf, we have concluded data processing agreements (DPAs) with them pursuant to Art. 28 GDPR and, where applicable, agreed EU Standard Contractual Clauses (SCCs) for any transfers to third countries.
| Provider | Function | Data processed | Location | Legal basis | Provider privacy information |
|---|---|---|---|---|---|
| Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA | Website and backend hosting, CDN, reverse proxy and DNS | Server log data, IP addresses and connection metadata, processed to deliver and secure the Website and to serve static assets, as well as all data submitted through the contact/inquiry forms. DPA/SCCs in place. | Global CDN network; EU data centres are used where possible. | Art. 6(1)(f) GDPR (secure, performant and reliable provision of the Website) | https://www.cloudflare.com/privacypolicy/ |
Beyond the recipients listed above, we do not pass your personal data to third parties unless we are legally obliged to do so or you have expressly consented.
6. Data Transfers to Third Countries
Our Website is hosted and delivered through Cloudflare's global network, with EU data centres used where possible. Where Cloudflare processes data outside the European Economic Area, such transfers are safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 GDPR and, where applicable, additional technical and organisational measures.
7. Data Security (SSL/TLS)
This Website uses SSL/TLS encryption to protect the transmission of data between your browser and our servers. You can recognise an encrypted connection by the "https://" prefix in the address bar and the padlock symbol. We also take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Please note, however, that no method of transmission over the internet is completely secure.
8. Your Rights as a Data Subject
Where we process your personal data, you have the following rights under the GDPR:
Access to your personal data (Art. 15 GDPR);
Rectification of inaccurate or incomplete data (Art. 16 GDPR);
Erasure of your data (Art. 17 GDPR);
Restriction of processing (Art. 18 GDPR);
Data portability (Art. 20 GDPR); and
Objection to processing based on Art. 6(1)(f) GDPR on grounds relating to your particular situation (Art. 21 GDPR).
To exercise any of these rights, please contact us using the details in Section 1. Where processing is based on your consent, you may withdraw that consent at any time with effect for the future; this does not affect the lawfulness of processing carried out before the withdrawal.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR). The authority competent for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de
10. Children
This Website and our services are directed at businesses and not at children. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data, please contact us and we will delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our Website, our services or the applicable legal framework. The version published on this page with the "Last updated" date shown above applies.