Privacy Policy

§ 1 Data Controller

The data controller within the meaning of the GDPR is:

Premiobad GmbH Sp. z o.o.
ul. Sienna 9
70-542 Szczecin
Poland

Phone: +49 151 42346010
Email: info@premiobad.de
Privacy contact: datenschutz@premiobad.de

Authorized Managing Director: Lothar Arens

KRS Number: 0001199153
Tax Number (NIP): 8513338949
VAT ID: PL8513338949
REGON: 542957735

§ 2 General Information

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the GDPR and this privacy policy.

§ 3 Your Rights

You have the right at any time to:

• Access your personal data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Erase your data (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Object to processing (Art. 21 GDPR)
• Data portability (Art. 20 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)
• Withdraw consent at any time (Art. 7 (3) GDPR)

§ 4 Hosting

Our website is hosted by an external service provider:

Strato AG
Otto-Ostrowski-Straße 7
10249 Berlin
Germany

When you visit our website, technical data (e.g. IP address, date and time of access, browser type, operating system, referrer URL) is automatically collected by Strato and stored in server log files.

The use of Strato is based on our legitimate interest in providing our website reliably, securely, and quickly (Art. 6 (1) (f) GDPR).

We have concluded a Data Processing Agreement with Strato in accordance with Art. 28 GDPR. This ensures that Strato processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR. Data processing takes place exclusively on servers located within the European Union.

Strato Privacy Policy: https://www.strato.de/datenschutz/

§ 5 Server Log Files

When you visit our website, the server automatically records:

• IP address (anonymized)
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
Storage period: 7 days.

§ 6 Cookies and Consent Management

We use cookies. We use the Cookiebot consent tool (Cybot A/S, Denmark) to obtain and document your consent.

Necessary cookies are set without consent (Art. 6 (1) (f) GDPR). All other cookies require your explicit consent (Art. 6 (1) (a) GDPR).

You can withdraw your consent at any time via the "Cookie Settings" link in the footer.

§ 7 Contact Form

Data submitted via the contact form or email will be processed to handle your inquiry.

Data collected: name, email, phone, address (if provided), message content.

Legal basis: Art. 6 (1) (b) and (a) GDPR.
Storage period: until your inquiry is resolved, subject to mandatory retention obligations.

§ 7a Communication via WhatsApp

We offer the option to contact us via WhatsApp. WhatsApp is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (parent company: Meta Platforms Inc., USA).

When you contact us via WhatsApp, your message, name, and phone number are transmitted to us. WhatsApp also collects metadata (e.g., IP address, device type, timestamps) which is processed on Meta servers in the USA.

Third-country transfer notice: By using WhatsApp, your data is transferred to Meta Platforms Inc. in the USA. The USA has an adequacy decision from the EU Commission (EU-US Data Privacy Framework). However, there is a risk that US authorities may access your data.

Legal basis: Art. 6 (1) (a) GDPR (your explicit consent by actively contacting us via WhatsApp).

WhatsApp Privacy Policy: https://www.whatsapp.com/legal/privacy-policy-eea

§ 8 Analytics Tools

8.1 Google Analytics

Provider: Google Ireland Limited, Dublin, Ireland (parent: Google LLC, USA)

Purpose: web analytics
Storage period: up to 14 months
Legal basis: Art. 6 (1) (a) GDPR (consent)
Third-country transfer: USA – based on EU-US Data Privacy Framework and Standard Contractual Clauses.

§ 9 Marketing and Tracking Tools

9.1 Google Ads / Conversion Tracking – Google Ireland Ltd.
9.2 Meta Pixel (Facebook) – Meta Platforms Ireland Ltd.
9.3 LinkedIn Insight Tag – LinkedIn Ireland Unlimited Company

All based on your consent (Art. 6 (1) (a) GDPR), data transferred to USA.

§ 10 External Media

10.1 YouTube – extended privacy mode, two-click loading
10.2 Google Maps – map display
10.3 Instagram – content embeds
10.4 TikTok – TikTok Technology Limited, Dublin (parent: ByteDance Ltd., China). Data transfer to USA and China – no EU adequacy decision. Processing based on your explicit consent (Art. 49 (1) (a) GDPR).

§ 11 Google Fonts (Locally Hosted)

Google Fonts are hosted locally on our server. NO connection to Google servers takes place.

§ 12 Third-Country Transfer

Some services process data in the USA or China. These countries do not provide a level of data protection comparable to the EU. Data transfer is based on your explicit consent (Art. 49 (1) (a) GDPR).

§ 13 Data Security

We use SSL/TLS encryption. You can recognize an encrypted connection by "https://" in your browser's address bar.

§ 14 Changes to This Privacy Policy

We reserve the right to amend this privacy policy to reflect current legal requirements or changes to our services.