Privacy Policy (Datenschutzerklärung)

1. Controller

[ALEX: insert legal name of the Kleingewerbe operator / business], [ALEX: street and number], [ALEX: postal code] [ALEX: city], Germany.

Email: [ALEX: privacy contact email]
Phone: [ALEX: phone]

2. What this site processes

This policy covers the marketing website operated under the "Rank OVA" brand (the pages on this domain). It describes categories of personal data we process when you browse or use our contact form.

3. Data we collect on this marketing site

• Contact form: name, company, email address, phone numbers you provide, U.S. location (city/state), optional website URL, plan selection, domain preferences, and free-text notes. We use this to respond to inquiries and, if you become a customer, to set up services.
• Server and hosting logs (Vercel): technical data such as IP address, timestamps, and request metadata for security and reliability. Retention depends on Vercel settings — [ALEX: confirm retention in Vercel dashboard].
• Optional SMS to our team: when configured, we may send a short internal SMS via Twilio to notify the operator of a new inquiry. That SMS does not go to homeowners from this form; it references your company name and contact details we already collected.
• Email delivery (Resend): we send notification and confirmation emails through Resend. Resend processes recipient addresses and delivery metadata as a sub-processor.
• Optional automation (n8n): if a webhook URL is configured, a copy of the structured form payload may be POSTed to your automation for CRM or logging.

We do not load third-party marketing analytics scripts on this marketing site in the stock template. If you add Plausible, Google Tag Manager, chat widgets, or similar, update this section and consider consent requirements under German/EU ePrivacy rules.

4. Legal bases (GDPR Art. 6)

• Contact requests: steps prior to a contract at your request, and our legitimate interest in responding to business inquiries.
• Security / abuse prevention: legitimate interests.

5. Recipients and sub-processors

Depending on configuration, data may be processed by:

• Vercel Inc. (hosting, edge — U.S. / global)
• Resend (transactional email)
• Twilio Inc. (optional internal SMS alert)
• Your n8n or webhook endpoint (if enabled)

[ALEX: List any additional tools and link to their DPA/SCCs as your counsel recommends.]

6. International transfers

Some providers above are located outside the EEA. We rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required. [ALEX: confirm with each vendor’s DPA.]

7. Retention

Inquiry data is kept for as long as needed to handle the request and for ordinary business, tax, and legal record-keeping. [ALEX: insert default retention period for sales leads, e.g. 24–36 months unless you have a contract.]

8. Your rights

Under the GDPR you may have the right to access, rectification, erasure, restriction, objection, and data portability where applicable. You may lodge a complaint with a supervisory authority. In Germany, a list of authorities is available from the federal and state data protection portals.

9. U.S. visitors and client sites

Roofing companies who use our services receive separate documentation for homeowner-facing sites. Those sites may use different tools (for example lead routing, SMS consent, analytics). This page does not replace a U.S. state privacy notice on a client's live website.