4. SSL/TLS encryption

To protect your data during transmission, we use state-of-the-art encryption (e.g. SSL/TLS) via HTTPS.

5. Erasure and storage of data

We adhere to the principles of data minimisation. We store personal data only as long as necessary for the purposes stated here or as required by statutory retention periods. Once the purpose ceases to apply or such periods expire, the data will be blocked or deleted in accordance with legal requirements.

6. YouTube (embedded videos)

We may embed videos from the YouTube platform (provider: Google Ireland Limited, Ireland; where applicable Google LLC, USA). When an embedded video loads, YouTube receives at least your IP address and technical metadata to deliver the content to your device. Non-essential content is only loaded after your consent; loading is controlled via the consent tool described in Section 3 “Cookies & Consent Management”. A transfer of data to third countries (in particular the USA) is possible; such transfers are based on appropriate safeguards (e.g. EU Standard Contractual Clauses or applicable adequacy mechanisms).
Legal basis: Art. 6(1)(a) GDPR (consent), which you can withdraw or adjust at any time via the cookie settings. Details on provider, purpose, categories and storage periods can be found in the cookie declaration in Section 3.

Note: Pure links to YouTube (without embedding) result in data processing by YouTube only when you open the linked page; the provider’s privacy policy then applies.

7. Google Maps (embedded map)

We may embed map content from Google Maps (provider: Google Ireland Limited, Ireland; where applicable Google LLC, USA). When an embedded map loads, Google receives at least your IP address and technical metadata to deliver the content. Non-essential content is only loaded after your consent; loading is controlled via the consent tool described in Section 3 “Cookies & Consent Management”. A transfer of data to third countries (in particular the USA) is possible; such transfers are based on appropriate safeguards (e.g. EU Standard Contractual Clauses or applicable adequacy mechanisms).
Legal basis: Art. 6(1)(a) GDPR (consent), which you can withdraw or adjust at any time via the cookie settings. Details on provider, purpose, categories and storage periods can be found in the cookie declaration in Section 3.

Note: Pure links to maps.google.com lead to data processing by Google only when you open the linked page; the provider’s privacy policy then applies.

8. Hotjar (behavioural analytics and user feedback)

We use Hotjar (Hotjar Ltd., Malta) for behavioural analytics and to conduct user surveys or feedback widgets. Depending on usage, we process technical usage data (e.g. pages viewed, clicks/scrolling, mouse/touch interactions, screen size/device data, language settings, approximate location), truncated IP addresses and pseudonymised user IDs, as well as any content you voluntarily enter in surveys/feedback forms. The analysis helps us improve user experience, content and functionality of our website and our services.

Legal basis: Art. 6(1)(a) GDPR (consent). Non-essential cookies/identifiers are set only after consent; you can withdraw or adjust consent at any time via the cookie settings. Details of Hotjar cookies (names, purposes, storage periods, categories) are shown in the cookie declaration in Section 3.

Recipients/third countries: Processing takes place within the EU/EEA; individual sub-processors or support access may involve transfers to third countries (e.g. USA). Such transfers are safeguarded by appropriate guarantees, in particular EU Standard Contractual Clauses.
Storage: Usage data and survey/feedback content are stored only as long as necessary for the purposes stated, then deleted or—where possible—anonymised/aggregated.

9. Dealfront/Leadfeeder (B2B web analytics and company identification)

We use Dealfront/Leadfeeder to evaluate page visits in a B2B context and to identify which companies (not individual persons) have visited our website (B2B reverse IP look-up). Depending on usage, technical data are processed (e.g. pages visited, timestamps, truncated IP addresses and IP-based assignment to a company network) as well as information you may voluntarily submit via contact forms. The analysis serves to improve our online offering and to address business customers.

Legal basis: For non-essential cookies/identifiers (e.g. for recognition/attribution) we rely on your consent under Art. 6(1)(a) GDPR (withdrawable via the cookie settings). IP-based attribution at company level (without personal identification) is based on Art. 6(1)(f) GDPR (legitimate interest in B2B analytics and sales enablement).
Recipients/third countries: Processing takes place within the EU/EEA; individual sub-processors or support access may involve transfers to third countries (e.g. USA), safeguarded by appropriate guarantees (in particular EU Standard Contractual Clauses).
Storage: Data are stored only as long as required for the purposes stated and then deleted or, where possible, anonymised/aggregated. Details of cookies are listed in Section 3.

10. HubSpot (forms, chat, newsletter/CRM)

We use HubSpot (HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA; for EU customers also HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland) for contact and other forms, the website chat, and newsletter sign-up and delivery. Depending on usage, we process contact and master data (e.g. name, email, company, phone), content data (messages/enquiries, chat histories), newsletter opt-in data (time, source, double opt-in) and newsletter engagement metrics (e.g. opens, clicks). We also use our CRM to manage communication with customers and prospects.

Purposes: Handling and responding to enquiries (forms/chat), ongoing communication and CRM management; with consent, direct marketing/newsletters including performance measurement.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual communication) and Art. 6(1)(f) GDPR (legitimate interest in efficient customer communication and CRM processes) for forms/chat/CRM; Art. 6(1)(a) GDPR in conjunction with § 7 UWG for newsletters (consent; double opt-in; revocable at any time). Non-essential cookies/identifiers are set only after consent; details (cookie names, purposes, storage periods, categories) are listed in the cookie declaration in Section 3.
Recipients/third countries: Processing takes place in our HubSpot tenant; a transfer to the USA is possible. Such transfers rely on EU Standard Contractual Clauses and HubSpot’s participation in the EU-US Data Privacy Framework.

Storage: Form/chat enquiries are stored as necessary and in line with statutory retention periods; marketing contacts until you withdraw consent or object to direct marketing. Technical logs and newsletter engagement metrics are deleted or anonymised when no longer required.

11. Rights of data subjects

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR). You also have the right to object to processing (Art. 21 GDPR) on grounds relating to your particular situation, insofar as processing is based on Art. 6(1)(e) or (f) GDPR.
You may withdraw consent at any time with effect for the future. To exercise your rights, please contact us using the details provided in Section 13.
You also have the right to lodge a complaint with a supervisory authority. For us, the competent authority is generally the Bavarian Data Protection Authority (BayLDA); you may also contact the authority at your habitual residence.

12. Processors

For operating and developing our website and related services, we use service providers as processors under Art. 28 GDPR (e.g. hosting/IT operations, consent management, web analytics/marketing, communications/CRM, B2B web analytics). Processing is carried out exclusively in accordance with our instructions and on the basis of appropriate contracts. Where transfers to third countries (e.g. USA) cannot be excluded, they are based on appropriate safeguards (in particular EU Standard Contractual Clauses) and, where applicable, additional protective measures.

13. Contact

For privacy-related enquiries or to exercise your rights, please contact: info@moderndrive.de

No data protection officer has been appointed; your point of contact is the controller named in Section 1.

14. Changes to this privacy policy

We update this privacy policy when legal requirements, our processing activities or technical conditions change. The version published on this page applies. Status: 15 October 2025.