GRAVITYZERO

Get in Touch

Privacy Policy

← Back to Home

Privacy Policy

Version: 22 May 2026 Note: This privacy policy is a translation for your convenience. The legally binding version is the German original, available at gravity-zero.de/datenschutz.

Table of Contents

Introduction and Overview

We have drafted this privacy policy to explain — in accordance with the General Data Protection Regulation (EU) 2016/679 and the German Federal Data Protection Act (BDSG) — which personal data we process as the data controller, together with the processors we engage. In short: We provide comprehensive information about how personal data is processed on our website. The terminology is intended to be gender-neutral.

Scope

This privacy policy applies to all personal data we process ourselves and to all personal data processed by companies we engage as processors. By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR — such as a person’s name, email address, or postal address. The scope includes:
  • our website at gravity-zero.de (including subdomains)
  • email communication with us
  • social media accounts we operate

Contact Details of the Controller

The data controller within the meaning of Art. 4 No. 7 GDPR is: GRAVITYZERO GmbH Talhofstraße 12 89518 Heidenheim an der Brenz Germany Authorised Managing Director: Hannes Ludewig Commercial Register: HRB 773544, Stuttgart District Court VAT ID: DE329250939 Email: hallo@gravity-zero.de Phone: +49 (0)151 56665137 Imprint: gravity-zero.de/en/imprint We only process your data if at least one of the following conditions applies:
  1. Consent (Art. 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose — for example, by accepting cookies in the cookie banner or by submitting a contact form.
  2. Contract (Art. 6(1)(b) GDPR): We process your data to fulfil a contract or pre-contractual obligations with you.
  3. Legal obligation (Art. 6(1)(c) GDPR): For instance, we are legally required to retain invoices for accounting purposes.
  4. Legitimate interests (Art. 6(1)(f) GDPR): For example, to operate our website securely and economically.
In addition to the GDPR, the German Federal Data Protection Act (BDSG) applies in Germany. Sections 25 et seq. of the German Act on Privacy in Telecommunications and Digital Services (TDDDG) apply to the storage of cookies and access to information stored on end devices.

Retention Period

We only retain personal data for as long as it is strictly necessary for providing our services. As soon as the reason for processing no longer applies, the data is deleted — unless statutory retention obligations apply (e.g. for accounting purposes, generally 6 or 10 years under the German Commercial Code (HGB) or Tax Code (AO)). If you request the deletion of your data or withdraw consent, the data will be deleted as soon as possible, provided no retention obligations exist. Specific retention periods are explained alongside the individual services below.

Your Rights Under the GDPR

Under the GDPR, you have the following rights:
  • Right of access (Art. 15 GDPR) — to learn whether and what data we process about you
  • Right to rectification (Art. 16 GDPR) — to have incorrect data corrected
  • Right to erasure, or “right to be forgotten” (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular against direct marketing and profiling
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
For questions about these rights, please contact us at hallo@gravity-zero.de.

Competent Supervisory Authority

For our company, based in Heidenheim an der Brenz, the supervisory authority of the federal state of Baden-Württemberg is responsible: The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg Prof. Dr. Tobias Keber Lautenschlagerstraße 20, 70173 Stuttgart, Germany Phone: +49 711 615541-0 Email: poststelle@lfdi.bwl.de Website: baden-wuerttemberg.datenschutz.de

Data Transfers to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to such processing or if other legal grounds exist. For data transfers to the United States, we rely — where the respective provider participates — on the EU-US Data Privacy Framework or on EU Standard Contractual Clauses under Art. 46(2) GDPR. We inform you of specific third-country transfers in the relevant sections of this policy.

TLS Encryption with HTTPS

We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet. All data transmitted between your browser and our web server is encrypted. This fulfils data protection by design under Art. 25(1) GDPR. You can identify the encryption by the lock icon in your browser’s address bar and the https:// scheme.

Communication (Email, Phone, Contact Form)

When you contact us by phone, email, or via our contact form, we process the data you provide (usually name, email address, phone number, company, and the content of your inquiry) to handle your request. Data processed: name, email address, phone number, company, message content, time of submission, and IP address. Retention: until your inquiry has been fully processed. For business transactions with retention obligations (e.g. under Section 257 HGB, Section 147 AO), up to 10 years. Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (pre-contractual measures / contract), Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

Cookies

What are cookies?

Cookies are small text files that our website stores on your device. They help recognise your browser between visits, store preferences, or analyse website usage. There are first-party cookies (from us) and third-party cookies (e.g. from Google or Metricool).

What types of cookies do we use?

  • Strictly necessary cookies: to ensure basic website functions (e.g. storing your cookie choices). Legal basis: Section 25(2) TDDDG, Art. 6(1)(f) GDPR.
  • Statistics cookies: for analysing user behaviour (Google Analytics 4, Metricool). Legal basis: Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR — only with your consent.

Manage cookies / withdraw consent

You can adjust your cookie settings or withdraw your consent at any time via the “Manage Consent” tab at the bottom of the screen. You can also delete cookies in your browser or block them. Instructions are available in your browser’s help section (Chrome, Safari, Firefox, Edge).

Web Hosting (Strato AG)

We host our website with STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. Strato is a German web hosting provider with server locations in Germany. When you visit our website, the Strato web server automatically processes technical data transmitted by your browser in so-called server log files:
  • URL requested
  • browser and browser version
  • operating system
  • referrer URL (previously visited page)
  • IP address of the accessing device
  • date and time of access
Purpose: secure and stable website operation, defence against attacks, system stability monitoring. Retention: Log files are typically deleted after a maximum of seven days. In the event of a specific security incident, data may be retained longer. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure website operation). A data processing agreement (DPA) under Art. 28 GDPR exists with Strato. Strato privacy policy: strato.de/datenschutz

Email Delivery via Brevo (Sendinblue)

For reliable email delivery (e.g. responses to contact form submissions or system notifications), we use the email service Brevo (formerly Sendinblue) of Brevo SAS, 7 rue de Madrid, 75008 Paris, France. When you send us a message via the contact form, our server hands the email to Brevo’s SMTP servers, which handle delivery. This includes sender address, recipient address, subject, message content, and technical delivery metadata. Server location: France (EU). Data processing: A DPA under Art. 28 GDPR exists with Brevo. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable email delivery), in conjunction with Art. 6(1)(b) GDPR for business communication. Brevo privacy policy: brevo.com/legal/privacypolicy

Contact Form 7

For our contact form, we use the WordPress plugin Contact Form 7 by Rock Lobster, LLC. The plugin processes data you enter in the form directly on our server (at Strato in Germany) and sends it via Brevo (see above) to our inbox. Contact Form 7 does not set any cookies. Data entered does not leave our server to external third parties. Legal basis: Art. 6(1)(a), (b), and (f) GDPR. Provider privacy notes: contactform7.com/privacy-notes

Cookie Banner (Complianz)

We use the cookie consent tool Complianz by Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands. Complianz generates a cookie banner that allows you to consent to or reject cookies and third-party services. Data processed: anonymised IP address, time of consent, content of consent (which cookie categories you accepted), pseudonymous user ID, browser and device information. Retention: Consent is typically stored in a cookie on your device for 365 days. After that, you will be asked again. Server location: Netherlands (EU). Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent) and Art. 6(1)(f) GDPR (legitimate interest in lawful operation). Complianz privacy policy: complianz.io/legal/privacy-statement

Wordfence Security

To protect our website against cyber attacks, brute-force attempts, and malware, we use the security plugin Wordfence by Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA. Wordfence processes IP addresses, login attempts, user agent data, and — in the case of suspicious activity — request content. Suspicious IP addresses are matched against the Wordfence threat database in the USA. Third-country transfer: Wordfence partly processes data in the USA. Defiant bases the transfer on EU Standard Contractual Clauses under Art. 46(2) GDPR. More information: wordfence.com/help/general-data-protection-regulation Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security). Wordfence privacy policy: wordfence.com/privacy-policy

YouTube (Video Embeds)

On individual pages of our website, we embed videos from the YouTube platform, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Privacy-friendly embedding (click-to-play solution)

We do not embed YouTube videos directly. Instead, you initially see a static preview image on the page with a notice about data transmission. As long as you do not click the preview image, no data is transmitted to YouTube or Google. Only when you actively click the video does the embedded YouTube player load in extended privacy mode (via the domain youtube-nocookie.com). In this mode, YouTube does not store cookies until you actively play the video.

Data processed

Once you activate the video by clicking, the following data is transmitted to YouTube/Google:
  • IP address of the accessing device
  • date and time of the request
  • URL of the page on which the video is embedded
  • information about your browser and operating system
  • for logged-in Google/YouTube users: linking with the personal Google account
  • cookies and similar tracking technologies upon playback, where applicable
For specific information on the data Google processes for logged-in users and the purposes thereof, please refer to Google’s privacy policy. Legal basis: Art. 6(1)(a) GDPR (consent given by actively clicking the preview image). You can withdraw your consent at any time for the future by leaving the page or not activating further videos. Third-country transfer: Google transfers personal data to the USA. Google is an active participant in the EU-US Data Privacy Framework and thereby commits to complying with European data protection standards. Insofar as data is transferred to countries outside the scope of the Data Privacy Framework, this is done on the basis of EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Google privacy policy: policies.google.com/privacy. Information on the EU-US Data Privacy Framework: dataprivacyframework.gov

Google Analytics 4

With your explicit consent, our website uses the web analytics tool Google Analytics 4 (GA4) by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Our measurement ID is: G-2CMS8DBC6H Purpose: Analysis of usage behaviour on our website in order to improve content and offerings. Data processed: pseudonymous user ID, event-based data (e.g. page views, clicks), device and browser information, approximate location (at city level, derived from the IP address, which is not stored), time spent, source. IP anonymisation: Google Analytics 4 does not store IP addresses. They are used only to derive the approximate location and discarded immediately thereafter. Retention: Data is retained in our GA4 property for 14 months and then automatically deleted. Data sharing: We have disabled data sharing with Google products and model contributions in our GA4 settings. Data is used exclusively for providing the analytics service. Third-country transfer: Google also processes data in the USA. Google is an active participant in the EU-US Data Privacy Framework and additionally bases transfers on EU Standard Contractual Clauses under Art. 46(2) GDPR. Data processing agreement: A DPA under Art. 28 GDPR has existed with Google since 2 June 2020. Legal basis: Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent via our cookie banner). Withdrawal: You can withdraw your consent at any time via the “Manage Consent” tab at the bottom of the screen. Additionally, Google offers a browser add-on to deactivate Google Analytics: tools.google.com/dlpage/gaoptout Google privacy policy: policies.google.com/privacy

Metricool (Web Analytics)

In addition to Google Analytics 4, with your explicit consent, we use the web analytics tool Metricool by Metricool Software SL, Calle de Eloy Gonzalo 27, 28010 Madrid, Spain. Purpose: Analysis of usage behaviour on our website to improve reach and content. Metricool complements GA4 data with analyses of traffic sources and visibility. Data processed: pseudonymous user ID (cookie), page views and clicks, time spent, traffic source (referrer), device and browser information, approximate location at country level, and the IP address, which is used exclusively to derive the approximate location at country level and is not stored permanently in our Metricool account. Handling of the IP address: The IP address is used by Metricool exclusively to derive the approximate location at country level. The IP address is not stored permanently in a form accessible to us. For detailed information on data processing by Metricool, please consult the provider’s privacy policy (see link at the end of this section). Cookies: Metricool sets a pseudonymous identifier (cookie mc_id or similar) and session cookies where applicable. These are only set after your consent. Retention: Tracking cookies are stored on your device for a maximum of 12 months. Aggregated, pseudonymous analytics data is stored in our Metricool account for the duration of the contract. Server location: Spain (EU). No third-country transfer outside the EU takes place. Data processing agreement: A DPA under Art. 28 GDPR exists with Metricool. Legal basis: Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent via our cookie banner). Withdrawal: You can withdraw your consent at any time via the “Manage Consent” tab at the bottom of the screen. After withdrawal, no further data will be collected. Metricool privacy policy: metricool.com/privacy-policy

Local Google Fonts (OMGF)

Our website uses fonts from the Google Fonts library (DM Sans, Barlow Condensed, Bebas Neue). With the help of the WordPress plugin OMGF (Optimize My Google Fonts) by Daan van den Bergh, these fonts are hosted locally on our server (Strato, Germany) and delivered from there when a page loads. No connection to Google servers takes place when fonts are loaded. No data (in particular no IP addresses) is transmitted to Google. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in an attractive, fast-loading, and data protection-compliant website).

Definitions of Key Terms

The key terms of the GDPR — as used in this policy — are defined in Art. 4 GDPR. A brief overview:
  • Personal data (Art. 4 No. 1 GDPR): any information relating to an identified or identifiable natural person — such as name, address, email address, phone number, or IP address.
  • Processing (Art. 4 No. 2 GDPR): any operation involving personal data — such as collecting, storing, modifying, transmitting, or deleting.
  • Controller (Art. 4 No. 7 GDPR): the entity that decides on the purposes and means of data processing. In our case: GRAVITYZERO GmbH.
  • Processor (Art. 4 No. 8 GDPR): service providers that process personal data on our behalf — such as Strato, Brevo, Google, or Metricool.
  • Consent (Art. 4 No. 11 GDPR): any freely given, informed, and unambiguous expression of intent — such as your click on “Accept” in our cookie banner.
  • Supervisory authority (Art. 4 No. 21 GDPR): the independent public authority where you can lodge a complaint — for us, the LfDI Baden-Württemberg.

Closing Words

If you have read this privacy policy this far: thank you. Data protection matters to us — not only because it is required by law, but because we want to handle your data responsibly. For any privacy-related questions about our website, please feel free to contact us directly: hallo@gravity-zero.de. Last updated: 22 May 2026