Privacy Policy
This is a courtesy English translation. The legally binding version is the German original.
We are delighted that you are visiting our website. This policy sets out transparently which personal data arises when you visit this site, for what purpose we process it, and what rights you have in this regard. Personal data means any information relating to you as an identifiable individual.
1. Overview
Who is responsible for processing your data?
The party responsible for the processing described here is Bredo Doppelboden GmbH. Full contact details can be found in section 2.
How do we receive your data?
We receive some of your data directly from you – for example, when you fill in our contact form. Other data arises automatically for technical reasons when you visit the site, because your browser transmits it to our server (for example, information on the device used and the time of access).
What do we use your data for?
Your data is used primarily to ensure the secure and error-free operation of this website, to process your enquiries, and to technically improve our offering. We do not sell your data and only pass it on to third parties in the cases described below.
What rights do you have?
You have extensive rights – in particular to access, rectification, erasure, restriction of processing and objection. A full overview can be found in section 10; for any data protection queries, you can reach us at any time using the contact details given in section 2.
2. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Bredo Doppelboden GmbH
Westring 295
44629 Herne
Managing director: Georg Geiter
Phone: +49 2323 58666
Email: info@bredo-doppelboden.de
As controller, we decide on the purposes and means of processing your personal data. Our full provider information can be found in the Imprint.
3. General principles
Confidential handling of your data
Confidential handling of your data is a matter of course for us. We process personal data exclusively within the framework of statutory requirements and this policy. Please note that the transmission of data over the internet – for example by email – can never be fully protected against access by third parties.
Storage period
Unless we state a more specific period below, we only store your data for as long as is necessary for the respective purpose. We then delete it – or following a legitimate request for erasure, or the withdrawal of consent – unless statutory retention obligations (for example under tax or commercial law) prevent this. In that case, deletion takes place once those obligations end.
Legal bases
Depending on the processing activity, we rely on different legal bases: your consent (Art. 6(1)(a) GDPR), the initiation or performance of a contract (point (b)), a legal obligation (point (c)), or our legitimate interest (point (f)). We state which basis applies in each specific case of processing.
Recipients of your data
To operate the website and process enquiries, we use a small number of external service providers (in particular for hosting and email delivery). We only pass on data to them where this is necessary to perform a contract, where a legal obligation exists (e.g. towards tax authorities), where a legitimate interest supports it, or where you have consented. Service providers who process data on our behalf are bound by a data processing agreement pursuant to Art. 28 GDPR.
Withdrawal of consent given
Where processing is based on your consent, you may withdraw it at any time with effect for the future. The lawfulness of processing carried out up to the withdrawal remains unaffected.
Right to object (Art. 21 GDPR)
Where we process your data on the basis of our legitimate interest (Art. 6(1)(e) or (f) GDPR), you may object to that processing at any time for reasons arising from your particular situation; this also applies to any profiling based on that provision. Following an objection, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
Where processing relates to direct marketing, you may object to it at any time without giving reasons; this includes any profiling connected with such marketing. Following your objection, we will no longer use the data concerned for marketing purposes.
SSL/TLS encryption
To protect your data, this website is encrypted throughout using SSL or TLS technology. You can recognise active encryption by the “https://” in the address bar and the padlock symbol in your browser; content transmitted – such as your enquiries via the contact form – is thereby protected against unauthorised access by third parties.
4. Data collected when visiting the website (server logs)
When your browser accesses this website, it automatically transmits various pieces of information for technical reasons, which our server logs:
– IP address of the requesting device
– Date and time of access
– Name and URL of the file retrieved
– Browser type and version
– Operating system used
– Previously visited page (referrer URL)
We do not store the IP address in plain text: before storage, it is combined with a random value newly generated on every server restart and rendered unrecognisable using SHA-256; we do not store the original IP address on a permanent basis. The resulting value is used solely to prevent misuse (rate limiting) and to ensure operational security. It is not combined with any other data source.
Legal basis: Art. 6(1)(f) GDPR (legitimate
interest in a stable, secure website operation).
Storage period: We keep server logs only for
as long as is necessary to ensure operational security, and
delete them afterwards. Longer retention only takes place
where a security incident requires it.
5. Hosting and technical provision
We have this website hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The servers are located within the European Union (Germany). As part of hosting, the data required to operate the website is processed (see section 4).
Further information can be found in Hetzner's privacy notice.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and reliable provision of our online offering). We have concluded a data processing agreement pursuant to Art. 28 GDPR with the provider, which ensures that our visitors' data is processed only in accordance with our instructions and in compliance with the GDPR.
6. Contact form and enquiries by email or telephone
You can send us enquiries via our contact form. In doing so, we collect the data you provide – name, email address, telephone number, subject or matter, and the message text – and forward it to us by email. We need this information to allocate and respond to your enquiry; without it, we cannot process your request. Providing this information is voluntary. We do not pass it on to third parties without your consent.
Purpose: Processing your enquiry and any
resulting correspondence.
Legal basis: Art. 6(1)(b) GDPR, where your
enquiry serves to initiate or perform a contract; otherwise
Art. 6(1)(f) GDPR (legitimate interest in responding to
enquiries).
Storage period: We delete the data as soon
as it is no longer required for the purpose for which it was
collected. Where a contract is concluded, the statutory
retention periods apply (in particular § 257 HGB, § 147 AO –
up to ten years).
If you contact us directly by email or telephone, the above applies accordingly to the data arising in that context.
Transmission and processing by email (Microsoft 365):
Messages from the contact form and from the newsletter
sign-up (section 7) are delivered to us by email and
processed in our email inbox. For this, we use Microsoft 365
provided by Microsoft Ireland Operations Limited, One
Microsoft Place, South County Business Park, Leopardstown,
Dublin 18, Ireland. We have concluded a data processing
agreement pursuant to Art. 28 GDPR with Microsoft. Processing
in third countries (in particular the USA) cannot be ruled
out; Microsoft is certified under the EU-US Data Privacy
Framework, and the transfer is additionally safeguarded by
the European Commission's Standard Contractual Clauses
(Art. 46 GDPR).
Legal basis: Art. 6(1)(b) or (f) GDPR
(processing your enquiry) as well as our legitimate interest
in reliable, secure email operation (Art. 6(1)(f) GDPR).
7. Newsletter / information sign-up
If you sign up for our information mailings, we collect only your email address. Dispatch is currently carried out manually and on a project-related basis by our team – we do not use an automated newsletter system or an external newsletter service provider.
Legal basis: Art. 6(1)(a) GDPR (consent).
Storage period: until you withdraw your
consent.
Withdrawal: You may withdraw your consent at
any time with effect for the future – informally by email to
info@bredo-doppelboden.de.
8. Reach and performance measurement
To improve the loading speed and stability of our website, we measure anonymous technical metrics (so-called “Web Vitals”). This measurement runs entirely on our own server; there is no transfer to third-party providers and no transfer to third countries. We do not use external analytics or tracking services, advertising pixels or cookies for this purpose.
We collect only the page path visited (without query parameters), technical loading metrics (including Largest Contentful Paint, Cumulative Layout Shift, Interaction to Next Paint, First Contentful Paint, Time to First Byte) and a timestamp. An IP address, user identifiers, user-agent data or any other personal content are neither transmitted nor stored together with these loading metrics.
Legal basis: Art. 6(1)(f) GDPR (legitimate
interest in a fast, stable website). As the measurement is
cookie-free and neither stores nor reads any information on
your device, consent under § 25(1) TDDDG is not required.
The pseudonymised data arising from this is used exclusively
for the technical purposes stated.
Objection: You may object to this
measurement at any time – informally by email to
info@bredo-doppelboden.de
or by blocking the loading of the script using a browser ad
blocker.
8.1 Reach measurement with Umami (self-hosted)
For the statistical evaluation of website usage, we use
the open-source analytics tool Umami.
Umami runs on our own infrastructure
(host t.anscheit.com); there is no
transfer to third-party providers and
no transfer to third countries. Umami
operates cookie-free and does not
permanently store any recognisable identifiers on your
device.
We collect only aggregated usage data: the page visited, the referring page (referrer), campaign origin markers (UTM parameters), browser and device information, screen resolution, browser language, an approximate location derived from the IP address (country/region/city – the IP address itself is not stored) and anonymous interaction events (e.g. clicks on telephone, email and download links, visibility and submission of our forms, scroll depth).
Instead of cookies, Umami generates a short-lived, anonymous session identifier for each visit from a non-reversible hash (based, among other things, on IP address, user agent and a server-side, regularly changing random value). Because of this regular change, recognition beyond the change period is technically excluded.
If you send us an enquiry via a form, we additionally note – as part of the enquiry – the page and the channel of origin (e.g. search engine or campaign) through which you reached us. This helps us to allocate enquiries and improve our offering; this information is processed together with the enquiry in accordance with section 6. For transmission, this origin information is temporarily cached in your browser (session storage) and read out only when the form is submitted; it is automatically deleted again when the tab is closed.
Legal basis: Art. 6(1)(f) GDPR
(legitimate interest in a statistical evaluation to
improve our website). As Umami operates cookie-free and
neither stores nor reads any information on your device,
consent under § 25(1) TDDDG is not required. The data is
stored only for as long as is necessary for the reach
evaluation.
Objection: Activate the “Do Not Track”
(DNT) function in your browser – our Umami script
respects this setting and then refrains from any data
collection. Alternatively, you can block the loading of
the script using a browser ad blocker or object
informally by email to
info@bredo-doppelboden.de.
9. Fonts, cookies and external content
All fonts used on this website (Inter and Urbanist) are served locally from our own server. There is no connection to Google Fonts or other external font services. Likewise, we do not embed any external social media plug-ins or advertising pixels. For reach measurement we exclusively use the self-hosted, cookie-free Umami described in section 8.1; we do not use analytics tools from third-party providers. References to our profiles on LinkedIn and YouTube are pure links – simply visiting our website does not transmit any data to these services.
This website currently sets no cookies – neither for tracking, analytics or marketing purposes, nor technically necessary ones. Protection of our forms against misuse is handled cookie-free. Should a technically necessary cookie become required in future, this will be done on the basis of § 25(2) no. 2 TDDDG (consent-free); we would amend this privacy policy accordingly.
10. Your rights as a data subject
Within the framework of statutory requirements, you have the following rights at all times:
– Access to the data stored about you (Art. 15 GDPR)
– Rectification of inaccurate data (Art. 16 GDPR)
– Erasure of your data (Art. 17 GDPR)
– Restriction of processing (Art. 18 GDPR)
– Data portability (Art. 20 GDPR)
– Objection to processing (Art. 21 GDPR, see section 3)
– Withdrawal of consent given, with effect for the future (Art. 7(3) GDPR)
Please contact us informally at info@bredo-doppelboden.de or at our postal address (see section 2).
11. Right to lodge a complaint with the supervisory authority
Regardless of any other legal remedies, you may lodge a complaint with a data protection supervisory authority (Art. 77 GDPR) – in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement. The authority responsible for us is:
State Commissioner for Data Protection and Freedom of
Information North Rhine-Westphalia (Landesbeauftragte für
Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestraße 2 – 4
40213 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Web: www.ldi.nrw.de
12. No automated decision-making
We do not use automated decision-making in individual cases that produces legal effects concerning you, or similarly significantly affects you (Art. 22 GDPR). The statistical reach measurement described in section 8 serves solely for aggregated evaluation and does not make any decisions affecting you individually.
13. Currency of this privacy policy
This privacy policy is dated 19 June 2026. Further development of our website, or changes to statutory or regulatory requirements, may make an update necessary. The version currently in force is always available on this page.
Last updated: 19 June 2026