Privacy Policy

1. Controller

Responsible for the processing of personal data on this website is:

Smart Rebellion GmbH
Vilbeler Landstraße 186
60388 Frankfurt am Main
Germany

Email: info@smartrebels.com

(Hereinafter "we" or "us")

2. General Information on Data Protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations,1 in particular the EU General Data Protection Regulation (GDPR), as2 well as this privacy policy.

No cookies or tracking tools are used when visiting this website. Personal data is only collected to the necessary extent, e.g., when you fill out forms or subscribe to our newsletter. In this policy, we inform you about the nature, scope, and purpose of data processing, as well as your rights as a data subject.

3. Types of Processed Data

Depending on how you use our website, we process different categories of personal data. These include in particular:

  • Contact data: e.g., name, address, email address, telephone number.
  • Order data: Information you provide in order forms, such as ordered products/services, delivery address, and payment information (if required for the order).
  • Communication data: Content of messages you send us via contact forms or email.
  • Usage and connection data: Technical information automatically collected when accessing the website (e.g., IP address, date and time of request, browser type, operating system, referring page).

4. Purposes and Legal Bases of Processing

We process your data only for specific purposes and based on a legal permission. Below, we explain the respective processing purposes and legal bases:

  • Provision of the Website: When you access our website, certain technical data is automatically processed to display the site to you and ensure its stability and security (e.g., storage of server log files). This is done based on our legitimate interest (Art. 6(1)(f) GDPR) to operate our website securely and functionally.
  • Contacting Us: If you contact us via contact form or email, we process your information to handle the request and communicate with you. Depending on the content of your request, this is done for the performance of pre-contractual measures or contract fulfillment (Art. 6(1)(b) GDPR) or based on our legitimate interest in responding to your inquiry (Art. 6(1)(f) GDPR).
  • Order Processing: If you submit personal data in order forms (e.g., for ordering products or services), we process this data to handle your order, delivery, and payment. This includes, in particular, your name, contact and address data, as well as order details. Processing is carried out for the fulfillment of a contract or for pre-contractual measures (Art. 6(1)(b) GDPR). If required to fulfill legal obligations (e.g., retention of invoice data for tax purposes), processing is also based on legal requirements (Art. 6(1)(c) GDPR).
  • Newsletter Dispatch: If you subscribe to our newsletter, we use your email address and potentially your name to send you our newsletter regularly. Subscription is voluntary and based on your express consent. The legal basis is your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time with future effect by unsubscribing from the newsletter (see Newsletter section below).

Beyond this, we only process your data in other cases if another legal basis according to Art. 6(1) GDPR exists (such as a legal obligation pursuant to lit. c GDPR or a legitimate interest pursuant to lit. f GDPR) and to the extent necessary.

5. Hosting by Vercel

Our website is hosted by the external service provider Vercel Inc. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel provides the infrastructure on which our website is stored and delivered.

Data Transfer to Third Countries: When using our website, your technically necessary usage data (such as, in particular, your IP address) is transmitted to Vercel. Vercel may also process data outside the EU (especially in the USA). We have concluded a data processing agreement (DPA) with Vercel according to Art. 28 GDPR. Vercel is contractually obligated to comply with the EU Commission's Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection, even if data is processed in a third country (e.g., the USA). Additionally, according to Vercel's own information, it uses server locations in Germany, so your data is generally processed within the EU. Further information on data protection at Vercel can be found in Vercel's privacy policy.

Legal Basis: The use of Vercel is based on our legitimate interests in a secure and reliable provision of the website (Art. 6(1)(f) GDPR).

6. Server Log Files

When you visit our website, our web server (operated by Vercel) automatically stores certain data in so-called server log files. This data includes, e.g.:

  • IP address of the requesting device,
  • Date and time of the server request,
  • Requested page/file and HTTP status code,
  • Amount of data transferred,
  • Browser type and browser version,
  • Operating system used,
  • Referrer URL (previously visited page).

This log data cannot be attributed to specific individuals by us. We do not merge this data with other data sources. The log files are used exclusively to ensure technical operation, for error analysis, and for security reasons (e.g., investigation of misuse or fraud).

Legal Basis: The storage of log file data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free delivery and security of our website.

Storage Duration: Server log data is stored only for a limited period and automatically deleted as soon as the purpose is fulfilled. As a rule, log entries are anonymized or deleted after 14 days at the latest, unless retention is required for evidence purposes (e.g., in cases of misuse).

7. No Cookies or Tracking Tools

Our website does not use cookies. No tracking or analysis tools (such as Google Analytics or similar services) are used either. Consequently, no cookies are stored on your device when visiting our pages, and your usage behavior is not tracked for analysis or marketing purposes.

Therefore, no cookie banner or consent management is required, as we only process technically necessary data (see Server Log Files above) for which no consent is required.

8. Contacting Us (Contact Forms and Email)

If you contact us, for example, via contact forms provided on the website or by email, we collect and process your information to handle the inquiry.

Scope of Data: Contact forms typically require your name, email address, and your message to us as mandatory fields. Depending on the matter, we may also request further information (e.g., telephone number for follow-up questions). Additionally, the time of the request and your IP address are automatically recorded upon form submission (the latter serves security purposes to prevent misuse of the form).

Purpose: The processing of this data occurs solely to handle your request, get in touch with you, and provide the requested information or service.

Legal Basis: Depending on the nature of your inquiry, we base the processing on different legal grounds:

  • Questions about our products or services may be considered pre-contractual inquiries or lead to the conclusion of a contract, making Art. 6(1)(b) GDPR (pre-contractual measure or contract fulfillment) relevant.
  • In all other cases, the processing of your provided contact data is based on our legitimate interest in answering your inquiry (Art. 6(1)(f) GDPR).

Storage Duration: We store the data collected during contact only as long as necessary to process your request. Once your inquiry is fully resolved and the relevant matter finally clarified, your information will be deleted. If legal retention obligations exist (e.g., for business correspondence under commercial or tax law), deletion occurs after the respective retention periods expire.

9. Order Forms and Contract Processing

On our website, you may be able to place orders for products or services (e.g., by filling out an order form). In this context, we process the personal data you provide to handle the order and fulfill the contract.

Scope of Data: Mandatory information in order forms typically includes your name, billing and delivery address, email address, and details about the desired service/order. Depending on the offer, further data may be required (e.g., payment information or telephone number for appointment scheduling). We only collect data necessary for order processing.

Purpose: Data processing serves the purpose of contract initiation, execution, and settlement, specifically:

  • to record your order and provide you with the desired service or goods,
  • for communication with you regarding order processing (e.g., order confirmation, queries),
  • for invoicing and, if applicable, payment processing,
  • for organizing delivery or provision.

Legal Basis: The processing of your order data is carried out for the fulfillment of a contract with you or for pre-contractual measures upon your request (Art. 6(1)(b) GDPR). Certain data may also be processed due to legal obligations – such as the retention of invoice data for tax reasons (Art. 6(1)(c) GDPR).

Recipients and Disclosure: We treat your order data confidentially. However, during order processing, it may be necessary to disclose personal data to third parties, for example:

  • Shipping/Delivery Companies: If you order physical goods, we transmit your delivery address and name to a shipping company carrying out the delivery.
  • Payment Service Providers/Banks: To process payments (e.g., bank transfers or direct debits), we forward the necessary payment data to your bank or selected payment service providers.
  • Tax Advisors/Authorities: If necessary, data from your order may be forwarded to tax authorities or our tax advisor within the scope of legal obligations (e.g., for accounting purposes).

In all mentioned cases, the scope of the transmitted data is limited to the necessary minimum. External recipients use the data exclusively to fulfill their task. If the recipients are processors (e.g., IT service providers), we have concluded corresponding contracts with them ensuring data protection according to GDPR.

Storage Duration: We store order and contract data for as long as necessary for the execution of the contract and subsequently for the preservation of our rights and obligations. This also includes legal retention periods. Under German commercial and tax law, we are obliged to retain business documents (e.g., invoices) for 6 to 10 years. Your data will therefore be stored for at least this period and then deleted, provided it is no longer required and no further legal permissions or obligations for storage exist.

10. Newsletter

You have the option to subscribe to a newsletter on our website to receive regular information about our offers, news, or events.

Subscription and Double Opt-In: Subscription to our newsletter generally follows the so-called double opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary3 to prevent anyone from subscribing with someone else's email address. Only after successful confirmation will your email address be added to our distribution list.

Data and Consent: For subscription, we require at least your email address. Optionally, you can provide a name to personalize the newsletter (salutation). By subscribing, you consent to the processing of your provided data for the purpose of sending the newsletter (Legal basis: Art. 6(1)(a) GDPR). We log the newsletter subscription to be able to prove the subscription process according to legal requirements. The time of subscription and confirmation, as well as your IP address at the time of subscription, are stored.

Dispatch of the Newsletter: The newsletter is dispatched directly by us. (Note: If an external mailing service provider were used, it would need to be named here and described as a processor. However, this assumes no third-party provider is used for newsletter dispatch.) Your data is used exclusively for sending our newsletter and is not passed on to third parties.

Content of the Newsletter: Our newsletters contain information about our products, services, and promotions, as well as potentially interesting news related to Smart Rebels GmbH.

Unsubscription/Withdrawal: You can unsubscribe from our newsletter at any time and revoke your consent. You will find a corresponding unsubscribe link in every newsletter. Alternatively, you can send us an informal message via email to info@smartrebels.com. After unsubscribing, your data will be deleted from the newsletter distribution list. The lawfulness of the data processing carried out before the revocation remains unaffected.

Storage Duration: We store the data registered for the newsletter until you unsubscribe. After unsubscribing, we may store your email address in a blocklist (blacklist) to ensure you do not receive further newsletters. The processing of this data is based on Art. 6(1)(f) GDPR (legitimate interest in respecting your unsubscription request).

11. Data Security and SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content (such as inquiries or orders you send to us). You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties. We recommend that you also ensure secure transmission yourself (e.g., do not send sensitive information via unencrypted emails).

Additionally, we use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments.

12. No Integration of Third-Party Providers

We do not use any external services from third-party providers on our website that process visitors' personal data. For example, no map services (Google Maps), videos (YouTube/Vimeo), or social media plugins are integrated. Likewise, we do not use web analytics services or advertising networks. Your data is therefore not collected by such external services when you use our website.

13. Rights of the Data Subject

As a data subject within the meaning of the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You have the right to obtain information about which personal data we store about you and how we process it.
  • Right to Rectification (Art. 16 GDPR): You can request the immediate correction of incorrect or completion of your personal data stored by us.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data ("right to be forgotten"), provided the legal requirements are met.
  • Right to Restriction of Processing (Art. 18 GDPR): Under certain conditions, you can request the restriction of the processing of your data (i.e., your data is stored but not used further).
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller, where technically feasible.
  • Right10 to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of your11 personal data which is based on Art.12 6(1)(f) GDPR (data processing based on legitimate interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing13 which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Furthermore, you have the right to withdraw any consent given at any time. If we process data based on your consent (Art. 6(1)(a) GDPR) (e.g., for newsletter dispatch), you can withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint17 with a data protection supervisory authority. You can contact the supervisory authority responsible for us for this purpose. The authority generally responsible for Smart Rebels GmbH is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit) or any other data protection authority locally responsible for you.

To exercise your rights, you can contact us informally at any time, for example, via email at info@smartrebels.com. Please provide sufficient information so that we can identify and respond to your request regarding your data stored with us. We will process your request promptly and in accordance with legal requirements.

14. Up-to-dateness and Amendment of this Privacy Policy

We reserve the right to adapt this privacy policy as needed to comply with current legal requirements and to accurately reflect our current offers and processing activities. The respective current version is always available on our website under the "Privacy" section.

This privacy policy is current as of: April 2025.

If you have any questions or comments about this privacy policy or data protection at our company in general, please feel free to contact us using the contact details provided above. We are happy to assist you.