EN DE
Book a 30-minute call

PRIVACY

Privacy policy

How we handle your data.

We are very pleased that you are interested in our company. Data protection is of particularly high importance to the management of evanto media GmbH. Use of the websites of evanto media GmbH is generally possible without providing any personal data. Should a data subject wish to use specific services of our company through our website, processing of personal data may become necessary. Where processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject's consent.

The processing of personal data — for example a data subject's name, address, email address, or phone number — is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data-protection rules applicable to evanto media GmbH. Through this privacy policy our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Data subjects are also informed of their rights under this privacy policy.

As the controller, evanto media GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions can in principle have security gaps, so absolute protection cannot be guaranteed. For this reason every data subject is free to transmit personal data to us via alternative channels — for example by phone.

1. Definitions

This privacy policy of evanto media GmbH uses the terms employed by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy aims to be readable and understandable for the public as well as for our customers and business partners. To ensure this, we explain the terms used in advance.

a) Personal data — any information relating to an identified or identifiable natural person.

b) Data subject — any identified or identifiable natural person whose personal data is processed.

c) Processing — any operation performed on personal data, with or without automated means.

d) Restriction of processing — the marking of stored personal data with the aim of limiting their future processing.

e) Profiling — automated processing to evaluate personal aspects. evanto media GmbH does not carry out profiling.

f) Pseudonymisation — processing in such a manner that the data can no longer be attributed to a specific person without additional information.

g) Controller — the natural or legal person which determines the purposes and means of the processing.

h) Processor — a person or body which processes personal data on behalf of the controller.

i) Recipient — a person or body to which personal data is disclosed.

j) Third party — persons or bodies outside the direct processing relationship.

k) Consent — the data subject's freely given agreement to the processing.

2. Name and address of the controller

evanto media GmbH Brunnstraße 25 93053 Regensburg Germany

Phone: +49 (941) 94592-0 Email: kontakt@evanto.de Website: https://evanto.de

Data Protection Officer: Ute Manschewski Email: datenschutz@evanto.de

3. Cookies and local storage

We use no tracking cookies and no marketing cookies on evanto.de.

We use only technically necessary mechanisms:

  • Session cookie (for the SignalR chat connection) — set only when you actively use the chat, deleted when the browser is closed
  • localStorage:
    • Language preference (DE/EN) — until you change it manually
    • Promotion-strip dismissal — stores the fact that you closed a promo so it doesn't reappear

These mechanisms are technically required and do not need consent under § 25 (2) no. 2 TTDSG.

4. Collection of general data and information (server log files)

The website of evanto media GmbH collects a series of general data and information each time the site is accessed. This data is stored in the server's log files. The information collected may include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages accessed on our site, (5) the date and time of an access, (6) an internet protocol address (IP address), (7) the internet service provider, and (8) other similar data and information serving to defend against attacks.

This information is needed to (1) deliver the contents of our website correctly, (2) optimise the contents of our website, (3) ensure the long-term operability of our IT systems, and (4) provide law-enforcement authorities with the information needed for prosecution in the event of a cyber attack.

This anonymously collected data is evaluated statistically and with the aim of increasing data protection and data security at our company. The anonymous server-log-file data is stored separately from any personal data provided by a data subject.

5. Contact via the website

If a data subject contacts us by email or via a contact form, the personal data transmitted is automatically stored. Such voluntarily submitted personal data is stored for the purposes of processing the request or contacting the data subject.

Storage period: Submissions from the contact form are automatically deleted 12 months after receipt. Earlier deletion is possible at any time on request (kontakt@evanto.de).

Recipients: This personal data is not passed to third parties (except to our processor Brevo for email notifications — see section 7).

6. Plausible Analytics (web analytics)

We use Plausible Analytics, an open-source analytics software, which we run on our own servers in the EU (analytics.evanto.de), for reach measurement.

What is processed: Plausible does not process personal data. No cookies are set. The IP address is used only briefly to generate a hash and is not stored. Only aggregated technical data is recorded (page views, time on page, referrer, browser type, country based on a GeoIP database).

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR) in the statistical analysis of website usage. There is no tracking across multiple websites or sessions.

Processor relationship: none — Plausible runs on our own servers in the EU.

More information: https://plausible.io/privacy-focused-web-analytics

7. Newsletter via Brevo

If you subscribe to our newsletter, your email address and registration date are processed. We use Brevo (formerly Sendinblue), an email-marketing provider based in France.

What is processed: email address, language preference, registration date, double-opt-in confirmation date. Optional: name, if you provide it on registration.

Legal basis: consent (Art. 6 (1) (a) GDPR) via the double-opt-in procedure.

Storage period: until you unsubscribe. You can unsubscribe at any time via the link in every newsletter.

Processor relationship: a contract with Brevo SAS (FR) is in place. Brevo's servers are located in the EU.

More information: https://www.brevo.com/legal/privacypolicy/

8. AI chat (information sidebar)

Our website features an AI-powered information sidebar that answers questions about our content.

What is processed:

  • Your entered questions — passed to our backend for answering
  • Before being passed to the language model (LLM): automatic pseudonymisation of personal data (names, email addresses, phone numbers are replaced by placeholders)
  • Conversation history — only within the current browser session, automatically deleted after 1 hour of inactivity
  • No storage of your questions beyond the browser session

LLM provider: we currently use Anthropic Claude (Anthropic PBC, USA) for answering. Because personal data is pseudonymised before being passed on, no identifiable data reaches the provider.

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR) in providing an efficient information function. You can close the chat at any time without using it.

Third-country transfer: pseudonymised content is sent to Anthropic servers in the USA. Anthropic is certified under the EU-US Data Privacy Framework. Personal data is pseudonymised before transmission, so identification of individual users by Anthropic is technically impossible.

9. Spam protection (captcha API)

To prevent automated requests (spam bots) in the contact form and the newsletter sign-up, we use our own captcha service hosted by us (captcha.evanto.de). No data is transmitted to external captcha providers (e.g. Google reCAPTCHA, Cloudflare Turnstile).

What is processed: a short captcha token to validate the request, a hashed IP address, a timestamp.

Legal basis: legitimate interest (Art. 6 (1) (f) GDPR) in preventing spam.

10. Routine deletion and blocking of personal data

The controller processes and stores the data subject's personal data only for the period necessary to achieve the purpose of storage, or as provided for by the European legislator or another legislator in laws or regulations.

If the storage purpose ceases to apply or a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with statutory requirements.

11. Rights of the data subject

a) Right of confirmation — you have the right to obtain confirmation as to whether personal data concerning you is being processed.

b) Right of access — you have the right to obtain free information about the personal data stored about you, and a copy of that information, at any time.

c) Right of rectification — you have the right to obtain immediate rectification of inaccurate personal data concerning you.

d) Right to erasure ("right to be forgotten") — you have the right to obtain immediate erasure of personal data concerning you where one of the grounds set out in Art. 17 GDPR applies.

e) Right to restriction of processing — you have the right to obtain restriction of processing where one of the conditions set out in Art. 18 GDPR is met.

f) Right to data portability — you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format.

g) Right to object — you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

h) Automated individual decision-making, including profiling — evanto media GmbH does not engage in automated individual decision-making or profiling.

i) Right to withdraw data-protection consent — you have the right to withdraw consent at any time.

To exercise your rights, you can contact our Data Protection Officer Ute Manschewski at any time: datenschutz@evanto.de.

12. Legal basis for processing

Art. 6 (1) (a) GDPR serves our company as a legal basis for processing operations for which we obtain consent. Where processing is necessary for the performance of a contract, it is based on Art. 6 (1) (b) GDPR. Where our company is subject to a legal obligation, processing is based on Art. 6 (1) (c) GDPR. Finally, processing operations may be based on Art. 6 (1) (f) GDPR (legitimate interest).

13. Legitimate interests

Where processing is based on Art. 6 (1) (f) GDPR, our legitimate interest is conducting our business activities for the benefit of our employees and customers.

14. Storage period

The criterion for the duration of personal-data storage is the relevant statutory retention period. After the period expires, the data is routinely deleted unless it is still required for the performance or initiation of a contract.

15. Existence of automated decision-making

As a responsible company, we do not engage in automated decision-making or profiling.

16. Contact

You can reach the Data Protection Officer of evanto media GmbH at datenschutz@evanto.de.

You can reach the Bavarian State Commissioner for Data Protection at https://www.datenschutz-bayern.de.