The controller within the meaning of the GDPR and other data protection provisions is:

Codinental UG (haftungsbeschränkt)

represented by Andrei Ziminov

Auf der Hub 38

76307 Karlsbad, Germany

Phone: +49 (0) 179 5209337

Email: info@codinental.dev

Registered at the local court of Mannheim, HRB 748384, VAT ID DE362260647.

We are not required to appoint a data protection officer under § 38 BDSG, as the statutory thresholds for the appointment obligation are not met.

For data protection enquiries, please contact the controller named above directly at info@codinental.dev.

We only process personal data on one of the legal bases set out below. For each processing activity, this policy states the purpose, the categories of data, the legal basis, the storage period, and, where applicable, the recipients.

Legal bases are in particular Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(c) GDPR (legal obligation), and Art. 6(1)(f) GDPR (legitimate interest).

We only share your data with third parties where this is necessary to perform a contract, where there is a legal obligation, where you have given explicit consent, or where it takes place under a data processing agreement pursuant to Art. 28 GDPR.

Every time you visit our website, our hosting provider automatically records technical information transmitted by your browser. This includes: IP address, date and time of access, page requested, amount of data transferred, HTTP status code, referrer URL, and information on browser, language, and operating system.

Purpose: stable and secure operation of the website, defence against attacks, and troubleshooting.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically sound and secure operation).

Storage period: this data is stored in our hosting provider's logs for a maximum of 30 days and is then deleted or anonymised. It is not merged with other data sources.

In addition, we use the IP address for internal rate limiting on our contact forms. This storage takes place exclusively in the server's memory and lasts no longer than 15 minutes.

We host this website with Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA, with data processing in EU regions where available.

Hosting may involve the processing of personal data (in particular server log data). A data processing agreement pursuant to Art. 28 GDPR is in place with Vercel. Data transfers to the USA are additionally based on the EU Standard Contractual Clauses and on the EU-U.S. Data Privacy Framework, to which Vercel has self-certified.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a professional, performant, and secure operation of the website).

We only use strictly necessary cookies. We do not use tracking, advertising, or analytics cookies.

Cookie used: "codinental_cookie_consent". Purpose: stores your choice on the cookie notice (accepted/declined). Storage period: 180 days. Legal basis: § 25(2) No. 2 TTDSG (strictly necessary, as without this cookie the banner state cannot be persisted) and Art. 6(1)(f) GDPR.

In addition, the language you last selected (DE/EN) may be stored as a strictly necessary language cookie in order to retain your language choice on your next visit. Legal basis: § 25(2) No. 2 TTDSG.

You may prevent cookies from being set or delete existing cookies at any time in your browser settings. In that case, individual features of our website may be limited.

You can send us enquiries via the form on our contact page. We process the data you provide: name, email address, optional company or organisation, optional phone number, your substantive description of the enquiry, and optional information on the time and budget frame.

Purpose: handling your enquiry and communicating with you, in particular to prepare and conduct an initial scoping call.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measure at your request) and Art. 6(1)(f) GDPR (legitimate interest in the efficient handling of enquiries).

Mandatory fields are marked as such in the form (name, email, description). Without them, we cannot reply to your enquiry.

Storage period: we retain your data for as long as is necessary to respond to your enquiry and to handle any follow-up questions, but no longer than six months after final processing of the enquiry. If a contractual relationship is established, statutory retention periods apply (in particular § 257 HGB and § 147 AO, generally six and ten years).

In addition to the standard contact form, we offer a guided multi-step inquiry on the contact page. In addition to your contact details, this processes your selections regarding the type of initiative, the planning stage, and contextual information, as well as your free-text descriptions.

Purpose, legal basis, and storage period correspond to those set out in section 7 (contact form). No analysis or profiling beyond the inquiry itself takes place.

To deliver form submissions to our email address, we use an SMTP service provider. This provider processes your inquiry data as a data processor pursuant to Art. 28 GDPR exclusively for the purpose of email delivery.

Categories of data: the data you have entered in the form and technical transmission data (timestamps, mail headers). Legal basis: Art. 6(1)(b) and (f) GDPR.

Email communication is generally unencrypted. We recommend that you do not send sensitive information by email or that you agree on an encrypted channel with us beforehand.

Our website contains links to our profiles on external platforms such as LinkedIn and Instagram. These are pure HTML links; no social plugins or tracking pixels are embedded. Data is only transmitted to the operators of these platforms when you actively click on the relevant link.

Responsibility for data processing on the linked platforms lies exclusively with their operators. Please consult the relevant privacy notices there.

Fonts are loaded exclusively from our own server. No connection is established to Google Fonts or any other external font service.

Embedded video content (e.g. the background video on the homepage) is served entirely from our own server or our hosting provider. No content is embedded via external video services such as YouTube or Vimeo.

Personal data is only transferred to countries outside the European Economic Area (EEA) within the framework of the hosting set-up described in section 5. Where such a transfer takes place, it is based on appropriate safeguards under Art. 46 GDPR, in particular the EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Your inquiry or contact data is not transferred to third countries.

We take technical and organisational measures to protect your data against loss, manipulation, and unauthorised access. This website is transmitted exclusively via a TLS-encrypted connection (HTTPS).

Access to personal data is restricted to persons who need it to perform their tasks. Our measures are reviewed as required and adapted to the current state of the art.

You have the following rights, provided that the statutory requirements are met:

Right of access (Art. 15 GDPR): you may request information about the personal data we process about you.

Right to rectification (Art. 16 GDPR): you may request the correction of inaccurate or the completion of incomplete data.

Right to erasure (Art. 17 GDPR): you may request the deletion of your data unless a statutory retention obligation prevents it.

Right to restriction of processing (Art. 18 GDPR): you may request that we restrict the processing of your data.

Right to data portability (Art. 20 GDPR): you may request that we provide your data in a structured, commonly used, and machine-readable format or transfer it to another controller.

Right to object (Art. 21 GDPR): you may object at any time to processing based on Art. 6(1)(f) GDPR for reasons arising from your particular situation.

Right to withdraw consent (Art. 7(3) GDPR): you may withdraw any consent given at any time with effect for the future. The lawfulness of processing carried out up to that point remains unaffected.

To exercise your rights, an informal message to info@codinental.dev is sufficient.

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your data infringes the GDPR.

The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, https://www.baden-wuerttemberg.datenschutz.de.

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place on this website.

This privacy policy is dated January 2026. Further development of our website or changes in legal requirements may make it necessary to amend this policy. You can access the current version on this page at any time.