Privacy Policy

I. General Information

This Privacy Policy provides information about the processing of personal data when you use our online presence. It applies to our website, www.idiomatic-cat.de, as well as to our profiles on social media platforms.

Personal data means any information relating to an identified or identifiable natural person, including, but not limited to, a person's name, postal address, email address, IP address, or user behaviour.

The terms used in this Privacy Policy, such as "processing", "controller", and "data subject", have the meanings assigned to them in Article 4 of the General Data Protection Regulation (GDPR). In particular:

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural, or social identity (Article 4(1) GDPR).

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. This includes, in particular, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data (Article 4(2) GDPR).

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or joint with others, determines the purposes and means of the processing of personal data (Article 4(7) GDPR).

"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (Article 4(8) GDPR).

In particular, the terms "processing" and "personal data" are interpreted very broadly under the GDPR and therefore cover virtually any handling of personal data.

II. Who Is the Data Controller?

The controller responsible for the processing of your personal data is:

Idiomatic CAT
Theodor-Körner-Str. 13
69214 Eppelheim
Germany

Telephone: +49 179 4202952
Email: impressum@idiomatic-cat.de

III. How Can You Contact Our Data Protection Officer?

We are not legally required to appoint a Data Protection Officer.

If you have any questions regarding the processing of your personal data, you are welcome to contact us at any time using the contact details provided above.

IV. Who Is Affected by the Processing of Personal Data?

If you visit our website as a prospective customer, customer, service provider, or any other visitor, your personal data will be processed in accordance with the applicable statutory provisions and this Privacy Policy.

For the purposes of this Privacy Policy, all visitors to our website are collectively referred to as "users."

V. What Data Do We Collect, for What Purposes, and on What Legal Basis Do We Process It?

When you visit our website without registering or otherwise providing us with information, we process only the personal data that your browser automatically transmits to our server. To the best of our knowledge, this includes, in particular, the following information, which is technically necessary to display our website and to ensure its stability and security:

  • IP address of the requesting device

  • Date and time of the request

  • Name and URL of the requested file

  • Access status / HTTP status code

  • Amount of data transferred

  • Website from which the request originated (referrer URL)

  • Browser type and version

  • Operating system

The processing of this data in so-called log files is necessary to display our website and to ensure its stability and security.

If you voluntarily provide us with additional personal data—for example, by sending an email or using our contact form—we also process, depending on the information you provide, the following categories of data:

  • Master data (e.g. name, postal address)

  • Contact data (e.g. email address, telephone number)

  • Content data (e.g. text entries, photographs, videos)

  • Usage data (e.g. websites visited, access times)

  • Communication and metadata (e.g. device information, IP addresses)

Where necessary for the performance of a contract, customer support, customer relationship management, or marketing activities, we may also process the following personal data:

  • Contract data (e.g. subject matter of the contract, contract term, customer number)

  • Payment data (e.g. bank account details, payment history)

We process your personal data for the following purposes:

  • Providing the functions and content of our online services;

  • Ensuring a smooth connection to our website;

  • Ensuring convenient use of our website;

  • Monitoring and maintaining the security and stability of our systems and implementing general security measures;

  • Responding to enquiries and communicating with you;

  • Administrative purposes;

  • Performing contractual obligations;

  • Providing customer support.

Unless a specific legal basis is stated elsewhere in this Privacy Policy, the following legal bases apply to our processing activities:

  • Article 6(1)(a) GDPR and Article 7 GDPR where processing is based on your consent;

  • Article 6(1)(b) GDPR where processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract, including responding to enquiries;

  • Article 6(1)(c) GDPR where processing is necessary for compliance with a legal obligation;

  • Article 6(1)(d) GDPR where processing is necessary to protect the vital interests of the data subject or another natural person;

  • Article 6(1)(f) GDPR where processing is necessary for the purposes of our legitimate interests. Our legitimate interests arise from the processing purposes described above.

Where, in the course of processing your personal data, we disclose such data to third parties, transfer it to them, or otherwise grant them access, this is done only where permitted by law, where you have given your consent, where we are legally obliged to do so, or where processing is based on our legitimate interests.

A legal basis for disclosure exists in particular where the transfer of data is necessary for the performance of contractual obligations (for example, to payment service providers or shipping providers).

A legitimate interest may also exist where personal data is processed for direct marketing purposes, fraud prevention, or where you are one of our customers. Legitimate interests may likewise arise from the use of web hosting providers, email hosting providers, cloud service providers, or similar service providers.

Such service providers generally act as processors on the basis of a data processing agreement. They are contractually obliged to comply with applicable data protection legislation. The legal basis for such processing arrangements is (Art. 8 GDPR).

VI. To Whom Do We Disclose Your Personal Data?

We regularly work with the following categories of recipients in particular:

  • Banking institutions

  • E-Mail hosting providers

  • Web hosting providers

We carefully select our external service providers.

Where personal data is processed on our behalf (processing by a processor pursuant to Article 28 GDPR), such providers are contractually bound by our instructions and are subject to regular monitoring.

Where we act as joint controllers within the meaning of (Article 26 GDPR), the respective processing is governed by appropriate contractual arrangements. Further information can be found in the descriptions of the individual services below.

VII. Is Your Personal Data Transferred Outside the European Union?

Your personal data will be transferred to third countries (i.e. countries outside the European Union or the European Economic Area) or to international organisations only in exceptional cases.

Further information is provided in the descriptions of the individual services below.

Where we process your personal data in a third country, or where such processing is carried out on our behalf by third parties, this will only take place where:

  • it is necessary for the performance of a contract or pre-contractual measures;

  • you have given your consent;

  • we are legally obliged to do so; or

  • the processing is based on our legitimate interests.

Personal data will only be processed in a third country where the requirements of (Art. 44 et seq. GDPR) are fulfilled, unless another statutory or contractual exemption applies.

This means, for example, that processing will take place only where appropriate safeguards have been implemented, such as:

  • an adequacy decision adopted by the European Commission confirming an adequate level of data protection; or

  • the use of recognised contractual safeguards, in particular the European Commission's Standard Contractual Clauses (SCCs).

VIII. How Long Do We Retain Your Personal Data?

The retention period for your personal data is determined primarily by the applicable statutory retention periods (for example, under commercial or tax law).

Unless otherwise stated in this Privacy Policy, personal data will routinely be deleted once any applicable statutory retention period has expired, provided that:

  • the data is no longer required for the performance or initiation of a contract;

  • we no longer have a legitimate interest in retaining the data; and

  • you have not consented to a longer retention period.

In Germany, statutory retention periods exist in particular under the following legislation:

  • Commercial law: six, eight or ten years, depending on the type of document, in accordance with Section 257(4) of the German Commercial Code (Handelsgesetzbuch – HGB) (e.g. opening balance sheets, annual financial statements, accounting records and similar documents);

  • Tax law: ten years for all tax-related records;

  • Employment law: six months for documents relating to unsuccessful job applicants.


IX. What Are Your Rights?

With regard to the processing of your personal data, you have the following rights:

  • Right of access (Article 15 GDPR): You have the right to obtain information about the personal data we process concerning you. In particular, you may request information regarding the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of rights to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of the data where it was not collected directly from you, and the existence of automated decision-making, including profiling, together with meaningful information about the logic involved.

  • Right to rectification (Article 16 GDPR): You have the right to request without undue delay the correction of inaccurate personal data concerning you or the completion of incomplete personal data stored by us.

  • Right to erasure (Article 17 GDPR): You have the right to request the deletion of your personal data stored by us, unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.

  • Right to restriction of processing (Article 18 GDPR): You have the right to request restriction of the processing of your personal data where you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer require the data but you need it for the establishment, exercise, or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR.

  • Right to data portability (Article 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller.

  • Right not to be subject to automated decision-making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

  • Right to object (Article 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you where such processing is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions.

  • Right to withdraw consent (Article 7(3) GDPR): You have the right to withdraw any consent previously given to us at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, but it will prevent us from continuing such processing in the future.

The final three rights are explained in more detail below.

X. When and How Can You Object to the Processing of Your Personal Data?

Where your personal data is processed on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR, or for the purposes of direct marketing or profiling, you have the right to object to such processing at any time.

In that event, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defence of legal claims.

However, the right to object applies only where there are grounds relating to your particular situation, unless the objection concerns processing for direct marketing purposes.

Where your personal data is processed for direct marketing purposes, you have an absolute right to object, which we will implement without requiring any justification.

To exercise your right to object, simply contact us using the contact details provided above.

XI. When and How Can You Withdraw Your Consent?

You may withdraw any consent you have given to us at any time.

Withdrawal of consent will result in us no longer processing your personal data on the basis of that consent for the future.

To exercise your right to withdraw consent, simply contact us using the contact details provided above.

XII. With Whom Can You Lodge a Complaint?

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a competent data protection supervisory authority.

A list of the German data protection supervisory authorities can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

XIII. When and Why Is the Provision of Your Personal Data Required?

When you use our contact form or contact us by email, you provide us with personal data such as your name, postal address, or email address.

In some cases, the provision of personal data is required by law (for example, under tax legislation). It may also be necessary in order to take steps prior to entering into a contract or to perform a contract.

Failure to provide the required personal data may result in our being unable to conclude a contract with you or respond to your enquiry.

For the performance of a contract, pre-contractual measures, or communication with us, the provision of the following data is mandatory:

  • First and last name

  • Postal address

  • Email address

  • Customer information, where applicable (e.g. customer number)

  • Text entered by you

  • Telephone number, where applicable (e.g. for follow-up questions or responding to customer enquiries)

Unless otherwise stated in this Privacy Policy, the provision of all other information is voluntary.

XIV. Do We Carry Out Automated Decision-Making (Including Profiling)?

We do not carry out automated decision-making, including profiling, within the meaning of the GDPR.

XV. How Can You Contact Us?

You may contact us by post, telephone, or email using the contact details provided above.

If you contact us—for example, by email or via our contact form—we automatically store the personal data you voluntarily provide for the purpose of processing your enquiry and communicating with you.

Your personal data will not be disclosed to third parties in connection with your enquiry.

XVI. How Do We Protect Our Website?

Taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of personal data.

We have also established internal procedures to ensure compliance with data subjects' rights, the deletion of personal data, and the appropriate handling of personal data breaches.

Furthermore, we observe the principles of data protection by design and data protection by default in accordance with Article 25 GDPR.

For security reasons and to protect the transmission of personal data and other confidential information, our website uses SSL/TLS encryption.

You can recognise a secure connection by the presence of "https://" in your browser's address bar instead of "http://", together with the padlock icon displayed by your browser.

XVII. What Are Cookies and How Do We Use Them?

Our website uses cookies, which are small text files that are stored by your browser on your device.

Session cookies (also referred to as temporary cookies) are automatically deleted when you close your browser. These cookies store a unique identifier (the session ID) that enables your device to be recognised when you return to our website. They may, for example, store the contents of a shopping cart or your login status. Session cookies are deleted when you log out or close your browser.

Persistent cookies remain stored on your device for a specified period and are automatically deleted once that period expires. The retention period depends on the individual cookie. Persistent cookies may, for example, be used to collect statistical information, support marketing activities, or remember your login status for future visits.

A distinction is also made between first-party cookies, which are set by the website operator, and third-party cookies, which are placed by external providers.

You may delete cookies at any time through your browser settings or configure your browser to reject third-party cookies.

If you wish to object generally to the use of cookies for online marketing purposes, you may do so through services such as:

Please note that disabling cookies may prevent certain functions of our website from operating correctly.

Our website may use both temporary and persistent cookies, as well as first-party and third-party cookies. For example, cookies may be used to recognise you during future visits if you have created a user account with us, so that you do not need to log in each time you visit.

Further information about the cookies we use is provided elsewhere in this Privacy Policy.

We currently use cookies that are:

  • technically necessary for the operation of our website; and

  • designed to help display advertising tailored to your interests (marketing cookies).

The legal basis for the use of technically necessary cookies is Article 6(1)(f) GDPR.

Where cookies are not technically necessary, we obtain your consent before using them pursuant to Article 6(1)(a) GDPR.

XVIII. What About Our Social Media Profiles?

We maintain profiles on the social media platforms listed below in order to communicate with users active on those platforms and to provide information about our services.

When you access the respective social media platforms, the terms and conditions and privacy policies of the respective platform operators apply.

Unless otherwise stated in this Privacy Policy, we process users' personal data only where they interact with us through our social media profiles, for example by posting comments on our pages or sending us messages.

Our social media profiles:

  • LinkedIn

Contact

Email

Phone

info@idiomatic-cat.de

+1-555-123-4567

© 2026. All rights reserved.

Discord

idiomatic-cat