51.0342°N / 13.7484°E — DRESDEN — SDF HEADQUARTERS
§
HOME/LEGAL/PRIVACY
SECTOR §LEGAL

Privacy Policy

IN ACCORDANCE WITH GDPR · BDSG · TDDDG — LAST UPDATED: JULY 2026

§ 1

General Information & Scope

The protection of your personal data is a central concern for SDF GmbH & Co. KG. We process your data exclusively on the basis of the statutory provisions — in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

This privacy policy provides comprehensive information about the nature, scope, purpose and legal bases of the processing of personal data on the website www.sdf-gmbh.com and about your rights as a data subject.

§ 2

Controller pursuant to Art. 4 No. 7 GDPR

SDF GmbH & Co. KG
Strehlener Straße 77
01069 Dresden, Germany

Managing Director: Dipl.-Ing. Sebastian Fuchs
Phone: +49 351 16097570
Fax: +49 351 89999005
Email: info@sdf-gmbh.com

For all data protection matters, you can reach us directly at the above address or by email, quoting "data protection enquiry". As a security company with a particular focus on data protection, we are personally available for all data protection concerns.

§ 3

Website Visits, Server Log Files & Hosting

This website is hosted by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. The servers are located within the European Union (Germany). IONOS acts as a data processor pursuant to Art. 28 GDPR exclusively on the instructions of SDF GmbH & Co. KG; a data processing agreement (DPA) has been concluded.

When you visit our website, the web server automatically records the following data in so-called server log files:

IP address of the requesting device
Date and time of access
Page or file accessed (URL)
Data volume transferred and HTTP status code
Browser type, browser version and operating system
Referrer URL (previously visited page)
PurposeLegal basisRetention periodRecipients
Technically error-free presentation and optimisation of the website; detection and defence against attacksArt. 6(1)(f) GDPR (legitimate interest in secure and fault-free operation)7 days, then automatic deletionHosting provider IONOS (DPA); no transfer to other third parties
§ 4

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (e.g. contact enquiries and applications), this website uses SSL/TLS encryption. You can recognise an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar. When encryption is activated, the data you transmit to us cannot be read by third parties.

§ 5

Contact Form & Email Contact

When you send us an enquiry via the contact form on this website, we process the data you enter (name, email address, subject, message and optionally company and phone number) in order to handle and respond to your enquiry.

Consent and documentation: The form can only be submitted if you first actively confirm that you have read this privacy policy and consent to the processing of your data (checkbox). To fulfil our obligation to demonstrate consent pursuant to Art. 7(1) GDPR, we log with your enquiry the IP address of your device and the time of consent. This information is transmitted and stored together with your enquiry.

Email delivery: For the technical delivery of form enquiries to our mailbox, we use the email delivery provider Resend (Resend Inc., USA) as a data processor. EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place with Resend; data is transferred to the USA solely for the purpose of email delivery.

PurposeLegal basisRetention periodRecipients
Processing and responding to your enquiry; contract initiation or performanceArt. 6(1)(a) GDPR (consent); Art. 6(1)(b) GDPR (pre-contractual measures); Art. 6(1)(f) GDPR (responding to enquiries)Until processing is complete; thereafter until expiry of statutory retention and limitation periodsOnly internally responsible staff; email delivery provider Resend (DPA)

You may revoke your consent at any time with effect for the future (see Section 13). The lawfulness of processing carried out prior to revocation remains unaffected.

§ 6

Google reCAPTCHA

To protect our contact form against spam and automated abuse, we use Google reCAPTCHA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

reCAPTCHA checks whether an input is made by a human being or abusively by an automated program. To this end, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics (e.g. IP address, time spent on the page, mouse movements). The data collected is forwarded to Google; transmission to Google LLC servers in the USA cannot be ruled out. Google is certified under the EU-US Data Privacy Framework (DPF); an adequate level of data protection is thus ensured.

PurposeLegal basisProviderFurther information
Protection of the contact form against spam and automated abuseArt. 6(1)(f) GDPR (legitimate interest in protecting the website against abuse)Google Ireland Limited, Dublin, Irelandpolicies.google.com/privacy
§ 7

Google Fonts

For the uniform display of fonts, this website uses fonts ("Google Fonts") provided by Google Ireland Limited. When you access a page, your browser loads the required fonts from Google servers; in doing so, your IP address is transmitted to Google.

The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in the uniform and appealing presentation of our online offering. Google has submitted to the EU-US Data Privacy Framework (DPF); an adequate level of protection is therefore ensured. You can prevent Google Fonts from loading via your browser settings (by blocking fonts.googleapis.com); in this case, a standard system font will be used.

§ 8

Google Maps

On our references page, we embed a map provided by Google Maps provided by Google Ireland Limited to show you our location and customer reviews. When you access this page, your browser establishes a connection to Google servers; your IP address is transmitted in the process.

The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in an appealing presentation of our location and customer reviews. Further information can be found in the Google privacy policy.

§ 9

Applications

You can apply to us by email or post. We process your application data (e.g. cover letter, CV, references, contact details) exclusively for conducting the application process and assessing suitability.

Processing phaseLegal basisRetention period
Application process, aptitude assessmentSection 26 (1) BDSG (establishment of an employment relationship); Art. 6(1)(b) GDPRFor the duration of the application process
After rejectionArt. 6(1)(f) GDPR (defence against potential claims, e.g. under the German General Equal Treatment Act)Deletion 6 months after the rejection is sent
Applicant pool (optional)Art. 6(1)(a) GDPR (consent)Up to 12 months upon request
Upon hiringSection 26 BDSG (performance of the employment relationship)Transfer to the personnel file; retention for the duration of the employment relationship plus statutory periods
§ 10

Cookies & Technical Storage

Our website uses no tracking or marketing cookies and no analytics tools. Only technically necessary storage technologies are used:

TechnologyPurposeDurationLegal basis
Session storage (sessionStorage)Technical operation, session management (e.g. controlling page animations)Until the browser tab is closedSection 25 (2) No. 2 TDDDG
Preference storageStoring page settingsUp to 12 monthsSection 25 (2) No. 2 TDDDG

As only technically necessary storage takes place, no cookie banner is required.

§ 11

Transfer of Personal Data

As a matter of principle, your personal data is not passed on to third parties. Exceptions apply only in the following cases:

Consent: You have expressly consented to the transfer pursuant to Art. 6(1)(a) GDPR.
Contract performance: The transfer is necessary for the performance of a contract with you (Art. 6(1)(b) GDPR).
Legal obligation: We are legally or officially obliged to transfer data, e.g. to law enforcement authorities (Art. 6(1)(c) GDPR).
Data processing on our behalf: Transfer to service providers acting on our behalf and according to our instructions, on the basis of a data processing agreement (Art. 28 GDPR).
Legitimate interest: For the establishment, exercise or defence of legal claims (Art. 6(1)(f) GDPR).

Your data is never sold to third parties.

§ 12

Retention Periods & Deletion Deadlines

Personal data is stored only for as long as is necessary for the respective processing purpose or as required by statutory retention obligations:

Data categoryRetention periodBasis
Server log files7 daysOperational necessity
Contact enquiries (general)Until processing is complete + 3-year limitation periodArt. 17 GDPR, Section 195 German Civil Code (BGB)
Business letters / emails6 yearsSection 257 (1) German Commercial Code (HGB)
Tax-relevant documents10 yearsSection 147 German Fiscal Code (AO)
Applications (rejection)6 months after rejectionArt. 6(1)(f) GDPR / German General Equal Treatment Act (AGG)
Personnel data (employees)Duration of employment + statutory periodsSection 26 BDSG
§ 13

Your Rights as a Data Subject

You have the following rights with regard to the personal data we hold about you:

Access to your processed data (Art. 15 GDPR)
Rectification of inaccurate or incomplete data (Art. 16 GDPR)
Erasure ("right to be forgotten", Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing based on legitimate interest (Art. 21 GDPR)
Revocation of granted consent at any time with effect for the future (Art. 7(3) GDPR)

To exercise your rights, an informal message by email is sufficient, addressed to info@sdf-gmbh.com.

§ 14

Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

Saxon Commissioner for Data Protection and Transparency
Devrientstraße 5
01067 Dresden, Germany
Web: www.datenschutz.sachsen.de

§ 15

No Automated Decision-Making

No automated decision-making, including profiling, pursuant to Art. 22 GDPR takes place on this website.

§ 16

Currency of this Privacy Policy

This privacy policy is currently valid; last updated: July 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can always be found on this page.