Privacy Policy

You can adjust your cookie settings at any time:

1. Privacy at a Glance

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

2. Controller

Cloumo GmbH
Wallstr. 10
41061 Mönchengladbach, Germany
Email: info@cloumo.com

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

3. Hosting

Strato

This website is hosted by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. When you visit this website, information is automatically stored in server log files that your browser transmits. These include:

  • Browser type and version
  • Operating system
  • Referrer URL
  • IP address of the accessing device
  • Time of the server request

This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and security of its website. You have the right to object to this processing (Art. 21 GDPR).

Storage duration: Server log files are automatically deleted after 30 days.

Data processing agreement: We have concluded a data processing agreement (DPA) with Strato to ensure GDPR-compliant handling of your data.

4. General Information and Mandatory Disclosures

SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the browser address bar changing from "http://" to "https://" and the lock icon in your browser bar.

Revocation of Consent

Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. An informal email to us is sufficient. The legality of data processing carried out before the revocation remains unaffected.

Right to Lodge a Complaint

In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW).

5. Data Collection on this Website

Cookies

This website uses cookies. We use our own cookie consent banner for cookie management. Your consent preferences are stored locally in your browser. The legal basis is Art. 6 (1) (c) GDPR (legal obligation) for consent management and Art. 6 (1) (a) GDPR (consent) for optional cookies.

Storage duration: The consent cookie is stored in your browser for 12 months. You can adjust your cookie settings at any time using the button at the top of this page or the cookie banner.

Contact Form

When you send us inquiries via the contact form, your details (name, business email address, company name, phone number, message) are stored for processing your request. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in processing your request).

Form submissions are processed via a serverless function on Microsoft Azure (Microsoft Ireland Operations Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Processing takes place on EU servers (West Europe region). Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework (DPF).

The delivery of your message is handled by the email service Postmark (ActiveCampaign LLC, 1 N Dearborn St, Suite 500, Chicago, IL 60602, USA). Postmark processes your email address and name solely for the purpose of email delivery. No further use or storage of your data by Postmark takes place.

Third-country transfer: ActiveCampaign LLC is certified under the EU-U.S. Data Privacy Framework (DPF).

Storage duration: Your inquiry data is deleted once the request has been fully processed and no statutory retention obligations apply, but no later than 6 months. Email content is automatically deleted by Postmark after 45 days.

Server Log Files

The provider of this website (Strato) automatically collects and stores information in server log files that your browser transmits. This data is not merged with other data sources. The legal basis is Art. 6 (1) (f) GDPR.

6. Analytics and Tracking

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie is usually transmitted to a Google server in the USA and stored there.

We use Google Analytics with IP anonymization enabled. Your IP address is truncated by Google within the EU and only in exceptional cases is the full address transmitted to a server in the USA.

The legal basis is Art. 6 (1) (a) GDPR (consent). Google Analytics is only activated after your consent via the cookie banner. You can revoke your consent at any time.

Third-country transfer: Where data is transferred to the USA, this is based on the EU-U.S. Data Privacy Framework (DPF). Google LLC is certified under the DPF.

Storage duration: Google Analytics cookies are automatically deleted after 14 months. Usage data is deleted after 26 months.

PostHog

This website uses PostHog (PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA), a product analytics tool for evaluating user behavior. PostHog records page views, clicks and interactions to improve the user experience. Data is processed on EU servers.

The legal basis is Art. 6 (1) (a) GDPR (consent). PostHog is only activated after your consent via the cookie banner.

Third-country transfer: PostHog Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). Analytics data is processed on EU servers.

Storage duration: PostHog data is automatically deleted after 12 months.

7. Email Communication

Microsoft 365 / Outlook

We use Microsoft 365 (Microsoft Ireland Operations Limited, Gordon House, Barrow Street, Dublin 4, Ireland) with Microsoft Outlook for sending and receiving emails. When you contact us by email or via the contact form, your message is processed and stored on Microsoft servers within the EU.

Data processing takes place within the Microsoft EU Data Boundary. The legal basis is Art. 6 (1) (b) GDPR (performance of contract / pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in efficient communication).

Third-country transfer: Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework (DPF). Processing takes place primarily within the EU Data Boundary.

Right to object: Where processing is based on legitimate interest (Art. 6 (1) (f) GDPR), you have the right to object at any time for reasons relating to your particular situation (Art. 21 GDPR).

Storage duration: Emails are stored for as long as required for the business relationship. Statutory commercial and tax retention periods (6 or 10 years) remain unaffected.

8. Appointment Booking and Video Meetings

Microsoft Bookings / Forms

We use Microsoft Bookings and Microsoft Forms (Microsoft Ireland Operations Limited) for appointment scheduling. When booking, your details (name, email address, phone number if applicable, preferred appointment) are collected and stored in our Microsoft 365 calendar.

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures).

Storage duration: Booking data is stored for the duration of the appointment process and deleted no later than 6 months after the appointment, unless a business relationship is established.

Microsoft Teams

We use Microsoft Teams (Microsoft Ireland Operations Limited) for video meetings and online appointments. When participating in a Teams meeting, technical data (IP address, device information), your name, email address, as well as voice and video data are transmitted and processed in real time. Meeting recordings are only made with the explicit consent of all participants.

Data processing takes place within the Microsoft EU Data Boundary. The legal basis is Art. 6 (1) (b) GDPR (performance of contract) or Art. 6 (1) (f) GDPR (legitimate interest in efficient business communication).

Right to object: Where processing is based on legitimate interest (Art. 6 (1) (f) GDPR), you have the right to object at any time for reasons relating to your particular situation (Art. 21 GDPR).

Storage duration: Voice and video data is only transmitted during the live meeting and is not permanently stored. Chat messages and meeting metadata are deleted after 12 months in accordance with our Microsoft 365 retention policy.

9. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Right to Object under Art. 21 GDPR

Where we process your personal data, you have the right to object to such processing at any time pursuant to Art. 21 GDPR. This applies in particular to processing for the purposes of server log files, contact form processing, email communication and video meetings. If you object, we will no longer process your personal data unless we have legitimate grounds that override your interests.

Please direct your objection to: info@cloumo.com

For these and any other questions regarding data protection, please contact us at: info@cloumo.com

10. Currency and Changes to this Privacy Policy

This privacy policy is currently valid as of March 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.