Privacy Policy

Voluntarily Provided Data (Consent): You may voluntarily provide us with data. We process this data based on your consent (Art. 6 para. 1 lit. a GDPR) for marketing purposes such as sending offers, marketing brochures, and newsletters in paper and electronic form, as well as reference to existing or former business relationships.

Required Data (Contract Fulfillment): Certain data is required for contract fulfillment and pre-contractual measures (Art. 6 para. 1 lit. b GDPR). Without this data, we cannot conclude or fulfill a contract with you.

Withdrawal: You may withdraw your consent for marketing purposes at any time. Contact: info@chromulus.com

This website uses cookies and similar technologies. These are small text files stored on your device when you visit a website.

Some of our service providers are based in the USA. The European Commission has determined that the USA does not provide an adequate level of protection. Data transfers are based on the following mechanisms:

Legal Basis:

• EU-US Data Privacy Framework (DPF): To the extent the service provider is certified under it, transfers are based on the DPF (European Commission Adequacy Decision of 10.07.2023).
• Standard Contractual Clauses (SCC): For non-certified providers, we use EU standard contractual clauses (Art. 46 para. 2 lit. c GDPR) combined with additional technical and organizational safeguards.

Affected Service Providers:

• Netlify, Inc. - Web hosting, CDN (legal basis to be verified)
• Google Ireland Limited - Google Tag Manager & Analytics (DPF or SCC)
• Microsoft Corporation - Microsoft 365 (DPF or SCC)
• Dropbox, Inc. - Data storage, optional (SCC)

You have the right to request further information about safeguards. Contact: info@chromulus.com

When you submit a web form on this website, we collect the data entered in the form fields to process your request (receipt, care, documentation).

Processing & Data Processing Agreement: Forms are processed via Netlify Forms. File uploads are processed via Netlify Functions. Netlify is a processor (DPA per Art. 28 GDPR). For internal processing, we use Microsoft 365 (also with DPA) and optionally Dropbox. Data is only shared as necessary for technical processing.

This website uses Google Tag Manager (Google Ireland Limited) to manage tracking tools. Through Google Tag Manager, we integrate Google Analytics to analyze website usage.

Collected Data: Browser, network, device, IP address, referrer URLs, usage data (clicks, pages visited, scroll behavior, timestamps).

Purpose: Website usage analysis, performance optimization, and visitor understanding in anonymized or pseudonymized form.

Legal Basis: Exclusively your explicit consent (Art. 6 para. 1 lit. a GDPR) via cookie banner. GTM and Google Analytics are only loaded after active consent - there is no cookie wall or pre-selection.

Data Processor & Data Processing Agreement (DPA): Google Ireland Limited (GTM, Google Analytics) - with data processing agreement per Art. 28 GDPR.

Privacy: Google Privacy Policy.

This website is hosted on Netlify, Inc. (USA) infrastructure. Netlify processes technical data when the site is accessed (browser, IP address, device type, pages accessed) for website delivery, security, and CDN functionality.

Legal Basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR) - technical necessity for website operation and security. Data may be analyzed in anonymized form.

Data Processing Agreement: Netlify is a processor with data processing agreement per Art. 28 GDPR.