This translation is provided for informational purposes only. In case of doubt, the German version is authoritative.

Privacy policy

Our privacy statement

Preamble

We expressly ask you to send us only necessary personal data by email, fax or phone. We prefer encrypted communication (email according to the GPG/MIME standard). If you have any questions, please contact us.

We do not pass on your data to third parties. If passing on data is necessary to fulfil an order, we will obtain your consent beforehand.

When you visit our website schlittermann.de:
- We do not request personal data and do not require registration.
- We do not use advertising services.
- There is no statistics, analysis or monitoring of visitor traffic.
- There are no links to social networks.
- You will not find a link from a third-party payment processor (PayPal, etc.).
- Our website does not use cookies, and we do not process any cookies that your browser may send to us unsolicited.
- The web server logs record the following information about your visit: browser type and version, client operating system, the website from which you accessed our site (referrer), timestamp, client IP address, and requested URL. This information is used to ensure the technical operation of our web presence.
- Session cookies are used when logging in to our ticket system. You will be informed of this when submitting your login credentials.

For your business relationship with us, your personal data is required and processed in the following cases:
- When submitting a quote: your name, your address or the address of your company, your email address and telephone number (or the details of the partner receiving the quote), hereinafter referred to as communication data.
- For order confirmation and invoicing we require communication data and the VAT ID of the invoice recipient.
- For contracts we require the communication data of the contracting party.
- For SEPA direct debit authorisations: your bank and account details.
- When executing your order or following up on it: your communication data and, depending on the order, the access credentials to the relevant subject matter.
- The tools used by our employees (e.g. email clients) may be capable of extracting email addresses from incoming messages. These address data are stored exclusively in the employee's local address book or used for auto-completion when entering addresses.
- The telephone system stores call information (timestamp, caller's telephone number, duration of the call).
- The telephone system has a phone book in which we may store your telephone number together with an identification feature (name, company, customer number) to stay in contact with you.
- Personal equipment used by our employees (phone, PC, laptop) is subject to the same standards for secure storage and scope of stored data. When an employee leaves our company, all personal data that they have obtained in the course of their work will be deleted.

We point out that we are obliged to retain all invoices for 10 years as accounting documents. These invoices may also contain personal data (communication data). All other documents are retained only for the duration of our business relationship. Paper quotes for potential customers are destroyed after one year.

Privacy and procedure for applications:
Application documents may be sent by post, email or fax. The applicant's documents are either stored (email) or filed (fax or letter) in compliance with statutory requirements. The personal data will either be used for an employment contract or destroyed 6 months after the response. Applications rejected by our mail system as spam (not accepted) are exempt from this procedure.

We recommend that you contact us before submitting an application; only then can we ensure that your application is handled in compliance with applicable law.

Training
If personal data is collected in the context of training courses (e.g. seminar evaluations), our trainers will inform you when handing over the collection forms about how the data will be used.

Administration and maintenance of your systems
Our employees are informed how they must handle personal data in the course of their administrative work. Our employees are contractually bound to maintain confidentiality.

In the course of our work it cannot be excluded that our employees may become aware of data requiring protection. Such data is transmitted to our systems only as screen content and is therefore not permanently stored.

Access credentials for all systems we maintain are stored on the employees' personal encrypted storage media. Remote access is carried out exclusively via SSH/VPN with key-based authentication. Exceptions to this are only permitted at the express request of the customer.

Your data in our services

Mail hosting
Emails remain in our system (mailbox) until they are deleted by the user themselves (POP3: delete, IMAP: expunge). During their retention in the mailbox, authorised persons and our employees may access the contents of these emails. For end-to-end encrypted emails, only metadata (headers) are exposed to this access.

If you send emails via us, please read the next section on mail forwarding.

Our systems record the following data in connection with mail hosting: timestamp, client IP address, username, statistical parameters of the IMAP/POP3 connection, information about transport encryption used (TLS/SSL). Logs are stored for up to 30 days. Logs are not transmitted to third parties.

Mail forwarding
Emails forwarded via us remain in our system until they have been forwarded to the next server. The following are logged: timestamp, IP address of the next host, username and client IP address (for mail submission), information about transport encryption used (TLS/SSL), sender, recipient, subject and forwarding status. Logs are retained for 365 days.

In the case of content-related rejections, headers are also logged. For cause-related troubleshooting by our employees, significantly more detailed logs may be created temporarily. These will be deleted once the cause no longer exists.

Logs are not transmitted to third parties.

Email addresses and email contents are only transmitted to third parties (or other technical systems) when necessary in the context of service delivery (mail transport).

Our mail system uses SSL/TLS transport encryption where the communication partner supports it.

For spam detection, fingerprints/hash values of emails or fingerprints/hash values of metadata are transmitted to external service providers.

Websites
All content (static files as well as database content), images, HTML, scripts and programmes of websites are uploaded and edited exclusively by the customer. Content responsibility for database content and web content lies exclusively with the customers.

It is the customer's own responsibility to ensure the protection of data in a shared hosting environment. Each web space operates under its own user ID; protection against other users is possible (file permissions: rw------- or 0600).

The following are logged during upload: timestamp, client IP address, username. The following are logged during web access: browser type and version, client operating system, referrer, timestamp, client IP address, requested URL. These logs are retained for 365 days.

Cloud storage
Customers are responsible for the content of provided cloud storage. Depending on the software used, application logs and/or general web server access logs may be generated.

Customer servers
Customers are responsible for the content of provided customer servers (physical hosts or virtual machines). We do not create logs.

Certificates
To issue SSL certificates we require the information to be certified (e.g. personal name or domain name). This data may be transmitted to external service providers. To verify the certification request, these external service providers may request other personal data. We will then obtain your consent.

Domain management
To register a domain we require, depending on the top-level domain, personal data of the domain holder in order to secure the holder's rights to the domain. For many top-level domains the data collected is: full address, email address and telephone number of the owner. We transmit the required data on a case-by-case basis via encrypted connections to the respective registrar's portal. Depending on the registrar, this data may be fully or partially retrievable via publicly accessible online services such as "whois".

This data is also stored on our systems to serve as proof of the holder's intent in the event of a dispute. We do not pass this data on.

We register almost all domains with joker.com. You can find out more about their privacy policies directly on their website. We are happy to inform you about the exact registrar of your domain and to find a current link to the registry's privacy policies for you.

Your rights and responsibilities as a domain holder can be found on the website of the organisation ICANN (Internet Corporation for Assigned Names and Numbers): https://www.icann.org/en/resources/registrars/registrant-rights/educational

Video conferencing BigBlueButton
BigBlueButton is a video conferencing platform built from open-source components. It uses the open WebRTC protocol for transmitting audio and video data. The data (presentations, audio and video) is transmitted encrypted. Conference participants do not need to disclose private data in order to take part in a conference. Recording of the conference is possible. The conference server is currently configured without a backup.

We host the conference platform on servers in Germany. Access to these servers is restricted to our administrators.

Conferences can only be recorded, deleted, viewed or published by the owners of the conference room. Our administrators also have access to the recordings.

Technical data and data formats for recorded conferences can be found on the BigBlueButton website, currently at https://docs.bigbluebutton.org/dev/recording.html.

Rocket.Chat
The open-source chat platform enables our customers to contact our technicians via the schlittermann.de website. The Rocket.Chat server retains the login data (name, email address and selected topic) and the conversation in text form. The Rocket.Chat server is administered by us and hosted on a server in Germany.

Use of AI tools
We use AI-assisted tools (e.g. large language models) internally for development and support activities. We currently use Anthropic Claude (claude.ai). These tools are used exclusively for internal workflows. No personal data of our customers is transmitted to these systems. We use exclusively paid team or enterprise subscriptions from the respective providers, which guarantee GDPR-compliant processing. Anthropic's privacy policy can be found at anthropic.com/legal/privacy.

Location of our servers
The on-site company systems are physically located in Dresden. All information about systems in data centres is in the section "Concept of technical and organisational measures for data security".

Our secondary DNS server is physically located in Hamburg. No personal data is stored on this DNS server.

Our secondary mail server (fallback MX) for incoming mail is located in Hamburg. If the Dresden servers are unreachable, your emails may be temporarily stored there.

General
Data deleted by users or at customers' request from the primary systems may have a longer retention period in backups. For technical reasons, deletion of individual records from backups is not provided for.

All advisory services and technician deployments relating to data protection measures can be invoiced at the standard hourly rates.

This privacy policy was prepared independently for the purpose of the GDPR (General Data Protection Regulation). Errors excepted. Comments please to [mailto:info@schlittermann.de].

 

Concept of technical and organisational measures for data security

It is noted that the exact type(s) of personal data of the customer/client located on our systems are stated in a data processing agreement.

Since the end of November 2019, our data and our customers' data have been in different physical locations than before. Unless otherwise agreed, this data is on servers of the data centre of Netcup. Information about the physical locations of the machines and the data protection rules can be found on the website netcup.de and in the Netcup privacy policy.

For servers located in the DSI Dresden data centre, the information on www.dsi.net applies.

The security measures listed below marked with * are only effective in connection with sensitive data located at our company premises.

1/ Physical access to our systems (*):
1a/ Technical measures: manual locking system, video-monitored entrances
1b/ Organisational measures: key register, visitors accompanied by employees

2/ System access control:
2a/ Technical measures: individual usernames, login with username and password, SSH login with name and key, anti-virus software, firewall, VPN for remote access, encryption of storage media and smartphones and laptops and tablets, automatic desktop lock
2b/ Management of user permissions, general data protection and security policy

2.1/ Home office, performing professional duties outside the workplace:
2.1a/ Technical measures: local login with username and password, SSH login with name and key, anti-virus software, firewall, VPN for remote access, encryption of local storage media and smartphones and laptops and tablets, automatic desktop lock
2.1b/ Organisational measures: written home office agreements, strictly necessary data transfer exclusively via encrypted media (hardware and/or network), security-conscious placement of input and output devices in the work area (e.g. video conferencing with headset), clean desk policy

3/ Data access control on our systems:
3a/ Technical measures: log files on the systems, document shredder (*)
3b/ Organisational measures: minimum number of administrators, management of user rights by administrators

4/ Separation of our systems
4a/ Technical measures: physical separation (database/storage media)
4b/ Organisational measures: definition of database permissions

5/ Pseudonymisation and encryption of our systems:
All data is encrypted.

6/ Integrity in the systems:
6a/ Technical measures: activity logs in log files, email encryption, use of VPN, provision via encrypted connections such as SFTP and HTTPS, use of signature procedures
6b/ Organisational measures: secure connections are preferred

7/ Availability and resilience of our systems:
7a/ Technical measures (*): fire extinguishers in corridor areas
7b/ Organisational measures: backup & recovery concept, regular data restoration tests and documentation of results

8/ Procedures for regular review, assessment and evaluation of our systems:
8a/ Technical measures: central documentation of all data protection procedures and regulations, accessible to employees (wiki)
8b/ Organisational measures: employees instructed and bound to confidentiality and data secrecy, regular awareness training for employees

9/ Incident response management
9a/ Use of firewall / spam filter / virus scanner and regular updates
9b/ Attention to secure connections, encryption and backup concept in accordance with technical conditions and standards
9c/ Ticket system (where available in the event of an incident)

10/ Privacy by default:
Only personal data that is necessary for the respective purpose is collected; preference for privacy-friendly technology during procurement

 

(Version 20260209)

schlittermann.de    KEYS: GnuPG  |  SSH  |  X509 || Linux User Group Dresden

67908ca · 2026-05-26 09:14:04 +0200 · Heiko Schlittermann (HS12-RIPE)

The live chat button uses necessary cookies. By using our website, you agree to their use.  Accept