Privacy Policy
The following notes provide an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.
Controller
UPVIS – Kevin Schwed
Neckaring 99
64521 Groß-Gerau
Deutschland
E-Mail: info@expovisuals.com
Telefon: 0151 25553575
Data collection on this website
Some data is collected when you provide it to us – e.g. via the contact/request form. Other data is collected automatically when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of the page request).
Hosting
We host our website with Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When the website is accessed, technically necessary data (incl. the IP address) is processed on Vercel's servers; data may be transferred to the USA on the basis of the EU Standard Contractual Clauses. Legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and efficient operation). Details: https://vercel.com/legal/privacy-policy.
Server log files
The hosting provider automatically collects and stores information in so-called server log files that your browser transmits: browser type and version, operating system, referrer URL, hostname of the accessing device, time of the request and IP address. This data ensures trouble-free, secure operation and is not merged with other data sources. Legal basis: Art. 6(1)(f) GDPR.
Cookies & consent (consent management)
On your first visit we ask for your choice via a consent banner. Necessary storage (e.g. saving your cookie choice, the admin login session, and processing your form entries) is required for operation; the legal basis is Sec. 25(2) TDDDG and Art. 6(1)(f) GDPR. Optional services (statistics & heatmap) are only used with your consent (Sec. 25(1) TDDDG, Art. 6(1)(a) GDPR). We store your choice as a first-party cookie and in your browser's localStorage (key 'ev_consent'). You can change or withdraw your consent at any time with effect for the future via the 'Cookie settings' link in the footer.
Our own analytics & heatmap
With your consent we run our own, data-minimising analytics. We process: a random session identifier (only in your browser's sessionStorage, not a persistent cookie), pages viewed, clicks (including the relative click position for a heatmap), scroll depth, interactions with embedded videos, device type, browser and operating system, a coarse country indication, and a daily-rotating, non-reversible visitor hash to count returning visits. No IP addresses are stored and no data is shared with third parties; the analysis takes place exclusively in our own database. The purpose is to improve content and navigation. Legal basis: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG. You can withdraw consent at any time via 'Cookie settings'.
Embedding of YouTube videos
To display our reference films we embed videos from YouTube (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). We use the enhanced privacy mode ('youtube-nocookie'). Nevertheless, loading the videos establishes a connection to Google's servers; data (incl. your IP address) may be processed, transferred to third countries – in particular the USA – and cookies or similar technologies may be set. We have no influence over this processing. As the films are a central part of our offering, the embedding is based on our legitimate interest in a meaningful presentation of our work (Art. 6(1)(f) GDPR). More information: https://policies.google.com/privacy.
Database & authentication (Supabase)
For storing requests and for the protected admin area we use Supabase (Supabase Inc.) as a processor. A data processing agreement pursuant to Art. 28 GDPR is in place. Data is processed on servers within the European Union. Legal basis is Art. 6(1)(f) GDPR (secure, efficient data storage) and – for request data – Art. 6(1)(b) GDPR.
Contact & request form
When you contact us via the form, the details you provide (e.g. name, company, email, phone, message) are stored to handle the request and any follow-up questions. If you have consented to processing, we document the time of consent. We do not share this data without your consent. The legal basis is Art. 6(1)(b) GDPR (pre-contractual/contractual measures), Art. 6(1)(f) GDPR (legitimate interest in effective handling) or Art. 6(1)(a) GDPR (consent).
Fonts
For a consistent appearance, fonts are embedded locally (self-hosted). No connection to Google Fonts servers or other third parties is established when the page loads.
SSL/TLS encryption
For security reasons this site uses SSL/TLS encryption. You can recognise an encrypted connection by 'https://' and the lock icon in your browser's address bar.
Storage period
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention periods. Request data is deleted once no longer needed. Pseudonymous raw analytics data is deleted or anonymously aggregated after no more than 14 months.
Your rights
Within the statutory framework you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and a right to object (Art. 21 GDPR). You can withdraw a given consent at any time with effect for the future. You also have the right to lodge a complaint with a supervisory authority, e.g. the Hessian Commissioner for Data Protection and Freedom of Information (Postfach 3163, 65021 Wiesbaden, Germany).