Contact

Privacy Policy

Last updated: 5 June 2026

Controller

Cancilico GmbH, Tatzberg 47, 01307 Dresden, Germany

Email: privacy [at] cancilico.com

Website hosting and server logs

When you visit this website, technical access data may be processed, including IP address, date and time of access, requested URL, referrer, browser, operating system, and HTTP status. We process this data to deliver the website, maintain security, diagnose errors, and prevent misuse. Legal basis: Art. 6(1)(f) GDPR.

Contact form and email

If you contact us, we process the information you provide, such as name, email address, organization, subject, and message. We use this data to respond to your inquiry and handle related follow-up. Providing this information is voluntary; without it we may be unable to respond to your inquiry. Legal basis: Art. 6(1)(b) GDPR where the inquiry relates to a contract or pre-contractual communication, otherwise Art. 6(1)(f) GDPR.

Analytics

We use Umami, a privacy-friendly analytics tool that we host ourselves on our own infrastructure, to understand how this website is used. Usage data is therefore not shared with a third-party analytics provider. Umami runs without cookies and does not track you across websites or build personal profiles. It processes aggregated usage data such as visited pages, referrer, and approximate device/browser information, derived from data that is truncated or otherwise minimized. Because no information is stored on or read from your device, this analytics does not require consent under § 25 TDDDG, and no cookie banner is used. Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in understanding and improving the website).

Recipients and processors

This website is hosted on Netlify (Netlify, Inc., USA), which also processes contact-form submissions via Netlify Forms. As a result, server log data and any information you submit through the contact form (such as your name, email address, organization, subject, and message) are processed on Netlify’s infrastructure, including in the United States. Analytics is handled by Umami, which we host ourselves, so usage data is not shared with a third-party analytics provider.

We conclude data processing agreements (Auftragsverarbeitungsverträge) under Art. 28 GDPR with our processors, who process personal data only as necessary to provide their services. For the transfer of personal data to the United States, we rely on the EU–U.S. Data Privacy Framework, under which Netlify is certified, and, where required, on the EU standard contractual clauses as an additional safeguard under Art. 46 GDPR.

Retention

We retain personal data only as long as necessary for the purposes described above or as required by law. Contact inquiries are kept for the duration needed to respond and document the communication. Server logs are retained for limited operational and compliance periods.

Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR on this website.

Your rights

You have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time with effect for the future.

Complaint

You may lodge a complaint with a data protection supervisory authority. For Saxony: Sächsische Datenschutz- und Transparenzbeauftragte, Maternistraße 17, 01067 Dresden, email: post [at] sdtb.sachsen.de.

Contact

For privacy requests, contact privacy [at] cancilico.com.