Privacy Policy

(in accordance with the General Data Protection Regulation – GDPR)

Protecting personal data is of the highest importance to us. The following information explains how personal data is processed when you use our website.

1. Controller

Rewilok UG (haftungsbeschränkt)
Flughafenallee 26
28199 Bremen
Germany

Phone: +49 421 98963500
Fax: +49 421 98963509
Email: contact@rewilok.com

2. General Information on Data Processing

We process personal data only to the extent necessary for providing a functional website, ensuring communication with users, or fulfilling contractual or pre-contractual obligations.

Personal data is transferred to third parties only:

  • if permitted by law,
  • if required to fulfill contractual services,
  • if we are legally obligated to do so, or
  • if you have given explicit consent.

3. Provision of the Website and Server Log Files

When you access our website, data is automatically collected by our hosting system. This data is stored in server log files and is required for technical functionality, stability, and security.

Collected data may include:

  • IP address of the requesting device
  • Date and time of the server request
  • URL or file accessed
  • Referrer URL
  • Browser type and version
  • Operating system of the device

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating and securing the website).
Retention period: Log files are typically deleted within 7 to 30 days, unless longer retention is required for security purposes (e.g., investigating attacks).

4. Use of Cookies

Our website uses only technically necessary cookies required for its basic functionality.

Technically Necessary Cookie

  • i18n_redirected
    Purpose: Stores the user’s preferred language to correctly display content.
    Data: no personal data is collected.
    Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a user-friendly website experience).
    Retention period: depends on configuration (session or defined duration).

No analytics, marketing, tracking, or profiling cookies are used.
A consent banner is therefore not required under GDPR.

5. Hosting and Content Delivery Network (CDN)

Our website is hosted on the bunny.net cloud infrastructure.

Hosting (Container Hosting on bunny.net)

Personal data is processed exclusively in data centers located within the European Union.

CDN (Content Delivery Network by bunny.net)

To ensure fast and stable delivery of content, we use the bunny.net CDN.

This means:

  • Static content is delivered through global edge locations
  • Data residency remains within the EU
  • Your IP address may be transmitted to the nearest edge location for technical reasons

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fast, secure, and efficient website delivery).

A Data Processing Agreement (DPA) under Art. 28 GDPR is in place with bunny.net.

6. Contact Forms

If you use our contact forms, the following data may be processed:

  • Name
  • Email address
  • Message content
  • Phone number (optional)

Form submissions are processed via our own backend, hosted on bunny.net, and are not shared with external third parties.

Legal bases:

  • Art. 6(1)(b) GDPR (communication for contractual or pre-contractual purposes)
  • Art. 6(1)(f) GDPR (legitimate interest in efficient communication)

Data is deleted once your inquiry has been fully processed, unless legal retention periods require otherwise.

7. Data Processing by Processors

We use technical service providers acting as processors under Art. 28 GDPR, including:

  • bunny.net (hosting, container infrastructure, CDN)

All processors operate under legally valid Data Processing Agreements.

Personal data is transferred outside the EU only where appropriate safeguards under Art. 44–49 GDPR exist.
For bunny.net, data residency is configured to remain strictly within the EU.

8. Rights of Data Subjects

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise these rights, please contact us using the details provided in Section 1.

9. Withdrawal of Consent

If data processing is based on your consent, you may withdraw this consent at any time with effect for the future.
Processing carried out prior to withdrawal remains lawful.

10. Right to Lodge a Complaint with a Supervisory Authority

You have the right to file a complaint with a data protection authority, particularly in the EU Member State of your habitual residence or of the alleged violation.

Supervisory authority for the region of Bremen:

The State Commissioner for Data Protection and Freedom of Information (Bremen)
Arndtstraße 1
27570 Bremerhaven
Germany

11. Technical and Organisational Measures

Rewilok implements appropriate technical and organisational measures (TOMs) to protect personal data from loss, misuse, unauthorised access, and manipulation. These measures are reviewed regularly and adapted to current technological standards.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services.
The most current version is always available on our website.