Privacy Policy

1. Controller

The controller responsible for the processing of personal data on this Website within the meaning of Art. 4 No. 7 GDPR is:

A separate Data Protection Officer has not been appointed, as the statutory requirements under Art. 37 GDPR and § 38 BDSG do not apply.

2. Your Rights as a Data Subject

You have the following rights with regard to personal data concerning you:

• Right of access (Art. 15 GDPR): the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where this is the case, access to such data.
• Right to rectification (Art. 16 GDPR): the right to obtain the correction of inaccurate personal data.
• Right to erasure (Art. 17 GDPR): the right to obtain the deletion of personal data, provided one of the legal grounds applies.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object (Art. 21 GDPR): you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data which is based on Art. 6 (1) (e) or (f) GDPR.
• Right to withdraw consent (Art. 7 (3) GDPR): where processing is based on your consent, you may withdraw it at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal remains unaffected.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): you may lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement. The competent supervisory authority for us is:

To exercise any of these rights, please contact us at hello@pestrouting.com.

3. Legal Bases for Processing

We process personal data on the following legal bases of Art. 6 (1) GDPR:

• (a) Consent – where you have given us your consent (e.g. for non-essential cookies and analytics).
• (b) Contract – where processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request (e.g. handling a demo request).
• (c) Legal obligation – where processing is required to comply with a legal obligation (e.g. retention periods under tax and commercial law).
• (f) Legitimate interests – where processing is necessary for our legitimate interests (e.g. ensuring the security and functionality of our Website), provided your interests or fundamental rights do not override these.

For the storage of information in or access to information already stored on your terminal device (e.g. cookies), § 25 TDDDG additionally applies. Where consent is required under § 25 (1) TDDDG, we obtain it through our consent banner; technically necessary processing is based on § 25 (2) No. 2 TDDDG.

4. Server Log Files (Hosting)

When you visit our Website, our hosting provider automatically collects and stores information that your browser transmits to us in so-called server log files. This includes:

• IP address (anonymized after the session, where technically possible)
• Date and time of the request
• Time zone difference to GMT
• Content of the request (specific page accessed)
• HTTP status code
• Amount of data transferred
• Referrer URL
• Browser, browser version and operating system

This data is processed for the purpose of ensuring a smooth connection, comfortable use of our Website, evaluating system security and stability, and for further administrative purposes. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure and reliable operation of the Website). Server log files are stored for a maximum of 14 days and then deleted, unless retention is necessary for evidential purposes (e.g. in the case of an attack).

Hosting Provider:

We have concluded a Data Processing Agreement (DPA) with Hetzner Online GmbH in accordance with Art. 28 GDPR. The servers are located within the European Union (Germany); no transfer of personal data to third countries takes place through hosting. For more information on Hetzner’s data processing, see: https://www.hetzner.com/legal/privacy-policy/

5. Cookies and Consent Management

Our Website uses cookies and comparable technologies (e.g. local storage) to enable certain functions and to analyze usage of the Website.

• Essential cookies are technically required to provide the Website and the consent banner itself. Legal basis: § 25 (2) No. 2 TDDDG; Art. 6 (1) (f) GDPR.
• Non-essential cookies (in particular for analytics – see PostHog below) are only set after you have actively given your consent via our consent banner. Legal basis: § 25 (1) TDDDG and Art. 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future by clearing the stored consent entry in your browser’s site settings; the banner will then reappear on your next visit. The lawfulness of processing carried out before withdrawal remains unaffected.

6. Contact Form and Email Contact

When you contact us via our contact form or by email (hello@pestrouting.com), we process the data you transmit to us (e.g. name, email address, message content) in order to respond to your inquiry.

• Legal basis: Art. 6 (1) (b) GDPR if your inquiry relates to the conclusion or performance of a contract; otherwise Art. 6 (1) (f) GDPR (legitimate interest in answering inquiries).
• Storage period: We delete your inquiry as soon as it is no longer required, unless statutory retention obligations (e.g. § 257 HGB, § 147 AO – up to 6 or 10 years) apply.

7. Demo Requests / Lead Form (HubSpot)

For our demo request and lead form, we use HubSpot, provided by HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA, and HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.

When you submit our demo or contact form, the following data is transmitted to HubSpot and stored in our CRM: name, email address, company, phone number (if provided), and any further details you voluntarily provide, as well as technical metadata (IP address, timestamp, user agent).

• Purposes: processing your demo or contact request, follow-up communication, customer relationship management, and conversion measurement of our marketing activities.
• Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures at your request) and Art. 6 (1) (f) GDPR (legitimate interest in efficient lead management).
• Data Processing Agreement: We have concluded a DPA with HubSpot in accordance with Art. 28 GDPR.
• Third country transfer: HubSpot may process data in the United States. Such transfers are protected by Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and, where applicable, HubSpot’s certification under the EU-U.S. Data Privacy Framework.
• Storage period: Lead data is stored for as long as necessary for the purpose of contacting you and the resulting business relationship, and is then deleted, unless statutory retention obligations apply.

For more information, see HubSpot’s Privacy Policy: https://legal.hubspot.com/privacy-policy

8. Appointment Booking (Cal.com)

For online booking of demo appointments, we use Cal.com, provided by Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA.

When you book an appointment through Cal.com, the following data is processed: your name, email address, the appointment date and time, and any additional information you provide in the booking form. This data is used solely for the purpose of scheduling and confirming the appointment.

• Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in efficient appointment management).
• Data Processing Agreement: A DPA pursuant to Art. 28 GDPR is in place.
• Third country transfer: Where Cal.com processes data in the United States, Standard Contractual Clauses (Art. 46 (2) (c) GDPR) provide appropriate safeguards.
• Storage period: Appointment data is deleted once the appointment has taken place and any follow-up has been completed, unless statutory retention obligations apply.

For more information, see Cal.com’s Privacy Policy: https://cal.com/privacy

9. Web Analytics (PostHog – EU Region, Consent-Based)

We use PostHog for the analysis of the use of our Website, provided by PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. We use the PostHog EU Cloud, which means all event data is stored on servers located within the European Union (Frankfurt, Germany).

PostHog allows us to understand how visitors interact with our Website (e.g. pages viewed, clicks, session duration). For this purpose, PostHog sets cookies and may collect technical data such as IP address (truncated/anonymized), browser, operating system, referrer URL, and interaction events on the Website.

• No tracking without consent: PostHog does not collect any data until you have given your explicit consent via our consent banner. Until then, the PostHog SDK runs in an opted-out state and sets no tracking cookies.
• Legal basis: § 25 (1) TDDDG and Art. 6 (1) (a) GDPR (consent). You can withdraw your consent at any time with effect for the future via your browser’s site settings.
• Data Processing Agreement: We have concluded a DPA with PostHog in accordance with Art. 28 GDPR.
• Third country transfer: Although the data is stored in the EU, PostHog, Inc. is a U.S. company and may, in exceptional cases (e.g. support access), have access from the United States. Such access is protected by Standard Contractual Clauses (Art. 46 (2) (c) GDPR).
• Storage period: Event data is stored for a maximum of 12 months and then deleted or aggregated.

For more information, see PostHog’s Privacy Policy: https://posthog.com/privacy

10. Transfer of Personal Data to Third Countries

Some of the service providers listed above are based in or process data in third countries outside the European Economic Area (in particular the United States). A transfer of personal data to such third countries only takes place where:

• an adequacy decision by the European Commission exists (Art. 45 GDPR), or
• appropriate safeguards within the meaning of Art. 46 GDPR are in place, in particular Standard Contractual Clauses (SCCs), supplemented by additional technical and organizational measures where required, or
• you have given your explicit consent to such transfer (Art. 49 (1) (a) GDPR).

You can request a copy of the relevant safeguards by contacting us at hello@pestrouting.com.

11. Data Security

We use appropriate technical and organizational measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

This Website uses TLS/SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

12. Storage Duration

Unless a more specific retention period is stated above, we store personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by statutory retention periods (in particular under tax and commercial law, e.g. § 257 HGB, § 147 AO – generally 6 or 10 years).

13. No Automated Decision-Making

We do not use any automated decision-making or profiling pursuant to Art. 22 GDPR.

14. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time to reflect changes in our processing activities or in the legal framework. The current version is always available on this page.