Privacy Policy – haedge.consulting

As of: March 2026 — This Privacy Policy applies to the website at haedge.consulting and all associated subpages. Supplementary privacy notices will be provided for future app services (unbloc.it^®).

1. Responsible Party

The party responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Company: Haedge Consulting GmbH
Address: Großbeerenstraße 10, 28211 Bremen
P.O. Box: Postfach 10 06 15, 28006 Bremen
Phone: +49 421 408 856 30
Email: info@haedge.consulting
Website: haedge.consulting
Court of registration: AG Bremen · HRB 39352 HB
Managing Director: Florian Haedge

2. Privacy Contact

For questions about data protection and to exercise your rights, please contact:

Address: Haedge Consulting GmbH – Privacy –
Postfach 10 06 15
28006 Bremen
Email: datenschutz@haedge.consulting

A statutory data protection officer is not currently required. This assessment will be reviewed when the processing of sensitive business data through app services begins.

3. What Data Is Processed?

In the course of operating this website, we process the following categories of personal data:

Technical connection data (automatic): IP address, date and time of the request, accessed URL, amount of data transferred, HTTP status code, referrer URL, browser and operating system.
Contact data (upon active submission): name, email address, phone number and the content of your message if you contact us via the contact form or by email.
Technical usage data via external services: when fonts and icon fonts are loaded, the visitor's IP address is transmitted to the respective CDN provider (see section 6).

We do not collect any special categories of personal data within the meaning of Art. 9 GDPR.

4. Server Logfiles

When this website is accessed, our hosting provider automatically stores information in what are known as server log files. These are technically necessary data without which proper operation of the website would not be possible:

IP address of the requesting device (anonymised where applicable)
Date and time of the request
Accessed URL and amount of data transferred
HTTP status code and referrer URL
Name and version of the browser and operating system used

These data are processed exclusively to ensure trouble-free operation and to defend against attacks. They are not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
Retention period: typically 7–30 days, depending on the hosting provider's configuration.

5. Contact Requests

If you contact us via the contact form, by email or by phone, we will process the data you provide (name, email address, phone number, message content) exclusively for the purpose of handling your enquiry.

When you submit the contact form, the data you enter are immediately forwarded to us by email. The content is not stored on the server. Server logs contain only metadata (timestamp, IP address, response code), not the content of the enquiry. The server infrastructure is hosted with Hetzner Online GmbH; a data processing agreement (DPA) is in place.

These data are not passed on to third parties unless this is necessary to process your enquiry or you have expressly consented to it.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

6. External Services (CDN)

Bunny Fonts (Inter font)

This website loads the Inter font via the Bunny Fonts service (BunnyCDN, Bunny Way d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia). Bunny Fonts is an EU-compliant service and does not transmit IP addresses to third countries outside the EU/EEA. No cookies are set and no user profiles are created.

Further information: fonts.bunny.net/about

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent presentation of the website).

Google Material Symbols (icon font)

This website uses the Google Material Symbols service for symbols and icons, provided via the content delivery network of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When the icons are loaded, your IP address is transmitted to Google's servers and thereby transferred to the USA. Google LLC is certified under the EU-US Data Privacy Framework (DPF), so an adequate level of data protection is in place.

If you do not wish data to be transmitted to Google, you can block the display of the icons in your browser using suitable extensions (e.g. a content blocker). The functionality of the website is preserved.

Google Privacy Policy: policies.google.com/privacy

Legal basis: Art. 6(1)(f) GDPR; for transfers to the USA: adequacy decision of the EU Commission on the EU-US Data Privacy Framework (Art. 45 GDPR).

7. Cookies & Tracking

This website uses no first-party cookies and employs no tracking, no web analytics and no remarketing. No user profiles are created, no session data are stored permanently, and no data are processed for advertising purposes.

Only external services (cf. section 6) may give rise to technically necessary connection data, which are required exclusively for delivering the resources.

8. Legal Basis for Processing

Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. Where processing is necessary for the performance of a contract or for pre-contractual measures, Art. 6(1)(b) GDPR serves as the legal basis. Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. Where vital interests require processing, Art. 6(1)(d) GDPR serves as the legal basis. Where processing is necessary to safeguard a legitimate interest and the fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.

9. Data Retention

Personal data are deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond that point may occur if required by statutory provisions. In such cases, deletion takes place after expiry of the respective retention period.

Server log files: typically 7–30 days, depending on the hosting provider's configuration
Contact enquiries: until the enquiry has been finally handled; thereafter until expiry of statutory retention periods (max. 10 years), if a business relationship arises

10. Your Rights as a Data Subject

You have the following rights with regard to the personal data relating to you:

Art. 15 GDPR

Right of access

You may request information about the data we have stored about you.

Art. 16 GDPR

Right to rectification

You may request the rectification of inaccurate data.

Art. 17 GDPR

Right to erasure

You may request the erasure of your data, provided no statutory retention obligations apply.

Art. 18 GDPR

Restriction of processing

You may request the restriction of the processing of your data.

Art. 20 GDPR

Data portability

You may request to receive your data in a machine-readable format.

Art. 21 GDPR

Right to object

You may object at any time to processing based on legitimate interests.

Art. 7(3) GDPR

Withdrawal of consent

You may withdraw consent given at any time with effect for the future.

Art. 22 GDPR

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights, please contact: datenschutz@haedge.consulting

11. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of personal data relating to you violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

The supervisory authority responsible for us is:

Authority: Die Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen (State Commissioner for Data Protection and Freedom of Information of Bremen)
Address: Arndtstraße 1, 27570 Bremerhaven
Phone: +49 421 361-2010
Email: office@datenschutz.bremen.de
Website: www.datenschutz.bremen.de