Data privacy notice

Please read this privacy notice carefully. You will be informed about the processing of your personal data and your rights.

1. General information

This privacy notice informs you about how, to what extent, for what purpose and on what legal basis we or a third-party provider process your personal data when using this website or services and functions available through this website. The processing of your personal data is strictly in accordance with the provisions of the General Data Protection Regulation (GDPR) and other relevant data protection regulations. Furthermore, we are committed to the confidentiality of your personal data and apply very high standards to our data protection measures.

1.1 The data controller

Pursuing to Article 4 (7) GDPR and national data protection laws, the data controller is:
Sascha Wilms
Spittastraße 1
10317 Berlin
Telephone: +49 (0)30 23 59 89 770
E-mail: info@vital-data-protect.com

For requests of information, the exercise of your rights and other questions regarding the processing of your personal data, you can send an informal e-mail to the address given above.

1.2 How do I collect your data?

On the one hand, your data is collected when you transmit it to us. For example, data that you enter into the contact form and then submit it. Other data is collected automatically by the IT-systems when you visit this website or use functions of it. This is mainly technical data (e.g. IP address, internet browser, operating system or time of page view). Back to the example: when you click the submit button of the contact form, additional data might be stored in the server-logs.

1.3 What do I use your data for?

Some of the data is collected to ensure the error-free rendering of my website. Other data may be used to analyse your user behaviour: the tracking of your behaviour is as restrictive as possible and does not allow any inferences about you as a person; nor is any of this data aggregated with data from other sources (that is what the online marketing companies, including the social media networks, do). The data collected is anonymised and aggregated in order to see which sites were frequented the most, for how long, etc. More on that further down in this privacy notice.

2. Your rights

You as the ‘data subject’ have the following rights with regard to the processing of your personal data (not only when visiting this website: these are universal rights granted to you by the GDPR).

2.1 Withdrawal of your consent

Many data processing operations are only lawful with your expressed consent. If you have expressed your consent, you are always eligible to withdraw it at any time. To do so, an informal e-mail expressing your withdrawal is sufficient. (This execution applies to all of your rights mentioned in this section.) The lawfulness of the data processing carried out until the withdrawal remains unaffected thereof.

2.2 Right to access

You have the right to be informed whether we process personal data of yours; and in case that this is true, you have the right to being informed about:
  • the purposes of that processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients of your personal data;
  • the storage period.

2.3 Right to rectification and erasure

You have the right to obtain the rectification of inaccurate personal data concerning you, as well as the erasure of this data (unless other laws restrict the deletion of mentioned data). Rectification and erasure must happen immediately, i.e. without undue delay.

2.4 Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data, in the following cases:

  • If you contest the accuracy of your personal data stored, for the duration of the verification of this data.
  • If the processing of your personal data is unlawfully, and you oppose erasure of this data.
  • If we no longer need your personal data for processing, but you need this data to exercise, defend or assert legal claims.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, and the objection is pending.


By the way: we have to communicate to you any rectification or erasure of your personal data or restriction of processing carried out.

2.5 Right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

However: since we do not offer any logins or accounts, there will most likely be no use case for that data portability here.

2.6 Right to object

You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time.

2.7 Right to complaint to the supervisory authority

In case you consider that the processing of your personal data violates the principles and rules of the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority for the data processing of this website and company is Berlin Commissioner for Data Protection and Freedom of Information. You can submit your complaint following the link: https://www.datenschutz-berlin.de/buergerinnen/ihre-beschwerde-bei-uns

By the way, you can always submit your complaint to any EU supervisory authority. 

3. Data processing operations

This section deals with the operations in which your personal data is processed, including the purposes of the processing, the legal basis and if you have the right to object.

3.1 Website hosting

This website is hosted by a hosting provider. Your personal data collected when rendering this website to you is processed on the hosting provider’s servers. This may include, but is not limited to: IP address, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated when visiting this website.

The use of the hosting provider’s service lies in our legitimate interest in a secure, fast and efficient rendering of our website. Hence, the legal basis for this processing is Article 6 (1) lit. f GDPR (‘legitimate interest’). The hosting provider will process your personal data insofar as this is necessary for the fulfilment of its service obligations as governed by the mutual contract between us and the processor, in accordance with Article 28 GDPR. There is no possibility of objection to this data processing (else, you have to leave this website now).

3.2 Server log files

The hosting provider automatically processes the following data in the so-called server log files:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

This data is not merged with data from other sources. The legitimacy of the processing of this data is based on Article 6 (1) lit. f GDPR “legitimate interest”: we have a legitimate interest in the technically error-free rendering and secure transmission of our website. For this purpose, the server log files must be collected.

3.3 Cookies

Our website does not use cookies – therefore, no (annoying) cookie consent banner 😉

3.4 Contact form

If you submit an enquiry via the contact form, this personal data will be processed based on your expressed consent in accordance with Article 6 (1) lit. a GDPR. If your request is related to a contract or is necessary for pre-contractual arrangements, the processing of your personal data is based on Article 6 (1) lit. b GDPR. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us, hence Article 6 (1) lit. f GDPR.

The data that you enter submit via the contact form will remain with us until you request to delete it, revoke your consent to process it, or the purpose for processing the data no longer applies (e.g. when your enquiry has been closed). Mandatory legal provisions remain unaffected.

3.5 Enquiry by e-mail, telephone or fax

If you contact us directly by e-mail, telephone or fax, your enquiry including all personal data resulting from it will be processed for the purpose of processing your request. Article 6 p(1) lit. b GDPR applies, if your request is related to a contract or is necessary for the implementation of pre-contractual arrangements. In all other cases, the lawfulness of that processing is based on your consent (Article 6 (1) lit. a GDPR) and/or on our legitimate interest (Article 6 (1) lit. f GDPR). The data you enter in the contact form will remain with us until you request to delete it, revoke your consent to process it, or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been closed). Mandatory legal provisions remain unaffected.

3.6 User tracking

This website uses Matomo (formerly Piwik), an open source software, provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand for statistical analysis of website visitors. Matomo is set up in a data protection-friendly manner that requires no cookies. Furthermore, your IP address is anonymised and only after then processed for statistics. Your user ID is pseudonymised with a hash function. The raw data in the database is deleted after 180 days.
The processing of this data is based on our legitimate interest based on Article 6 (1) lit. f GDPR. You do not have the option to object this processing.

4 Social media

In the following sections we inform you which of your personal data is processed when you visit our social media profiles.

4.1 General information about social media and processing of personal data

We have no influence on the extent to which the providers of social media platforms process your personal data. If you visit these platforms, cookies are usually set that record your user behaviour for advertising purposes and market research analyses. The user profiles obtained in this way can be used to display personalised advertising to you. This data processing also affects users who are not logged into the platform they visit.

The platform providers must comply with the requirements of the GDPR. Under certain circumstances (rather often), your data may be processed outside the European Union, which may make it more difficult to enforce your rights. Detailed information on data processing in connection with the use of these social media platforms, your objection rights, as well as your right to access can be found in the data protection declarations of the respective platform providers.

Together with the platform providers of the social media, we are still jointly responsible for the processing of your personal data, pursuant to Article 26 GDPR. We process your data in the case of contact requests that you send via our social media accounts. The legal basis here lies in our legitimate interest (Article 6 (1) lit. f GDPR). In the case of a contract initiation or a contract conclusion, this processing is based on Article 6 (1) lit. b GDPR.

Furthermore, depending on the functional scope of the platforms, we may view user statistics. Again, we also have no influence on what personal data the providers collect and make available to us as statistics. The legal basis again lies in our legitimate interest (Article 6 (1) lit. f GDPR).

In the following, we will go into more detail for different social media platforms.

4.2 XING

By clicking on the XING logo on this website, a new browser window will take you to our XING profile, an information service provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

When you visit our XING profile, the provider collects among other things your IP address and other information, and sets cookies on your device. The collected data is processed by the provider in accordance with the requirements of the GDPR and used for the purposes of ensuring security, providing the service, measuring success and optimising advertising, as well as determining statistical parameters.

Before entering XING’s website or service, you will be prompted to acknowledge their TOC and privacy notice. Their data policy is available following this link: https://privacy.xing.comom/de/datenschutzerklaerung

4.3 Linkedin

By clicking on the Linkedin logo on our website, a new browser window will take you to our Linkedin profile, an information service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When you visit our Linkedin profile, the provider collects among other things your IP address and other information, and sets cookies on your terminal device. The collected data is processed by the provider in accordance with the requirements of the GDPR and used for the purposes of ensuring security, providing the service, measuring success and optimising advertising, as well as determining statistical parameters.

The data collected about you in this context will also be transferred by Linkedin Unlimited to countries outside the European Union. Linkedin Unlimited uses this data from for its own purposes. To what extent activities are assigned to individual users, how long they store this data and whether data is passed on to third parties, is not conclusive and clear, and is not known to us.   

Their data policy is available at the following link: https://de.linkedin.com/legal/privacy-policy?

5. Definitions

Last but not least, a few important definitions in the context of data protection and the GDPR.

5.1 Personal data

Any information relating to an identified or identifiable natural person (also referred to as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address) or one or more special characteristics.

5.2 Processing

Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

5.3 Controller

The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

5.4 Processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

5.5 Recipient

A natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party.

5.6 Third Party

A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

5.7 Consent

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.