Privacy Policy
Version 1.2 — effective from April 18, 2026 (legal change: AI transparency per Art. 50 AI Act added)
Controller
Thorsten Ahrens
Zillestr. 75, 51067 Cologne, Germany
Phone: +49 174 6628053
Email: contact@serahr.de
VAT-ID: DE363343172
Data Collection on This Website
This website collects personal data exclusively in the context of contact requests. When communicating via email or the contact form, your data (name, email address, message content) is stored in order to process your enquiry.
Contact Form
When you send us enquiries via the contact form, the data you provide (your email address, your name, the selected topic, and your message) is stored in order to process your request. Your data will not be shared with third parties without your consent.
Legal Basis
Your data is processed on the basis of Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in the efficient handling of enquiries).
Storage Duration
Your contact data will be deleted as soon as it is no longer required for the purpose of processing and no statutory retention obligations apply.
Hosting
This website is hosted externally. Personal data collected on this website (e.g. IP addresses, contact requests) is stored on the servers of the hosting provider. Processing is carried out on the basis of Art. 6(1)(f) GDPR.
Sub-Processors and Third-Party Services
We use the following sub-processors to provide this website:
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website hosting, edge delivery, cookie-free reach analytics (Vercel Analytics) | USA (DPF + SCCs) |
| Resend Inc. | Email delivery (contact form, Legal Monitor notifications) | USA (DPF + SCCs) |
| Hetzner Online GmbH | Server hosting (chatbot widget on serahr.de + SerahrLegalMonitor scanner) | Germany |
| OpenRouter Inc. | AI request intermediation (chatbot + Legal Monitor) | USA (DPF + SCCs) |
| Anthropic PBC | Claude AI language model (sub-processor to OpenRouter) | USA (DPF + SCCs) |
DPF = EU-U.S. Data Privacy Framework (adequacy decision of 10 July 2023)
Additional sub-processors (e.g. Supabase for database/auth, Stripe for payments) are listed in the product-specific privacy policies of individual services (see below).
Data processing agreements pursuant to Art. 28 GDPR are in place with all sub-processors. For US providers the EU-U.S. Data Privacy Framework (DPF, Art. 45 GDPR) applies; Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR are additionally in place.
Vercel Analytics (cookie-free)
This website uses Vercel Analytics — a cookie-free analytics service by Vercel Inc. (USA). Data collected: anonymised IP address (hashed and rotated daily, no traceability to the end user), requested page, referrer, user-agent, access time. No cookies are set, no fingerprinting techniques are used, no user profiles are built. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach analytics for product development). Third-country transfer: USA (DPF + SCCs pursuant to Art. 46(2)(c) GDPR). More info: vercel.com/legal/privacy-policy.
Cookies
This website uses no tracking cookies, no advertising cookies, and no third-party trackers. Technically necessary cookies (e.g. language selection, session cookies on dashboard login) are set on the basis of § 25 para 2 no 2 TDDDG (Telecommunications and Digital Services Data Protection Act, replaced TTDSG on 14.05.2024) without consent — they are strictly necessary for providing the function you have requested.
Chatbot (SerahrChat)
This website uses an AI-powered chatbot (SerahrChat) that answers questions about our products and services. When using the chatbot, the following data is processed:
- Your chat messages
- Your IP address (stored in anonymized form)
- Timestamp of the request
Data is processed on a server hosted by Hetzner Online GmbH (Gunzenhausen, Germany). To generate responses, your questions are forwarded to an AI language service (currently OpenRouter/AI21). No personal data beyond the content of your question is transmitted.
Processing is based on Art. 6(1)(f) GDPR (legitimate interest in efficiently answering customer enquiries). Chat histories are not permanently stored and are not linked to any individual.
AI Transparency (Art. 50 AI Act)
Pursuant to Art. 50(1) and (2) of Regulation (EU) 2024/1689 (AI Act, transparency obligations applicable from 2 August 2026) we explicitly inform you: You are interacting with an AI system. The chatbot's responses are AI-generated content. The demo widget on serahr.de uses a language model from Anthropic PBC (Claude, provided via OpenRouter Inc.).
AI outputs are marked machine-readably (attribute data-ai-generated="true" on widget responses) and are clearly identified as AI-generated via a visible badge in the chat window. You can always reach a human contact at contact@serahr.de.
Disclosure to Law Enforcement
We may be legally required to disclose stored data to law enforcement authorities on the basis of a European Production Order or European Preservation Order pursuant to Regulation (EU) 2023/1543. Such disclosure is made exclusively on the basis of a lawful order and to the extent required by law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).
Your Rights
You have the right to:
- Access your stored data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf.