Skip to content
SIPONA logo
Български Hrvatski Čeština Dansk Nederlands English Eesti Suomi Français Deutsch Ελληνικά Magyar Gaeilge Italiano Latviešu Lietuvių Malti Polski Português Română Slovenčina Slovenščina Español Svenska
Order portal

Privacy

This privacy policy explains how we process personal data when you visit this website (sipona.de or the installation we provide). The terms of the General Data Protection Regulation (GDPR) apply.

Controller

dus.net GmbH
Kaiserswerther Str. 215
40474 Düsseldorf
Deutschland

Email: info@dus.net

The trade name is “SIPONA”.

Hosting and location

The website www.sipona.de and the SIPONA platform are operated on dus.net GmbH's own servers at the Digital Realty Düsseldorf data centre location in Germany. Control over the servers lies exclusively with dus.net GmbH. This means that data processing remains the responsibility of dus.net GmbH and is subject to an appropriate level of data protection.

Separation of website and SIPONA platform

The website www.sipona.de and the SIPONA platform are separate environments. The cookies, consents, reach measurements and advertising tags described in this privacy policy relate to the website and not to the platform.

  • The website optionally uses reach measurement and advertising tags, subject to express consent.
  • No marketing tracking takes place within the SIPONA platform; no external marketing scripts and no content delivery network are used for this purpose.
  • The platform does not integrate any third-party AI; AI functions run on dus.net GmbH's own infrastructure.

Further information on operation, infrastructure and data processing can be found under Security & Hosting.

Access logs (server log files)

When you access this website, the web server automatically processes technically necessary information (e.g. IP address in truncated or full form depending on configuration, date and time, requested URL, amount of data transferred, status code, user agent).

The legal basis is Art. 6(1)(f) GDPR (legitimate interests in providing and securing the website and troubleshooting). Log data is deleted or anonymised after an appropriate period (typically up to seven days unless security incidents require longer retention).

Cookies and local storage

We use cookies and your browser’s local storage as described below.

Strictly necessary cookies

These cookies are required to operate and secure the website:

  • Application session cookie (e.g. Laravel “session”) to associate requests and provide security features.
  • CSRF token cookie to protect forms against abuse.
  • Language cookie (“sipona_locale”) to store your selected language (retention up to one year).

The legal basis is Art. 6(1)(f) GDPR and, for strictly necessary functions in connection with a contract or pre-contractual steps, Art. 6(1)(b) GDPR.

Storing your consent (browser)

We store your choice in the cookie notice (“Accept all” or “Necessary only”) using your browser’s localStorage under the key “sipona_consent_v2” so your decision persists on later visits and we can demonstrate consent. You may delete this information at any time (browser settings / clear site data); the notice will then appear again on your next visit.

Marketing and reach measurement via Google (only with consent)

If you choose “Accept all” in the cookie notice, we may load Google Analytics 4 and, where technically configured, Google Ads via Google Tag Manager. Google may then use cookies or similar identifiers and process usage data. Without this consent, the relevant storage remains disabled by default under Google Consent Mode v2 (“denied”); no further advertising or analytics evaluation then takes place.

Google Tag Manager, Google Analytics 4 and Google Ads

This website uses Google Tag Manager (“GTM”). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, affiliated in particular with Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GTM lets us deploy measurement and marketing tags centrally and, via “Consent Mode v2”, ensures analytics and advertising features take effect only after you consent.

The following services may in particular be loaded via Google Tag Manager:

  • Google Analytics 4 (“GA4”) for reach and usage analysis (e.g. page views, session duration, scroll depth and, where configured, interactions with links and form events).
  • Google Ads for conversion measurement and, depending on setup, to support ad effectiveness measurement, if you have consented to storage for advertising and personalisation.

Data processed may include in particular: IP address (possibly truncated), device- and browser-related information, timestamps, and usage and event data related to this website. Further information is available from Google at https://policies.google.com/privacy and https://policies.google.com/technologies/partner-sites.

The legal basis for processing for reach measurement and personalised advertising is, unless exclusively anonymous methods without access to your device are used, your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

Loading GTM/Google resources may already involve transferring connection data (e.g. IP address) to Google servers, including in the United States. Where consent is not required for this, processing is based on Art. 6(1)(f) GDPR (legitimate interests in secure, maintainable, consent-controlled deployment of measurement tags with minimal data). You may object to this processing with future effect under Art. 21 GDPR, for example by contacting us at the addresses above.

You may withdraw consent at any time with future effect; this does not affect the lawfulness of processing based on consent before withdrawal. Where the consent banner is shown on this website, you can use “Open cookie settings” to display the notice again and choose “Necessary only”.

Contact form and email communication

When you use the contact form, we process the data you enter (e.g. name, email address, message content, and optionally company and phone number) to handle your request.

Submitted by email to: info@dus.net

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures / contract initiation) and Art. 6(1)(f) GDPR (legitimate interest in handling general enquiries).

Data is deleted once no longer needed for the purpose, unless statutory retention obligations apply (e.g. commercial or tax law).

External fonts (Bunny Fonts)

We load fonts via fonts.bunny.net (operator: BunnyWay d.o.o.). Your device IP address may be transmitted to the CDN provider as technically necessary. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a readable, performant website). See Bunny.net’s privacy policy for details.

Order portal and external links

Links to the order portal (order.sipona.de) and other sites lead to offerings of separate controllers. Their privacy policies apply to processing there.

Recipients and processors

Where we use hosting, email or comparable technical providers, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR where required. If you accept marketing and reach measurement in this website’s cookie notice, the Google entities named in the section “Google Tag Manager, Google Analytics 4 and Google Ads” may also receive data; responsibility is governed by Google’s respective product terms and may involve processing on our behalf or independent responsibility on Google’s side, depending on the product.

Transfers to third countries

Personal data is transferred outside the EU/EEA only where the conditions of Arts. 44 et seq. GDPR are met. For hosting and EU/EEA providers we use, this is usually unnecessary; if you consent to Google services, processing and transfers may occur, in particular to the United States. For the USA an EU Commission adequacy decision applies under the EU–US Data Privacy Framework where the recipient is certified; supplementary or alternative safeguards (in particular EU Standard Contractual Clauses under Art. 46(2)(c) GDPR) may also apply. See Google’s privacy policy for details on transfers by Google.

Retention

Personal data is stored only as long as necessary for the respective purposes or statutory retention periods apply.

Your rights

Subject to legal requirements, you have rights of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to certain processing (Art. 21 GDPR).

Where processing is based on consent, you may withdraw it with effect for the future (Art. 7(3) GDPR).

Regardless of the above, where Google is independently responsible towards data subjects for certain processing, Google’s privacy settings and objection options described by Google also apply.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the Member State of your habitual residence or the place of the alleged infringement.

TLS encryption

This website uses TLS encryption to protect data in transit. Encryption applies only when the site is accessed via HTTPS.

Changes

We may update this privacy policy if the website or legal situation changes. The published version at the time applies.