Privacy Policy

Information on the processing of personal data pursuant to Art. 13, 14 GDPR

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

Metzler IT GmbH, Fährstraße 35, 21502 Geesthacht, Deutschland
Represented by the managing directors Alexander Metzler and Andreas Metzler
Phone: +49 (0) 40 285 30 1 30
E-mail: info@metzler-it.de

A data protection officer has not been appointed because the statutory requirements for a mandatory appointment are not met. Please address any privacy request to the contact details above.

2. Hosting and server log files

Our website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All processing takes place in data centres located in Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.

When you visit our website, the server automatically records information in server log files: IP address, date and time of the request, requested page, transferred data volume, browser type and version, operating system and referrer URL. This data is used to ensure stable operation, analyse errors and defend against attacks.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a secure website). Log files are deleted after 14 days at the latest unless they are required to investigate a security incident.

3. Cookies

This website only uses technically necessary cookies. These are required to operate the site (e.g. session cookie session_id, language setting frontend_lang, time zone) and are set on the basis of Section 25(2) No. 2 of the German TDDDG and Art. 6(1)(f) GDPR.

We do not use any third-party advertising or tracking cookies. For details, please see our Cookie Policy.

4. Web analytics with Plausible

We use the privacy-friendly web analytics service Plausible Analytics (Plausible Insights OÜ, Väike-Paala 1, 11415 Tallinn, Estonia - a provider based in, and processing data within, the European Union).

Plausible does not use cookies and does not store personal data in a form that would allow individual visitors to be identified. IP addresses are not stored; only aggregated statistics (page views, referrers, device class, country) are generated.

The legal basis is Art. 6(1)(f) GDPR; our legitimate interest is the statistical analysis and improvement of our online offering. As no cookies are set and no information is stored on your device, consent under Section 25 TDDDG is not required.

5. Contacting us

If you contact us via the contact form, e-mail or telephone, we process the data you provide (name, e-mail address, phone number, content of your enquiry) in order to handle your request.

The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to the initiation or performance of a contract, and otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

We delete enquiry data once the request has been dealt with conclusively and no statutory retention obligations apply.

6. Customer and contract data

To establish, perform and settle contractual relationships we process master and contract data of our customers (company, contact person, contact details, billing data, service data) on the basis of Art. 6(1)(b) GDPR.

Statutory retention obligations under German commercial and tax law (Section 257 HGB, Section 147 AO) remain unaffected; data required under these provisions is retained for six or eight/ten years and deleted afterwards.

Where we obtain access to personal data of our customers in the course of our IT services, this takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR.

7. Social media presences

Our website links to our profiles on social networks (e.g. LinkedIn, Facebook, Instagram, YouTube). These are plain links; no data is transferred to the operators of these networks when you visit our website. Only when you follow a link do the privacy policies of the respective provider apply.

8. Transfers to third countries

This website does not use any services that transfer personal data to countries outside the European Union or the European Economic Area. Hosting and web analytics take place exclusively within the EU.

9. Data security

For security reasons this website uses TLS encryption (recognisable by "https://" and the lock symbol in your browser bar). In addition, we implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect your data against loss, misuse and unauthorised access.

10. Your rights

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

Right to object (Art. 21 GDPR): Where we process data on the basis of Art. 6(1)(f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for us is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany, www.datenschutzzentrum.de.

11. Validity of this privacy policy

No automated decision-making, including profiling, takes place. We will update this privacy policy whenever the legal situation or our processing operations change.

Last updated: 10 June 2026