Privacy Policy

1) Introduction and Contact Data of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is upbyte e.K.
Owner: Riccardo Rabe, Schwastrum 60, 24351 Damp, Germany, Phone: +49 4352 9530000, Email: info@upbyte.de. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e. when you do not register or otherwise submit information to us, we only collect the data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/referral from which you reached the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymised form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to retrospectively check the server log files should concrete indications of unlawful use come to our attention.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to us). You can recognise an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 For hosting our website and displaying the page content, we use a provider that renders its services exclusively on servers within the European Union, either directly or through selected subcontractors.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of data of our site visitors and prohibits unauthorised disclosure to third parties.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) lit. f GDPR. We have concluded a data processing agreement with the provider that ensures the protection of data of our site visitors and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

This website does not set any cookies. Neither technically necessary nor optional cookies are used. No cookie banner is displayed, as none is required.

5) Contact

5.1 WhatsApp Business

We offer you the option of contacting us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp. The WhatsApp link on our website (whatsapp.upbyte.de) redirects you to the servers of Meta/WhatsApp when clicked. This redirect occurs exclusively upon your active user action; no automatic data exchange with Meta takes place as long as you do not click the link.

If you contact us via WhatsApp in connection with a specific transaction (e.g. a placed order), we will store and use the mobile phone number you use on WhatsApp as well as your first and last name, if provided, in accordance with Art. 6 (1) lit. b GDPR for the processing and answering of your enquiry. On the basis of the same legal grounds, we may ask you via WhatsApp to provide additional data (order number, customer number, address, or email address) in order to assign your enquiry to a specific transaction.

If you use our WhatsApp contact for general enquiries (e.g. about our range of services, availability, or our website), we store and use the mobile phone number you use on WhatsApp as well as your first and last name, if provided, in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.

Your data will only be used to answer your enquiry via WhatsApp. No disclosure to third parties takes place.

Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact data of users who have also contacted us via WhatsApp are stored.

This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, upon first use of the app on their device, to the transfer of their WhatsApp phone number from the address books of their chat contacts by accepting the WhatsApp terms of use in accordance with Art. 6 (1) lit. a GDPR. A transfer of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is thus excluded.

For information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your related rights and options for protecting your privacy, please refer to the WhatsApp privacy notice: https://www.whatsapp.com/legal/?eea=1#privacy-policy

In the course of the aforementioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

5.2 In the course of contacting us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your enquiry or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in answering your enquiry pursuant to Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your enquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Web Analytics

This website does not use any web analytics services, tracking, or advertising technologies. No data is transmitted to Google Analytics, Google Tag Manager, Microsoft Clarity, Microsoft Advertising, or comparable services. No retargeting, remarketing, or conversion tracking takes place.

7) Page Functionality

This website does not embed any external plugins or third-party content (such as YouTube videos, social media widgets, or external fonts). All resources required for the operation of the website (fonts, stylesheets, scripts) are loaded locally from our server. No connections to third-party servers are established when the page is loaded.

8) Tools and Miscellaneous

8.1 Lexware Office

For accounting purposes, we use the service of the cloud-based accounting software from the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Strasse 9, 79111 Freiburg, Germany.

The provider processes incoming and outgoing invoices as well as, where applicable, the bank transactions of our company in order to automatically capture invoices, match them to transactions, and create the financial accounting in a semi-automated process.

Insofar as personal data is also processed in this context, processing is carried out on the basis of our legitimate interest in the efficient organisation and documentation of our business processes.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you the following rights of the data subject (rights of access and intervention) vis-a-vis us as the controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective conditions of exercise:

• Right of access pursuant to Art. 15 GDPR;
• Right to rectification pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restriction of processing pursuant to Art. 18 GDPR;
• Right to notification pursuant to Art. 19 GDPR;
• Right to data portability pursuant to Art. 20 GDPR;
• Right to withdraw consent pursuant to Art. 7 (3) GDPR;
• Right to lodge a complaint pursuant to Art. 77 GDPR.

10) Duration of Storage

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and, where applicable, additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of express consent pursuant to Art. 6 (1) lit. a GDPR, the data concerned is stored until you revoke your consent.

If statutory retention periods exist for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided that it is no longer required for the performance or initiation of a contract and/or we have no legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise indicated in the other information in this policy regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Last updated: February 23, 2026