Privacy Policy
1. Introduction
This website is operated by: SaltRock GmbH.
It is very important to us to handle the data of our website visitors with trust and to protect it as best as possible. For this reason, we make every effort to comply with the requirements of the GDPR.
Below, we explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you really understand what happens to your data.
2. General Information
2.1 Processing of personal data and other terms
Data protection applies when personal data is processed. Personal data means all data by which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting.
Such data is processed when “something happens to it.” Here, for example, the IP address is transmitted by the browser to our provider and automatically stored there. This then constitutes processing (within the meaning of Art. 4 No. 2 GDPR) of personal data (under Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable Regulations / Laws – GDPR, BDSG and TDDDG
Data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR insofar as the use of cookies is concerned.
2.3 The Responsible Party
The natural or legal person who alone or jointly with others determines the purposes and means of processing personal data is responsible for data processing on this website.
SaltRock GmbH
Bonner Str. 12
51379 Leverkusen
Email: hello@saltrock.de
2.4 Data Protection Officer
We have appointed a data protection officer for our company:
SaltRock GmbH
David Prehm
Bonner St. 12
51379 Leverkusen
Email: hello@saltrock.de
2.5 This is how data is generally processed on this website
As we have already determined, there is data (e.g., IP address) that is collected automatically. This data is primarily needed to provide the homepage technically. If we also use personal data or collect other data, we will inform you or ask for your consent.
You intentionally share other personal data with us.
You will find detailed information below.
2.6 Your Rights
The GDPR grants you comprehensive rights. These include, for example, free information about the origin, recipients, and purpose of your stored personal data. In addition, you can request the correction, blocking, or deletion of this data, or file a complaint with the competent data protection supervisory authority. You can revoke any consent you have given at any time. You can find more details about these rights and how to exercise them in the final section of this privacy policy.
2.7 Data Protection – Our View
Data protection is more than just an annoying obligation for us! Personal data is highly valuable, and handling this data with care should be a matter of course in our digital world. In addition, as a website visitor, you should be able to decide for yourself what happens to your data, when, and by whom. That is why we are committed to complying with all legal requirements, collecting only the data we need, and of course treating it confidentially.
2.8 Disclosure and Deletion
Disclosure and deletion of data are also important and sensitive topics. That is why we would like to briefly inform you in advance about our general approach to this. Data is only disclosed on the basis of a legal basis and only when this is unavoidable – e.g. to processors pursuant to Art. 28 GDPR. We delete your data as soon as the purpose and legal basis for processing no longer apply and no statutory retention obligations stand in the way (cf. Art. 17 GDPR).
2.9 Hosting
This website is hosted externally. The personal data collected on this website is stored on the host's servers. Host: Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. Legal basis: Art. 6(1)(a), (b), and (f) GDPR as well as Section 25(1) TDDDG. Data processing agreements have been concluded pursuant to Art. 28 GDPR.
2.10 Legal basis
The processing of personal data is carried out on the basis of Article 6(1) of the GDPR—depending on the purpose (a–f). Individual purposes are explained in the following sections.
3. What happens on our website
3.1 Data collection when visiting the website
When the website is accessed, server log files (browser type, operating system, referrer URL, time, IP address, etc.) are collected. Purpose: system security, stability, troubleshooting, and presentation of the website. Legal basis: Art. 6(1)(f) GDPR. Storage: max. 14 days (or longer in the event of security incidents).
3.2 Cookies
This website uses cookies. – Technically necessary cookies: legal basis Art. 6 para. 1 lit. b, c or f GDPR – Technically non-essential cookies: only with consent (Art. 6 para. 1 lit. a GDPR). Settings can be changed in the cookie consent tool or in the browser.
3.3 Data Processing Through User Inputs
a) Email / phone / contact form – processing of contact and communication data, legal basis: Article 6(1)(b) and (f) GDPR. b) AI-supported analysis – only with consent or legitimate interest. c) Microsoft Bookings – for appointment scheduling (legal basis: Article 6(1)(a) and (f) GDPR).
3.4 Cookie Consent Tool
We use the Framer cookie banner to obtain and document consent under Article 6(1)(c) of the GDPR.
3.5 Website Builder
Our website was created with Framer. Legal basis: Article 6(1)(a) and (f) of the GDPR.
3.6 Analytics and Tracking Tools
Google Analytics & Google Tag Manager: Analysis of user behavior, marketing optimization. Legal basis: Art. 6(1)(a) GDPR and Section 25 TDDDG (consent). Google LLC is certified under the EU-U.S. Data Privacy Framework.
3.7 Social Media Profile
We operate profiles on: LinkedIn (LinkedIn Ireland Unlimited Company), Instagram (Meta Platforms Ireland Limited), and X (formerly Twitter, X Corp.). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in presenting our company and communicating).
3.8 Third-party Content
Integration of Google Fonts, Font Awesome, Cloudflare DNS, and the Dieter Live API. Legal basis: Article 6(1)(a) and (f) of the GDPR.
3.9 Audio and video conferences
Use of Microsoft Teams for customer communication. Legal basis: Art. 6(1)(a), (b) and (f) GDPR.
3.10 CRM Systems
Use of HubSpot CRM for managing customer relationships. Legal basis: Art. 6(1)(b) GDPR. Data transfer to the USA on the basis of the EU-U.S. Data Privacy Framework and standard contractual clauses (SCCs).
3.11 Cloud Backups
Cloud backups via Framer for data backup. Legal basis: Art. 6(1)(f) GDPR.
4. This is also important
Finally, we would like to inform you about your rights and how you will be notified of changes.
4.1 Your Rights in Detail
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to an individual decision (Art. 22 GDPR)
Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR)
5. What if the GDPR is abolished tomorrow or other changes occur?
The current version of this privacy policy is 11.11.2025. From time to time, it may be necessary to adjust the content to respond to legal or technical changes. We will publish updated versions in the same place and recommend that you read this policy regularly.
