Data protection
1. Introduction
This website is operated by: SaltRock GmbH.
It is very important to us to handle the data of our website visitors in a trustworthy manner and to protect it as best as possible. For this reason, we make every effort to meet the requirements of the GDPR.
Below, we explain how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you truly understand what happens to your data.
2. General information
2.1 Processing of personal data and other terms
Data protection applies when personal data is processed. Personal data means all data by which you can be personally identified. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting.
Such data is processed when “something happens with it”. For example, the IP address is transmitted from the browser to our provider and automatically stored there. This then constitutes processing (pursuant to Art. 4 No. 2 GDPR) of personal data (under Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations / laws – GDPR, BDSG and TDDDG
The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR insofar as the use of cookies is concerned.
2.3 The controller
The controller responsible for data processing on this website is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
SaltRock GmbH
Bonner Str. 12
51379 Leverkusen
Email: hello@saltrock.de
2.4 Data Protection Officer
We have appointed a Data Protection Officer for our company:
SaltRock GmbH
David Prehm
Bonner Str. 12
51379 Leverkusen
Email: hello@saltrock.de
2.5 How data is generally processed on this website
As we have already established, there is data (e.g. IP address) that is collected automatically. This data is predominantly required for the technical provision of the homepage. Insofar as we use personal data beyond this or collect other data, we inform you accordingly and/or ask for consent.
You provide us with other personal data consciously.
You will find detailed information on this below.
2.6 Your rights
The GDPR grants you extensive rights. These include, for example, free information about the origin, recipients and purpose of your stored personal data. In addition, you can request the correction, restriction or deletion of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke any consent you have given at any time.
You can find out what these rights look like in detail and how to exercise them in the last section of this privacy policy.
2.7 Data protection – our perspective
Data protection is more than just an annoying obligation for us! Personal data has great value, and careful handling of this data should be a matter of course in our digitalised world. In addition, you as a website visitor should be able to decide for yourself what, when and by whom something “happens” with your data. That is why we commit ourselves to complying with all legal provisions, collecting only the data necessary for us, and, of course, treating it confidentially.
2.8 Disclosure and deletion
The disclosure and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.
Data is disclosed only on the basis of a legal basis and only where unavoidable – e.g. to processors pursuant to Art. 28 GDPR.
We delete your data as soon as the purpose and legal basis for processing no longer apply and there are no statutory retention obligations to the contrary (cf. Art. 17 GDPR).
2.9 Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting providers.
Hosting providers:
Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich
Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands
Legal basis: Art. 6(1)(a), (b) and (f) GDPR as well as Section 25(1) TDDDG.
Data processing agreements pursuant to Art. 28 GDPR are in place.
2.10 Legal bases
The processing of personal data is carried out on the basis of Art. 6(1) GDPR – depending on the purpose (a–f).
Individual purposes are explained in the following sections.
3. What happens on our website
3.1 Data collection when accessing the website
When the website is accessed, server log files (browser type, operating system, referrer URL, time, IP address, etc.) are recorded.
Purpose: system security, stability, troubleshooting, display of the website.
Legal basis: Art. 6(1)(f) GDPR.
Storage: max. 14 days (or longer in the event of security incidents).
3.2 Cookies
This website uses cookies.
– Technically necessary cookies: legal basis Art. 6(1)(b), (c) or (f) GDPR
– Technically unnecessary cookies: only with consent (Art. 6(1)(a) GDPR).
Settings can be changed in the cookie consent tool or in the browser.
3.3 Data processing through user input
a) Email / telephone / contact form – processing of contact and communication data, legal basis Art. 6(1)(b) and (f) GDPR.
b) AI-supported analysis – only with consent or legitimate interest.
c) Microsoft Bookings – for arranging appointments (legal basis Art. 6(1)(a) and (f) GDPR).
3.4 Cookie consent tool
We use the Framer Cookie Banner to obtain and document consent pursuant to Art. 6(1)(c) GDPR.
3.5 Website builder
Our website was created with Framer. Legal basis Art. 6(1)(a) and (f) GDPR.
3.6 Analysis and tracking tools
Google Analytics & Google Tag Manager: analysis of user behaviour, marketing optimisation.
Legal basis: Art. 6(1)(a) GDPR and Section 25 TDDDG (consent).
Google LLC is certified under the EU-US Data Privacy Framework.
3.7 Social media profiles
We operate profiles on:
LinkedIn (LinkedIn Ireland Unlimited Company)
Instagram (Meta Platforms Ireland Limited)
X (formerly Twitter, X Corp.)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in corporate presentation and communication).
3.8 Third-party content
Integration of Google Fonts, Font Awesome, Cloudflare DNS and Dieter Live API.
Legal basis: Art. 6(1)(a) and (f) GDPR.
3.9 Audio and video conferences
Use of Microsoft Teams for customer communication.
Legal basis: Art. 6(1)(a), (b) and (f) GDPR.
3.10 CRM systems
Use of Hubspot CRM to manage customer relationships.
Legal basis: Art. 6(1)(b) GDPR.
Data transfer to the USA on the basis of the EU-US Data Privacy Framework and SCCs.
3.11 Cloud backups
Cloud backups via Framer for data backup.
Legal basis: Art. 6(1)(f) GDPR.
4. What else is important
Finally, we would like to inform you about your rights and how you will be notified of changes.
4.1 Your rights in detail
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to an individual decision (Art. 22 GDPR)
Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR)
5. What if the GDPR is abolished tomorrow or other changes take place?
The current version of this privacy policy is dated 11.11.2025.
From time to time, it may be necessary to adapt the content in order to respond to legal or technical changes.
We will publish updated versions in the same place and recommend that you read the policy regularly.