Privacy
Novero Studio
General Information The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Data Collection on This Website Data processing on this website is carried out by the website operator. You can find their contact details in the "Note on the Responsible Body" section of this privacy policy. Your data is collected on the one hand by you actively communicating it to us (for example, via a contact form). Other data is collected automatically or after your active consent by our IT systems when you visit the website. This is primarily technical data (for example, internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior, provided you have given your express consent. Our technological infrastructure (the so-called Novero Tenant) is fundamentally designed for data economy and local processing. We completely refrain from using external marketing tools and do not transmit any usage data to third-party providers such as Google or Meta.
What Rights Do You Have Regarding Your Data? You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have a right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to demand the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.
Data Protection The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (in particular the European General Data Protection Regulation, GDPR, and the Telecommunications-Digital-Services-Data Protection-Act, TDDDG) and this privacy policy. We point out that data transmission over the Internet can fundamentally have security gaps. Complete protection of data against access by third parties is not technologically feasible.
Note on the Responsible Body The responsible body for data processing on this website is:
Behrens & Wilken GbR Oskar Behrens & Konstantin Wilken c/o WILKENWERK Präsident-Krahn-Straße 18-19 22765 Hamburg Phone: +49 174 5940783 Email: hello@novero.studio
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
Storage Duration Unless a more specific storage period is specified within this privacy policy, your personal data remains with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion takes place after these reasons have ceased to exist.
Revocation of Your Consent to Data Processing Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. To revoke your consent or adjust your preferences, you can access our privacy settings at any time via the consent banner.
SSL or TLS Encryption For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the address line of the browser changing from "http://" to "https://" and by the lock symbol in your browser line. If encryption is activated, the data you transmit to us cannot be read by third parties.
Hosting We host the content of our website on our own servers in the data centers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter: Hetzner). When you visit our website, Hetzner collects various log files including your IP addresses. Details can be found in Hetzner's privacy policy: https://www.hetzner.com/legal/privacy-policy. The use of Hetzner is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation and security of our website. We have concluded a data processing agreement (DPA) with Hetzner to ensure data-protection-compliant processing.
Server Log Files Our infrastructure automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are typically:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
A merging of this data with other data sources is not performed. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.
Contact Inquiries via Email, Telephone, or Contact Form If you contact us via contact form, email, or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent. The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR).
Internal Web Analysis ("Analytics" & "Analytics+") This website uses a specially developed, completely self-hosted solution for web analysis and range measurement. We use this tool to understand user behavior on our website and to continuously improve our offer. Unlike widely used analysis services, no data flows to third parties (such as Google or Meta) with our solution. All collected information remains exclusively on our own servers. We do not use any external marketing or third-party cookies.
Use of Session Storage: For the analysis, we do not use real, permanent cookies. Instead, we use the "Session Storage" of your internet browser. Only temporary identification numbers (analytics_session_id and ap_session_id) are stored in this local memory. These IDs allow our system to associate your different page views during a single visit. As soon as you close the browser tab or the entire browser window, these IDs are automatically and irrevocably deleted from your device.
Collected Data and IP Anonymization: If you agree to the analysis, we record clicks, scroll depth, dwell time, and the visibility of certain texts or images ("Impressions & Views"). We also log the visited URLs on our site, the referrer, and a rough device detection (distinction between mobile and desktop use). A central component of our data protection concept is the strict handling of your IP address. Your IP address is anonymized by our system on the server side before it is stored in our database. First, the last part of the IP address is removed (zeroed). Then, this shortened value is additionally encrypted with a cryptographic SHA256 hash. This mathematical one-way process makes it impossible for us to trace the analysis data stored in our database back to your original IP address or your person.
Legal Basis for Processing: The storage of temporary IDs in the Session Storage of your terminal device and the collection of the aforementioned analysis data takes place exclusively on the basis of your prior, express consent. The legal basis for access to your terminal device is § 25 Para. 1 TDDDG. The legal basis for the subsequent server-side processing of the pseudonymized usage data is Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time via our privacy settings. If you do not give consent, web analysis will not be activated on your terminal device.
Local Hosting of Fonts (Next.js Font Optimization) For the uniform and appealing presentation of texts, our website uses the fonts "Inter" and "Instrument Sans". These fonts are integrated via the next/font/google module. For data protection reasons, we have configured our technical infrastructure (Next.js Font Optimization) so that these fonts are already downloaded during the creation ("Build") of our website and permanently stored on our own server. When you visit our website, the fonts are delivered directly from our server to your browser. No connection to Google servers is established when visiting our website. Consequently, your IP address is not transmitted to Google, and no data transfer to the USA or other third countries takes place. The fonts are de facto locally hosted.
The use of these local fonts is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in a uniform and error-free typographic presentation of our website without endangering the privacy of our visitors through unnecessary data transfers to third parties.
Videos and External Media We place great value on your data sovereignty. Therefore, no external video players or iFrames from third-party providers (such as YouTube or Vimeo) are built into our entire website. All audiovisual content (such as videos in the hero area or in the CasesScroll) is located as direct video files (for example, in .mp4 format) on our own server.
When you play a video on our website, you download the file directly from our host. No data is sent to external video platforms, and no tracking cookies are placed in your browser by video services. Furthermore, we do not embed interactive maps from third-party providers (such as Google Maps). The provision of these locally hosted media is for the optimal presentation of our services based on our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.
Content Delivery Network (Cloudflare) We use the Content Delivery Network (CDN) and security services of Cloudflare (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA) to increase the delivery speed and security of our website. The use is based on our legitimate interest in a secure and performant provision of our online offer according to Art. 6 Para. 1 lit. f GDPR.
To provide this service, all data traffic of our website is routed via Cloudflare's servers, whereby your IP address, the browser used, the operating system, and the access time are processed. Since Cloudflare is based in the USA, a data transfer to a third country takes place. However, the transmission to the USA is legally secured by an adequacy decision of the European Commission, as Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF). For further legal protection, we have concluded a data processing agreement (DPA) with Cloudflare according to Art. 28 GDPR.