Privacy Policy
Last updated: April 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:
crosslabs GmbH
Managing Director: Norbert Heinz Rosenwinkel
Heinrich-Böll-Weg 21
30629 Hannover
Germany
Email: info@crosslabs.com
Website: https://crosslabs.de
2. General Information on Data Processing
We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal provisions.
Where we obtain consent from the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. For processing operations necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis.
3. Provision of the Website and Server Log Files
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file
- Website from which the access was made (referrer URL)
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
- Amount of data transferred
- HTTP status code
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
Legal basis
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR (legitimate interest).
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. Storage in log files takes place to ensure the functionality of the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes.
Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of storage of data in log files, this is the case after 30 days at the latest.
Hosting
This website is hosted on a dedicated server in Germany. All data is processed exclusively in Germany.
4. Contact Form
Description and scope of data processing
A contact form is available on our website that can be used for electronic communication. If a user takes advantage of this option, the data entered in the input form is transmitted to us and stored. This data is:
- Name
- Email address
- Message
- Phone number (optional)
At the time of sending the message, the IP address of the user as well as the date and time of submission are also stored. Your consent is obtained for the processing of the data during the submission process, and reference is made to this privacy policy.
Alternatively, contact can be made via the provided email address. In this case, the user's personal data transmitted with the email will be stored.
Legal basis
The legal basis for the processing of data is, with the user's consent, Article 6(1)(a) GDPR. If the contact is aimed at concluding a contract, then Article 6(1)(b) GDPR serves as an additional legal basis.
Purpose of data processing
The processing of personal data from the contact form serves solely to process the contact request.
Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. If a contractual relationship arises from the contact, the data is subject to statutory retention periods.
Possibility of objection and removal
The user has the option of revoking consent to the processing of personal data at any time. The revocation can be sent by email to info@crosslabs.com. All personal data stored in the course of making contact will be deleted in this case.
5. Use of Google Maps
On our contact page, we use the mapping service Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The map is only loaded after your explicit consent. Before your consent, no data is transmitted to Google.
If you agree to the integration, a connection to Google's servers is established. Your IP address, browser information, and the visited page are transmitted to Google. Google may also process your data in the USA. Google has committed to the EU-US Data Privacy Framework (DPF).
The legal basis for data processing is your consent pursuant to Article 6(1)(a) GDPR. You can revoke your consent at any time by reloading the page.
Further information can be found in Google's privacy policy: https://policies.google.com/privacy
6. SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
7. Web Analytics (Umami)
We use Umami on this website, a privacy-friendly open-source web analytics tool. Umami is only loaded if you give your consent via the cookie banner.
Umami does not collect personal data and does not use cookies. Only anonymized, aggregated data is collected, such as page views, time on site, country of origin, and device used. Identifying individual visitors is not possible.
Data is processed on servers of Umami Cloud (Umami Software Inc.). Further information can be found in Umami's privacy policy: https://umami.is/privacy
The legal basis is your consent pursuant to Article 6(1)(a) GDPR. You can revoke your consent at any time by clicking the following button:
8. Cookies
Our website does not use tracking cookies. Only technically necessary storage mechanisms are used (localStorage for theme preference and cookie consent status). No consent is required for technically necessary storage. The legal basis for their use is Article 6(1)(f) GDPR (legitimate interest in the functional provision of the website).
When you first visit the website, a cookie banner appears where you can consent to or decline the use of analytics tools (Umami) and third-party services (Google Maps). Your choice is stored in your browser and respected on future visits.
9. Rights of Data Subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
a) Right of access (Art. 15 GDPR)
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information about the purposes of the processing, the categories of data, the recipients, the planned storage duration, and your further rights.
b) Right to rectification (Art. 16 GDPR)
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete.
c) Right to restriction of processing (Art. 18 GDPR)
Under certain conditions, you may request the restriction of processing of personal data concerning you, in particular if you contest the accuracy of the data, the processing is unlawful, or the controller no longer needs the data.
d) Right to erasure (Art. 17 GDPR)
You may request the controller to erase personal data concerning you without undue delay, where the data is no longer necessary, you withdraw your consent, you object to the processing, or the data has been unlawfully processed.
e) Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
f) Right to object (Art. 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR.
g) Right to withdraw consent (Art. 7(3) GDPR)
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
10. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR).
The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
(The State Commissioner for Data Protection of Lower Saxony)
Prinzenstraße 5
30159 Hannover
Germany
Phone: +49 511 120-4500
Email: poststelle@lfd.niedersachsen.de
Website: https://www.lfd.niedersachsen.de
11. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. Your new visit will then be subject to the new privacy policy.