2. Data Protection


Controller and General Information on Data Protection

2.1 Controller

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

EVOCON Studio UG (limited liability)
Alte Rathausgasse 2a
74924 Neckarbischofsheim
Germany

Managing Director: Jochen Pawlisch

Phone: +49 160 98 75 07 91
E-mail: hello@evocon.studio
Website: www.evocon.studio

2.2 General Information

The protection of your personal data is very important to us. We process personal data exclusively in accordance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, name, address, telephone number, email address, IP address, or order details.

2.3 Scope of Data Processing

We process personal data only to the extent necessary,

  • to provide our website,
  • to process inquiries,
  • to prepare quotes,
  • to handle contracts,
  • to manufacture and deliver custom 3D-printed parts,
  • to use uploaded CAD files for quoting and manufacturing,
  • to comply with statutory retention obligations,
  • as well as to improve our website and our offerings.

2.4 Legal bases

Depending on the type of processing, processing is carried out in particular on the basis of:

  • Art. 6(1)(a) GDPR (consent),
  • Art. 6(1)(b) GDPR (contract or pre-contractual measures),
  • Art. 6(1)(c) GDPR (legal obligation),
  • Art. 6(1)(f) GDPR (legitimate interest).

2.5 Recipients of personal data

Personal data is only transmitted where necessary for the provision of our services or where we are legally obliged to do so. Recipients may include, in particular, hosting service providers, payment service providers, shipping service providers, and technical service providers responsible for operating the website.

2.6 Storage period

We store personal data only for as long as is necessary for the respective processing purposes or as required by statutory retention periods. Once the purpose of processing no longer applies, the data is deleted or restricted in accordance with legal requirements.

2.7 Data security

We implement appropriate technical and organizational measures to protect personal data against loss, manipulation, unauthorized access, or other forms of unauthorized processing. Our security measures are continuously updated in line with technological developments.

Chapter 3 – Hosting and server log files

3.1 Website hosting

Our website is operated by an external hosting service provider. To ensure the secure and reliable operation of the website, personal data that is technically necessary when visiting the website is processed.

Where legally required, a data processing agreement pursuant to Art. 28 GDPR is in place with the hosting service provider.

Once the final technical hosting provider has been determined, their name and other details required under data protection law will be added to this privacy policy.

3.2 Server log files

When you access our website, the hosting service provider automatically collects information and stores it in so-called server log files. This data is technically necessary to provide the website, ensure its security, and analyze errors.

In particular, the following data may be processed:

  • IP address of the accessing device
  • Date and time of access
  • Pages and files accessed
  • Volume of data transmitted
  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited website)
  • Hostname of the accessing computer
  • Access status (HTTP status code)

3.3 Purpose of processing

Processing takes place, in particular, for the following purposes:

  • Provision of the website
  • Ensuring system security
  • Detection and prevention of attacks
  • Error analysis and system maintenance
  • Optimization of technical performance

3.4 Legal basis

Processing is carried out on the basis of Art. 6(1)(f) GDPR.

Our legitimate interest lies in providing our website in a secure, stable, and technically error-free manner.

3.5 Storage period

Server log files are stored only for as long as is necessary to ensure secure operation and to investigate security incidents. They are subsequently deleted or anonymized, unless statutory retention obligations prevent this.

3.6 Data disclosure

As a general rule, the data contained in the server log files is not disclosed to third parties, unless

  • this is required by law,
  • the disclosure is necessary for the establishment, exercise, or defense of legal claims,
  • or it is necessary for the investigation of security incidents.

3.7 Data Security

The hosting service provider implements appropriate technical and organizational measures to protect personal data against loss, manipulation, unauthorized access, or other forms of unauthorized processing. The security measures employed are regularly reviewed and updated in line with the state of the art.

Chapter 4 – Contact Form and E-mail Communication

4.1 Contacting Us

You have the option to contact us via the contact form provided on our website or by e-mail.

In connection with your inquiry, we process only the personal data that you voluntarily provide to us or that is necessary to process your request.

This may include, in particular:

  • First and last name
  • Company name
  • Email address
  • Phone number
  • Address (if provided)
  • Content of your message
  • Details regarding your project
  • Uploaded documents or attachments
  • Date and time of the inquiry

4.2 Purpose of processing

Your personal data is processed exclusively for the following purposes:

  • Processing your contact inquiry
  • Communicating with you
  • Preparing customized quotes
  • Preparing or executing a contract
  • Handling technical or commercial inquiries
  • Documenting business communication

4.3 Legal basis

Depending on the content of your inquiry, processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR, provided the inquiry serves the purpose of initiating or performing a contract.
  • Art. 6(1)(f) GDPR, provided our legitimate interest lies in the efficient processing of general inquiries.
  • Art. 6(1)(a) GDPR, provided you voluntarily submit information that goes beyond the processing of your inquiry and consent is required.

4.4 Data Storage

Your data will only be stored for as long as is necessary to process your request, perform a contract, or comply with statutory retention obligations.

Once the respective purpose no longer applies and there are no longer any statutory retention obligations, the data will be deleted or anonymized.

4.5 Disclosure of Personal Data

In principle, your personal data will only be disclosed if this is necessary to process your request or perform a contract.

Recipients may include, in particular:

  • Hosting service providers
  • IT service providers
  • Payment service providers
  • Shipping service providers
  • External manufacturing or production partners (insofar as necessary for the execution of your order)

Any further disclosure of data occurs only on the basis of legal obligations or with your express consent.

4.6 Communication Security

Please note that, despite modern security measures, data transmission over the Internet can inherently be subject to security risks.

Our website uses encrypted transmission methods (SSL/TLS) to provide the best possible protection for personal data against unauthorized access during transmission.

4.7 Communication via E-Mail

If you contact us via e-mail, the data you transmit will be used exclusively to process your inquiry.

Please note that unencrypted e-mails can theoretically be viewed by third parties during transmission. For highly confidential information, we therefore recommend using encrypted communication channels or coordinating with us in advance.

4.8 Business Communication

In the context of existing or prospective business relationships, we store the communication data necessary for the performance of the contract. This includes, in particular, e-mails, quotes, order confirmations, invoices, and other business-related correspondence, insofar as this is required for contract execution or the fulfillment of legal obligations.

Chapter 5 – Cookies and Consent Management

5.1 General Information

Our website uses cookies and similar technologies to ensure the website's functionality, improve user-friendliness, and—provided you have given your consent—conduct statistical analyses and marketing activities.

Cookies are small text files that are stored on your device and contain specific information. Some cookies are technically necessary, while others serve analytical, convenience, or marketing purposes.

5.2 Types of Cookies

Technically necessary cookies

These cookies are required for the operation of the website and cannot be deactivated. Among other things, they enable:

  • Provision of the website
  • Storage of security settings
  • Protection against misuse
  • Session management
  • Shopping cart functions
  • Storage of cookie settings

Processing is carried out on the basis of Art. 6(1)(f) GDPR and—where applicable—Section 25(2) TTDSG.

Statistics and analytics cookies

Analytics cookies help us understand how visitors use our website. This allows us to continuously improve content and features.

These cookies are only set with your explicit consent.

Legal basis:

  • Art. 6 Paragraph 1 Letter a GDPR
  • Section 25 Paragraph 1 TTDSG

Marketing cookies

Marketing cookies enable the display of relevant content and advertising to visitors and allow for the measurement of the success of advertising campaigns.

In this context, information regarding your usage behavior may be processed and transmitted to external services.

Marketing cookies are used only with your explicit consent.

5.3 Consent management

A cookie banner is displayed when you first visit our website.

  • Using this banner, you can select
  • which cookie categories you wish to allow,
  • which services may be activated,
  • and change or withdraw your consent at any time.

Your selection will be documented and stored to comply with legal documentation requirements.

5.4 Withdrawal of Consent

You can withdraw or modify your consent at any time with effect for the future.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5.5 Storage Period

The storage period of the cookies used depends on their respective purpose.

Session cookies are automatically deleted after your visit ends.

Persistent cookies remain on your device until they expire automatically or are deleted by you.

5.6 Browser Management

You can configure your browser to

  • cookies are permitted only on a case-by-case basis,
  • cookies are generally rejected,
  • cookies are automatically deleted when the browser is closed,
  • or you are notified when new cookies are set.

Please note that if you deactivate technically necessary cookies, certain functions of our website may not be available or may only be available to a limited extent.

5.7 Services listed below

Later in this privacy policy, we provide detailed information about the specific analytics, marketing, and payment services used on our website. These include, in particular, Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, Google Maps, SeekMake, Stripe, and PayPal.

Chapter 6 – Google Analytics

6.1 Description of the service

Provided you have given your consent, we use Google Analytics on our website; this is a web analytics service provided by Google LLC or—where applicable for users in the European Economic Area—by Google Ireland Limited.

Google Analytics enables us to statistically analyze the usage behavior of our website visitors. This provides us with information regarding the use of individual pages, visitor origins, the devices and browser types used, and other statistical metrics. These insights help us to continuously improve our online services.

6.2 Purpose of processing

Processing is carried out for the following purposes in particular:

  • Analysis of website usage
  • Optimization of user-friendliness
  • Improvement of our content and services
  • Monitoring the success of marketing activities
  • Detection of technical issues
  • Statistical analysis

No decisions are made solely on the basis of automated processing.

6.3 Processed data

In the course of using Google Analytics, the following data in particular may be processed:

  • truncated IP address (IP anonymization, if enabled)
  • browser type and version
  • operating system
  • device type
  • screen resolution
  • language settings
  • referrer URL
  • pages visited
  • duration of visit
  • click behavior
  • date and time of visit
  • approximate geographic location
  • events and interactions within the website

Depending on the configuration, additional technical information may be processed.

6.4 Legal basis

Google Analytics is used solely based on your explicit consent.

The legal basis is:

  • Art. 6 Paragraph 1 Letter a GDPR
  • Section 25 Paragraph 1 TTDSG

No processing via Google Analytics takes place without your consent.

6.5 Retention period

The retention period for data collected via Google Analytics depends on the settings configured in our Analytics account. Once the specified retention period has expired, the data is automatically deleted or anonymized.

6.6 Data transfer

As part of the use of Google Analytics, personal data may be processed by companies within the Google group.

Where data is processed outside the European Economic Area, this is done on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

6.7 Withdrawal of consent

You may withdraw or adjust your consent at any time with effect for the future via our consent management system.

Furthermore, you can prevent the storage of cookies by adjusting your browser settings accordingly. However, doing so may limit the functionality of our website.

6.8 Further information

Further information regarding data processing by Google can be found in Google’s privacy information and in the information regarding Google Analytics.

Please note that Google’s data processing practices and the features offered may change over time. Therefore, the provider’s current information is also authoritative.

Chapter 7 – Google Tag Manager

7.1 Description of the Service

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is used exclusively for the centralized management and deployment of website tags. In principle, no user profiles are created and no independent analyses are performed via the Tag Manager itself. It enables the technical integration of other services, such as analytics or marketing tools.

7.2 Purpose of Processing

Google Tag Manager is used for the following purposes in particular:

  • Management of website tags
  • Integration of technical services
  • Simplification of administration
  • Website optimization
  • Control of analytics and marketing services
  • Improvement of loading and management processes

7.3 Processed Data

Google Tag Manager itself does not generally process personal data for analysis or marketing purposes.

However, when our website is accessed, a connection to Google servers may be established. In this process, the following technical information, in particular, may be processed:

  • IP address
  • Browser information
  • Operating system
  • Device information
  • Time of page access
  • Technical connection data

If additional services (e.g., Google Analytics or Google Ads) are integrated via Google Tag Manager, the respective data protection policies of those services also apply.

7.4 Legal basis

Where Google Tag Manager is used exclusively to provide technically necessary functions, processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

If services are loaded via Google Tag Manager that use cookies or similar technologies for analysis or marketing purposes, they are activated solely upon your express consent pursuant to:

  • Art. 6 Paragraph 1 Letter a GDPR
  • Section 25 Paragraph 1 TTDSG

7.5 Data Transfer

When using Google Tag Manager, technical data may be transmitted to companies within the Google corporate group.

Where personal data is processed outside the European Economic Area, this is done on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

7.6 Storage Period

Google Tag Manager itself does not generally store personal usage data. The storage period depends on the specific services integrated via Tag Manager.

7.7 Withdrawal of Consent

Where analytics or marketing services are integrated via Google Tag Manager, you may withdraw or modify your consent at any time—with effect for the future—using the consent management system implemented on our website.

7.8 Further Information

Further information regarding data processing in connection with Google Tag Manager can be found in Google’s privacy information.

Please note that Google Tag Manager serves solely as a technical management system. The data processing carried out by the integrated services is subject to the respective privacy policies of the individual providers.

Chapter 8 – Meta Pixel (Facebook Pixel)

8.1 Description of the Service

Provided you have given your express consent, our website uses the Meta Pixel from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

The Meta Pixel enables us to analyze the effectiveness of our online advertising campaigns, track visitor traffic, and display interest-based advertising on Meta’s platforms (specifically Facebook and Instagram).

8.2 Purpose of Processing

The use of the Meta Pixel serves the following purposes in particular:

  • Analysis of user behavior on our website
  • Measuring the success of advertising campaigns
  • Reach analysis
  • Optimization of our online marketing activities
  • Generation of statistical reports
  • Display of interest-based advertising
  • Creation of target groups (Custom Audiences)
  • Reaching similar target groups (Lookalike Audiences)

8.3 Processed data

In the course of using the Meta Pixel, the following data in particular may be processed:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Referrer URL
  • Pages visited
  • Click behavior
  • Duration of visit
  • Content accessed
  • Events (e.g., page views, contact requests, completed orders)
  • Date and time of the visit

Depending on the configuration, additional technical information may be processed.

8.4 Legal basis

The Meta Pixel is used solely based on your explicit consent.

The legal basis is:

  • Art. 6 Paragraph 1 Letter a GDPR
  • Section 25 Paragraph 1 TTDSG

The Meta Pixel will not be activated without your consent.

8.5 Data Transfer

In the course of using the Meta Pixel, personal data may be transferred to companies within the Meta corporate group.

Where data is processed outside the European Economic Area, this takes place on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

8.6 Storage Period

The storage period depends on the respective settings of the Meta services and the retention periods established by Meta. EVOCON Studio has only limited influence over these retention periods.

8.7 Withdrawal of Consent

You may withdraw or adjust your consent at any time, with effect for the future, via the consent management system used on our website.

The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

8.8 Joint Controllership

Where provided for by law, joint controllership between EVOCON Studio and Meta may exist for certain processing operations. The respective responsibilities are determined by Meta’s agreements and privacy information.

8.9 Further Information

Further information regarding data processing by Meta, as well as your options for adjusting settings and objecting to processing, can be found in Meta’s current privacy information.

Please note that the functionality and scope of data processing by Meta are subject to change. Therefore, the provider’s current information also applies and is authoritative.

Chapter 10 – Google Maps

10.1 Description of the Service

Maps and location information can be embedded on our website via the Google Maps service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps enables the visual display of locations as well as convenient route planning to our company headquarters.

10.2 Purpose of Processing

The integration of Google Maps serves the following purposes in particular:

  • Display of our company location
  • Provision of an interactive map
  • Assistance with route planning
  • Improvement of our website's usability
  • Optimization of our service offerings

10.3 Processed Data

When a page containing embedded Google Maps is accessed, the following data, in particular, may be processed:

  • IP address
  • Browser information
  • Operating system
  • Device information
  • Date and time of the page visit
  • Referrer URL
  • Map function usage data
  • Location data (only if you enable this in your browser or on your device)

If you are logged into a Google account while using the service, Google may associate this usage with your user account.

10.4 Legal basis

Google Maps is integrated solely based on your explicit consent.

The legal basis is:

  • Art. 6 Paragraph 1 Letter a GDPR
  • Section 25 Paragraph 1 TTDSG

Google Maps will not load without your consent.

10.5 Data Transfer

Use of Google Maps may result in the transfer of personal data to companies within the Google group.

Where data is processed outside the European Economic Area, this is done on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

10.6 Storage Period

The storage period for data processed in connection with Google Maps is determined by Google’s privacy policies and data retention periods.

EVOCON Studio has no direct influence on this storage period.

10.7 Withdrawal of Consent

You may withdraw or modify your consent at any time via our website’s consent management system, with effect for the future.

Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

10.8 Further Information

Further information regarding Google’s processing of personal data and your data protection rights can be found in Google’s current privacy information.

Please note that Google may continuously develop its services and the associated data processing activities. Therefore, the provider’s current information is also authoritative.

Chapter 11 – SeekMake Online Configurator (iFrame)

11.1 Description of the Service

An online configurator for calculating costs and placing orders for custom 3D printing jobs is integrated into our website. The configurator is provided by an external service provider (SeekMake) via an iFrame.

This integration allows visitors to upload CAD files, select materials, configure manufacturing options, and retrieve pricing and delivery information.

11.2 Purpose of Processing

The integration of the configurator serves the following purposes in particular:

  • Provision of an online quote calculator for 3D printing orders
  • Upload and processing of CAD files
  • Selection of materials and manufacturing options
  • Generation of custom quotes
  • Preparation and processing of orders
  • Optimization of order fulfillment

11.3 Processed data

When using the configurator, the following data in particular may be processed:

  • IP address
  • Browser and device information
  • Date and time of use
  • Technical connection data
  • Uploaded CAD files (e.g., STL, STEP, 3MF, OBJ, IGES)
  • Project-related information
  • Material and manufacturing parameters
  • Pricing and quote data
  • Contact details, insofar as these are provided in connection with an inquiry or order

11.4 CAD Files

The CAD files you upload are processed exclusively for the purposes of preparing a quote, technical review, production planning, and order processing.

By uploading the files, you confirm that you hold the necessary rights to the transmitted files and that their use does not infringe upon the rights of third parties.

11.5 Legal basis

Depending on the usage, processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR (pre-contractual measures and performance of a contract),
  • Art. 6(1)(f) GDPR (legitimate interest in providing an online configurator),
  • Art. 6(1)(a) GDPR, insofar as consent is required for specific processing operations.

11.6 Transfer of Personal Data

Where necessary to process your inquiry or execute your order, data may be transmitted to the operator of the configurator as well as to other service providers involved in manufacturing or technical provision.

Any transfer beyond this scope occurs only on a legal basis or with your consent.

11.7 Confidentiality

As a general rule, we treat uploaded CAD files and technical project information confidentially and use them exclusively to process your inquiry or order.

Use for other purposes occurs only with your express consent or due to legal obligations.

11.8 Storage Period

Project and customer data are stored only for as long as is necessary to process the inquiry, execute the contract, or comply with statutory retention obligations.

Data that is no longer required is deleted or anonymized, provided there are no statutory retention obligations to the contrary.

11.9 Further Information

Supplementary information regarding data processing by the operator of the configurator can be found in their current privacy policy.

Independently of this, the provisions of this privacy policy apply to the processing of personal data by EVOCON Studio.

Chapter 12 – Stripe (Payment Processing)

12.1 Description of the Service

We use the payment service provider Stripe to process online payments. Payment processing is carried out by Stripe Payments Europe Ltd. and—depending on the type of transaction—other companies within the Stripe group.

Stripe enables the secure processing of electronic payments and supports various payment methods.

12.2 Purpose of Processing

Personal data is processed for the following purposes, in particular:

  • Execution of payment transactions
  • Payment authorization
  • Fraud prevention
  • Payment verification
  • Invoicing
  • Refunds
  • Compliance with statutory documentation obligations

12.3 Processed Data

In the course of payment processing, the following personal data, in particular, may be processed:

  • Name
  • Billing address
  • Delivery address
  • Email address
  • Payment amount
  • Currency
  • Order number
  • Customer number
  • Transaction data
  • Device information
  • IP address
  • Browser information
  • Technical connection data

EVOCON Studio does not, as a general rule, receive full credit card or account details. These are processed directly by Stripe.

12.4 Legal basis

Processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(c) GDPR (legal obligations)
  • Art. 6(1)(f) GDPR (fraud prevention and secure payment processing)

12.5 Data Transmission

To process the payment, personal data may be transmitted to Stripe and—where necessary—to participating banks, payment networks, or other payment service providers.

If data is processed outside the European Economic Area, this is done on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

12.6 Retention Period

The retention period is determined by statutory retention obligations as well as Stripe’s data protection requirements.

EVOCON Studio stores billing-related data only for as long as is legally required.

12.7 Payment Processing Security

According to its own statements, Stripe employs extensive technical and organizational security measures to protect payment information and prevent unauthorized access.

Payment data is transmitted in encrypted form.

12.8 Further Information

You can find further information regarding data processing by Stripe, the security measures employed, and your data protection rights in Stripe’s current privacy policy.

The provisions described therein supplement this Privacy Policy.

Chapter 13 – PayPal (Payment Processing)

13.1 Description of the Service

We offer our customers the PayPal payment method for processing online payments. The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.

Payment processing is handled directly by PayPal. EVOCON Studio receives only the payment information necessary to process the contract.

13.2 Purpose of Processing

Personal data is processed for the following purposes, in particular:

  • Execution of payment transactions
  • Authorization of payments
  • Fraud prevention
  • Creditworthiness and risk assessment (where carried out by PayPal)
  • Refunds
  • Compliance with statutory record-keeping obligations
  • Documentation of completed transactions

13.3 Processed Data

In the course of payment processing, the following data in particular may be processed:

  • Name
  • Billing address
  • Delivery address
  • Email address
  • Payment amount
  • Currency
  • Order number
  • Transaction data
  • IP address
  • Browser information
  • Device information
  • Technical connection data

The specific data depends on the selected payment method and the respective security and verification procedures of PayPal.

13.4 Legal basis

Processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(c) GDPR (legal obligations)
  • Art. 6(1)(f) GDPR (security of payment processing and fraud prevention)

13.5 Data Transmission

To process the payment, personal data may be transmitted to PayPal and, where applicable, to other financial service providers or banks involved in the payment process.

If personal data is processed outside the European Economic Area, this is done on the basis of appropriate safeguards in accordance with the requirements of the GDPR.

13.6 Retention Period

EVOCON Studio stores data relevant to accounting and tax law exclusively to the extent required by law and for the prescribed retention periods.

In addition, PayPal’s data protection and data retention policies apply.

13.7 Security

According to its own statements, PayPal employs extensive security mechanisms to protect payment information against unauthorized access.

Payment processing takes place via encrypted connections using state-of-the-art technology.

13.8 Further Information

Further information regarding the processing of personal data and your rights can be found in PayPal’s current privacy policy.

These supplement the provisions of this privacy statement.

Chapter 14 – Shipping and Delivery (DHL)

14.1 General Information

We engage shipping service providers to deliver our goods and custom-manufactured 3D-printed products. Shipping is currently handled exclusively via DHL.

Personal data is transmitted only to the extent necessary to carry out the delivery.

14.2 Purpose of Processing

The processing of personal data serves the following purposes in particular:

  • Execution of delivery
  • Shipping processing
  • Delivery of the order
  • Shipment tracking
  • Shipping status notification
  • Processing of returns and complaints

14.3 Processed Data

To carry out the shipment, the following personal data in particular may be transmitted to the shipping service provider:

  • First and last name
  • Company name (if provided)
  • Delivery address
  • Billing address (if required)
  • Email address (if used for shipping information)
  • Telephone number (if required)
  • Order number
  • Shipping information
  • Package details
  • Tracking number

14.4 Legal basis

Processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(c) GDPR (legal obligations)

14.5 Data Transfer

Data is transferred exclusively to the shipping service provider commissioned for the delivery and—where necessary—to other companies involved in the delivery process.

Any transfer beyond this scope occurs only due to legal obligations or with your express consent.

14.6 Retention Period

Shipping and delivery data are stored in accordance with statutory commercial and tax law retention requirements.

Once the statutory periods have expired, the data is deleted unless further storage is required.

14.7 Shipment Tracking

If shipment tracking is offered, you can track the current shipping status of your order using the provided tracking number.

The data required for this purpose is processed as part of the performance of the contract.

14.8 Further Information

Further information regarding the processing of personal data by DHL can be found in the shipping service provider's current data protection information.

The provisions described therein supplement this privacy policy.

Chapter 15 – Rights of Data Subjects

15.1 General Information

When we process your personal data, you have various rights under the General Data Protection Regulation (GDPR). You may exercise these rights against EVOCON Studio UG (haftungsbeschränkt) at any time.

To exercise your rights, you may contact us at any time:

EVOCON Studio UG (haftungsbeschränkt)
Alte Rathausgasse 2a
74924 Neckarbischofsheim
Germany

E-mail: hello@evocon.studio

 

15.2 Right of access

In accordance with Article 15 of the GDPR, you have the right to request information about the following:

  • whether we process personal data concerning you,
  • which data are processed,
  • the purposes for which the processing takes place,
  • the recipients to whom the data have been or will be disclosed,
  • how long the data will be stored,
  • as well as further information regarding the data processing.

 

15.3 Right to Rectification

In accordance with Article 16 of the GDPR, you have the right to request the immediate rectification of inaccurate personal data concerning you.

You also have the right to request the completion of incomplete personal data.

 

15.4 Right to Erasure

Under the legal conditions set out in Article 17 of the GDPR, you have the right to request the erasure of your personal data.

This applies in particular if

  • the purpose of processing no longer applies,
  • you withdraw your consent,
  • the processing is unlawful,
  • or there is a legal obligation to erase the data.

Statutory retention obligations remain unaffected by this.

 

15.5 Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, provided the statutory requirements for doing so are met.

 

15.6 Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or—where technically feasible—to have it transmitted to another controller.

 

15.7 Right to object

Where we process personal data based on Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to such processing at any time for reasons arising from your particular situation.

If personal data is processed for direct marketing purposes, you may object to such processing at any time without providing a reason.

 

15.8 Withdrawal of consent

You may withdraw any consent you have given at any time, with effect for the future.

The withdrawal does not affect the lawfulness of processing carried out based on consent prior to the withdrawal.

 

15.9 Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

The competent authority is, in particular, the data protection supervisory authority of your habitual residence, your place of work, or the place of the alleged data protection infringement.

 

15.10 Automated decision-making

As a general rule, EVOCON Studio does not engage in decision-making based solely on automated processing—including profiling—within the meaning of Art. 22 GDPR, unless expressly described otherwise in the context of specific services.

 

15.11 Exercising your rights

To exercise your data protection rights, a simple informal notification sent to the contact details provided in the Legal Notice or in this Privacy Policy is sufficient.

We will review and process your request in accordance with statutory requirements.

 

Chapter 16 – Retention Period and Deletion of Personal Data

16.1 Principle of storage limitation

EVOCON Studio processes personal data only for as long as is necessary to fulfill the respective processing purposes or as long as statutory retention periods require longer storage.

Once the respective processing purpose ceases to apply, personal data are deleted, anonymized, or—where required by law—restricted (blocked) for the duration of statutory retention periods.

 

16.2 Retention period by data category

Different retention periods apply depending on the type of processing.

Contact inquiries

Data from contact forms and email inquiries are generally stored only for as long as is necessary to process the inquiry.

If a contractual relationship is established, the data become part of the contract documentation.

 

Quotation data

Quotations, technical queries, and project-related correspondence may be stored for a reasonable period to enable responses to follow-up questions or the processing of subsequent orders.

 

Contract and order data

Data from contracts, orders, invoices, and other business documents are stored in accordance with statutory commercial and tax law retention obligations.

 

Payment data

Payment information is stored solely in compliance with statutory obligations.

Actual payment processing is handled by the respective payment service providers used.

 

Shipping data

Shipping and delivery information is stored for as long as is necessary for contract fulfillment, documentation, and compliance with statutory obligations.

 

CAD files and technical project data

Uploaded CAD files, drawings, models, and technical project information are generally stored only for as long as...

  • for the preparation of quotations,
  • for production,
  • for documentation,
  • for the processing of complaints,
  • or is required due to legal obligations.

After completion of the project, the data can be deleted or archived, if necessary.

Server Log Files

Server log files are stored only for the technically necessary period and are then deleted or anonymized, unless legal or security-related reasons require longer storage.

Analytics and Marketing Data

Storage periods in connection with Google Analytics, Meta Pixel, LinkedIn Insight Tag, or similar services are governed by the respective settings of the systems used and the privacy policies of the respective providers.

 

16.3 Statutory Retention Obligations

Where statutory retention obligations exist, personal data is stored in accordance with the applicable commercial, tax, or other legal regulations.

During this period, the data is processed exclusively for the legally required purposes.

 

16.4 Deletion of Personal Data

After the respective retention period has expired, personal data is deleted or permanently anonymized, provided that

· no statutory retention obligations exist,

· no legitimate interests justify further storage,

· and the data are no longer required for the establishment, exercise, or defense of legal claims.

 

16.5 Data Security

Even during storage, personal data is protected against loss, unauthorized access, manipulation, or other unlawful processing by appropriate technical and organizational measures.

 

Chapter 17 – SSL/TLS Encryption and Data Security

17.1 Encrypted Data Transmission

 

To protect your personal data and confidential content, the EVOCON Studio UG (limited liability) website uses state-of-the-art SSL/TLS encryption.

You can usually recognize an encrypted connection by the address bar of your browser (https://) and the padlock icon in your browser.

Encryption prevents unauthorized third parties from reading or altering data transmitted between your device and our web server.

 

17.2 Protection of Personal Data

EVOCON Studio implements appropriate technical and organizational measures to protect personal data against

  • unauthorized access,
  • loss,
  • manipulation,
  • destruction,
  • disclosure,
  • as well as other impermissible processing

to protect.

The security measures implemented are regularly reviewed and updated to reflect the state of the art.

 

17.3 Access Protection

Access to personal data is restricted to those individuals who require such data to perform their respective tasks.

All access rights are granted based on the principle of necessity and are regularly reviewed.

 

17.4 Protection of Uploaded CAD Files

As EVOCON Studio offers, among other things, customized design and manufacturing services, technical drawings, CAD models, and other project documents may be submitted when using the online configurator.

This data is handled with special care and used exclusively for:

  • Preparation of quotations,
  • technical review,
  • production planning,
  • manufacturing,
  • quality control,

as well as for contract processing

is processed.

As a general rule, the data is not used for other purposes unless there is a legal basis or express consent for doing so.

 

17.5 Data Security at Service Providers

To the extent that external service providers (e.g., hosting, payment, shipping, or manufacturing service providers) process personal data on behalf of EVOCON Studio UG (limited liability), these providers are carefully selected and—where legally required—engaged on the basis of a data processing agreement pursuant to Article 28 GDPR.

 

17.6 Internet Communication

Despite extensive technical security measures, data transmission over the internet can never be completely protected from access by third parties.

Complete protection of all data from access by third parties is technically impossible.

For this reason, we recommend transmitting particularly confidential information exclusively via agreed-upon or additionally secured communication channels.

 

17.7 Continuous Improvement

The technical and organizational measures for data security are regularly reviewed and continuously improved to comply with legal requirements and the current state of the art.

Chapter 18 – Changes to this Privacy Policy and Final Provisions

 

18.1 Current Status of this Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data in connection with the use of the website and the services offered by EVOCON Studio UG (limited liability).

It applies to all areas of our website and the services offered through it, in particular in connection with engineering services, CAD design, product development, prototype production, 3D printing, small-batch production, and the associated online services.

 

18.2 Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy if this is necessary due to

  • legislative changes,
  • new regulatory requirements,
  • changes in case law,
  • technical advancements,
  • new services,
  • new features of our website,
  • or changes to our business processes

becomes necessary.

The current version is available on our website at any time.

 

18.3 Scope

This privacy policy applies exclusively to data processing by EVOCON Studio UG (limited liability).

For external websites, services, or applications that we link to or that are integrated into our website, the privacy policies of the respective providers apply exclusively.

 

18.4 References to external services

Our website may contain links to or integrations of external services, particularly in connection with

  • payment services,
  • shipping services,
  • analytics and marketing services,
  • map data,
  • technical platforms,
  • or online configurators.

EVOCON Studio assumes no responsibility for the content or data protection practices of these external providers. Please also consult the respective privacy policies of the providers in question.

 

18.5 Questions regarding data protection

Should you have any questions regarding the processing of your personal data or the exercise of your data protection rights, you may contact us at any time.

EVOCON Studio UG (limited liability)
Alte Rathausgasse 2a
74924 Neckarbischofsheim
Germany

Phone: +49 160 98 75 07 91
E-mail: hello@evocon.studio

 

18.6 Status of the privacy policy

Status: June 2026

This privacy policy is reviewed regularly and updated as necessary to comply with applicable legal requirements and to reflect technical developments regarding our website and services.

 

EVOCON Studio UG
Alte Rathausgasse 2a, 
74924 Neckarbischofsheim

Phone Number: +49 160 98750791
E-Mail-adress: hello@evocon.studio

EVOCON Studio UG
Alte Rathausgasse 2a, 
74924 Neckarbischofsheim
Telefon: +49 160 98750791
E-Mail-adress: hello@evocon.studio
Data Protection | Legal Notice
Terms and Conditions

Made with by EasyBrand.biz