Privacy Policy
1. Overview of Data Protection
General Information
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data refers to all data with which you can be personally identified.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice concerning the responsible party" in this privacy policy.
How do we collect your data?
Your data is collected firstly by you providing it to us. This may include data you enter into a contact form.
Other data is automatically collected by our IT systems when you visit the website, either automatically or with your consent. This data primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the website is provided without errors. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future.
2. Cookies and Tracking
Cookies Used
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| alumo_consent | Stores your cookie preferences | 1 year | Essential |
| alumo_visitor | Recognition of returning visitors (anonymous ID) | 1 year | Statistics |
| alumo_session | Association of page views to a visit | 30 minutes | Statistics |
| portal_session | Authentication in the customer portal (JWT) | 24 hours | Essential |
Statistics Tracking
With your consent, we collect anonymous usage data:
- Pages and sections visited
- Time of visit
- Source (referrer, campaign parameters)
- Interactions (e.g., opening the system check)
This data is not linked to your person unless you voluntarily fill out a contact form.
Legal Basis
Essential cookies: Legitimate interest (Art. 6(1)(f) GDPR)
Statistics cookies: Consent (Art. 6(1)(a) GDPR)
Revocation
You can revoke your consent at any time via the "Cookie Settings" link in the footer.
3. Hosting
We host the contents of our website with Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare"). We use Cloudflare Pages for hosting the static website and Cloudflare Workers for server-side processing of forms, blog content, and portal functions.
When visiting our website, technical data (IP address, browser type, operating system, time of access) is automatically processed by Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework (DPF).
Details can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/
The use of Cloudflare is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable and secure possible presentation of our website.
Our email services are provided by united-domains AG, Gautinger Straße 10, 82319 Starnberg (MX records).
4. General Information and Mandatory Information
Notice concerning the responsible party
The responsible party for data processing on this website is:
Alumo Solutions UG
Oberstr. 3
47829 Krefeld
Phone: +49 2151 9132867
Email: mail@alumo.solutions
Storage Duration
Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, the data subjects have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the change in the browser's address line from "http://" to "https://" and the lock symbol in your browser line.
5. Data Collection on This Website
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the fulfillment of a contract or necessary for the implementation of pre-contractual measures.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
6. Customer Portal
Authentication via Magic Link
Our customer portal uses a passwordless login method ("Magic Link"). When you enter your email address, we send you a one-time login link via email. After clicking the link, an encrypted authentication token (JWT) is set as an HttpOnly cookie in your browser. This cookie is valid for 24 hours and allows access to the portal without re-authentication.
Data processed: email address, name, customer association.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Projects and Project Documents
In the portal, you can view your projects and associated documents. This data is stored in Notion and transmitted to you via our servers when accessed.
Invoices and Documents
For customers with Lexware integration, open documents (invoices, credit notes, order confirmations, quotations) are retrieved from the Lexware Office API and displayed in the portal. PDF documents are loaded directly from the Lexware API and forwarded to your browser upon request.
7. Payment Processing
Invoice Payment (DE/EU)
For customers in Germany and the EU, billing is handled via invoice through Lexware Office (Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany). Name, company name, address, and order details are processed for invoice creation.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
8. Social Media Publishing
New blog articles are automatically published on our social media channels (X/Twitter, LinkedIn). Only publicly available content from our website is shared (article title, excerpt, link). No personal data is transmitted to the platforms.
Publishing is carried out via the official platform APIs (X API, LinkedIn Community Management API) on behalf of our company pages.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the distribution of our own content).
9. Service Providers
| Service Provider | Purpose | Location | Legal Basis |
|---|---|---|---|
| Cloudflare, Inc. | Website hosting, CDN, serverless functions | USA (DPF-certified) | Art. 6(1)(f) GDPR |
| Notion Labs, Inc. | Storage of contact requests, blog content, customer data, projects | USA (DPF-certified) | Art. 6(1)(b)/(f) GDPR |
| Resend, Inc. | Email delivery (magic links for portal authentication) | USA | Art. 6(1)(b) GDPR |
| Haufe-Lexware GmbH & Co. KG | Invoicing, document management | Germany | Art. 6(1)(b) GDPR |
| LinkedIn Corp. (Microsoft) | Automated publishing of blog articles on company page | USA (DPF-certified) | Art. 6(1)(f) GDPR |
| X Corp. | Automated publishing of blog articles on company page | USA | Art. 6(1)(f) GDPR |