Privacy Policy.
Your Security.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

2. General Information

The protection of personal data is a paramount concern for us. We process your data exclusively within the framework of legal provisions (GDPR, BDSG, TTDSG).

Personal data is any information relating to an identified or identifiable natural person. We only collect data that is technically required for providing our website and responding to your inquiries.

3. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you submit to us cannot be read by third parties.

4. Hosting

Our website is hosted by the following provider:

Vercel is a provider for hosting web applications. When you access our website, Vercel automatically captures information required for technical operation (server log files).

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our online services).

Data Transfer to Third Countries: Vercel may process data in the USA. Data transfer is based on EU Standard Contractual Clauses. Further information can be found in Vercel's privacy policy: https://vercel.com/legal/privacy-policy

5. Access Data / Server Log Files

When accessing our website, the hosting provider automatically stores information in so-called server log files. This includes:

• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• IP address (anonymized)
• Time of server request

This data is technically necessary to display the website and ensure stability and security. No merging with other data sources takes place.

Retention Period: Log files are automatically deleted after a maximum of 30 days.

6. Fonts (Locally Hosted)

This website uses the fonts "Inter" and "Playfair Display" from Google Fonts. However, the fonts are not loaded from Google servers, but are hosted locally on our server (self-hosting via Next.js Font Optimization).

Therefore, no connection to Google servers is made when loading the fonts and no personal data is transmitted to Google.

7. Contact

If you contact us via email, telephone or contact form, the data you provide (your email address, your name if applicable, company and your telephone number) will be processed by us in order to answer your inquiry.

Data Processed via Contact Form:

• Name
• Company
• Email address
• Phone number (optional)
• Subject of inquiry
• Message content

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our online services).

Retention Period: We delete the data arising in this context after storage is no longer required (usually after completion of communication), or restrict processing if legal retention obligations exist.

7a. Email Dispatch (Contact Form)

We use an external service provider for sending emails via our contact form:

Data Processed via Contact Form: Name, company, email address, telephone number if applicable, subject and message content.

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our online services).

Data Transfer to Third Countries: Resend processes data on servers in the EU (Frankfurt). Data transfer to Resend as a US company is based on EU Standard Contractual Clauses (SCCs).

Further information can be found in Resend's privacy policy: https://resend.com/legal/privacy-policy

8. Contact via WhatsApp

We offer you the opportunity to contact us via the WhatsApp messaging service. WhatsApp is operated by:

Data Processed via Contact Form: If you contact us via WhatsApp, the following data will be processed:

• Your mobile phone number
• Message content (text, possibly images or documents)
• Profile information (name, profile picture, if shared)
• Communication timestamps

Encryption: WhatsApp uses end-to-end encryption for messages. This means that only you and we can read the content of the messages. Even WhatsApp/Meta itself has no access to the content.

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our online services).

Data Transfer to Third Countries: Meta Platforms may transfer data to the USA. Data transfer is based on EU Standard Contractual Clauses (SCCs).

Retention Period: We store the communication as long as necessary for processing your inquiry or as long as legal retention obligations exist.

Further information can be found in the privacy policy of WhatsApp/Meta: https://www.whatsapp.com/legal/privacy-policy

9. Web Analytics (Google Analytics 4)

We use Google Analytics 4 (GA4) to analyze the use of our website and continuously improve our services.

Consent-First Principle: Google Analytics 4 is only loaded after your explicit consent. Without your consent via our cookie consent banner, no tracking scripts are loaded and no analytics data are collected.

Functionality:

• On first visit, a cookie consent banner appears with two equal options: “Accept” and “Decline”
• Google Analytics 4 is only activated when “Accept” is clicked
• No tracking data is collected when “Decline” is clicked
• Your decision is stored locally in your browser (localStorage, key: ‘cookie-consent’)
• You can revoke your consent at any time by deleting browser data or in browser settings

Data Processed via Contact Form: IP address (anonymized), page views, time on site, browser information, device used (desktop/mobile).

IP Anonymization: IP anonymization is activated by default in Google Analytics 4.

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our online services).

Data Transfer to Third Countries: Google may transfer data to the USA. Data transfer is based on EU Standard Contractual Clauses (SCCs).

Further information can be found in Google's privacy policy: https://policies.google.com/privacy

9a. Cookie Consent System

We use a self-developed cookie consent system that works without external service providers. Your consent is stored exclusively locally in your browser and is not transmitted to third parties.

Functionality:

• On first visit, a consent banner appears with two equal options
• “Accept” activates Google Analytics 4 for website usage analysis
• “Decline” loads only technically necessary components
• Your decision is stored locally in your browser (localStorage, key: ‘cookie-consent’)
• No use of third-party tools such as CookieBot, OneTrust or similar services

Privacy: Your consent decision is stored exclusively locally. No personal data is transmitted to third parties to manage your consent.

Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation to obtain consent in accordance with TTDSG and ePrivacy Directive).

9b. Rate Limiting (Upstash)

To protect against abuse of our contact form, we use Upstash Redis for rate limiting. This prevents automated spam requests and protects our infrastructure.

Data Processed via Contact Form: IP address (hashed), timestamps of requests. No user profiles are created.

Purpose: Exclusively technical abuse prevention. The data is not used for marketing, tracking or other purposes.

Retention Period: Temporary for the duration of the rate limiting window (typically 60 seconds).

Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in protecting our technical infrastructure from abuse).

Further information can be found in Upstash's privacy policy: https://upstash.com/trust/privacy

10. Your Rights

You have the following rights with regard to personal data concerning you:

• Access (Art. 15 GDPR): You may request information about your data processed by us.
• Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
• Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no legal retention obligations exist.
• Restriction (Art. 18 GDPR): You may request the restriction of processing of your data.
• Objection (Art. 21 GDPR): You may object to the processing of your data.
• Data Portability (Art. 20 GDPR): You may request that we provide your data in a structured, commonly used format.

To exercise your rights, please contact: kontakt@sharma-ds.de

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The competent supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information.