The protection of your personal data is a central concern for SDF GmbH & Co. KG. We process your data exclusively on the basis of the statutory provisions — in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).
This privacy policy provides comprehensive information about the nature, scope, purpose and legal bases of the processing of personal data on the website www.sdf-gmbh.com and about your rights as a data subject.
SDF GmbH & Co. KG
Strehlener Straße 77
01069 Dresden, Germany
Managing Director: Dipl.-Ing. Sebastian Fuchs
Phone: +49 351 16097570
Fax: +49 351 89999005
Email: info@sdf-gmbh.com
For all data protection matters, you can reach us directly at the above address or by email, quoting "data protection enquiry". As a security company with a particular focus on data protection, we are personally available for all data protection concerns.
This website is hosted by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. The servers are located within the European Union (Germany). IONOS acts as a data processor pursuant to Art. 28 GDPR exclusively on the instructions of SDF GmbH & Co. KG; a data processing agreement (DPA) has been concluded.
When you visit our website, the web server automatically records the following data in so-called server log files:
| Purpose | Legal basis | Retention period | Recipients |
|---|---|---|---|
| Technically error-free presentation and optimisation of the website; detection and defence against attacks | Art. 6(1)(f) GDPR (legitimate interest in secure and fault-free operation) | 7 days, then automatic deletion | Hosting provider IONOS (DPA); no transfer to other third parties |
For security reasons and to protect the transmission of confidential content (e.g. contact enquiries and applications), this website uses SSL/TLS encryption. You can recognise an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar. When encryption is activated, the data you transmit to us cannot be read by third parties.
When you send us an enquiry via the contact form on this website, we process the data you enter (name, email address, subject, message and optionally company and phone number) in order to handle and respond to your enquiry.
Consent and documentation: The form can only be submitted if you first actively confirm that you have read this privacy policy and consent to the processing of your data (checkbox). To fulfil our obligation to demonstrate consent pursuant to Art. 7(1) GDPR, we log with your enquiry the IP address of your device and the time of consent. This information is transmitted and stored together with your enquiry.
Email delivery: For the technical delivery of form enquiries to our mailbox, we use the email delivery provider Resend (Resend Inc., USA) as a data processor. EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place with Resend; data is transferred to the USA solely for the purpose of email delivery.
| Purpose | Legal basis | Retention period | Recipients |
|---|---|---|---|
| Processing and responding to your enquiry; contract initiation or performance | Art. 6(1)(a) GDPR (consent); Art. 6(1)(b) GDPR (pre-contractual measures); Art. 6(1)(f) GDPR (responding to enquiries) | Until processing is complete; thereafter until expiry of statutory retention and limitation periods | Only internally responsible staff; email delivery provider Resend (DPA) |
You may revoke your consent at any time with effect for the future (see Section 13). The lawfulness of processing carried out prior to revocation remains unaffected.
To protect our contact form against spam and automated abuse, we use Google reCAPTCHA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
reCAPTCHA checks whether an input is made by a human being or abusively by an automated program. To this end, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics (e.g. IP address, time spent on the page, mouse movements). The data collected is forwarded to Google; transmission to Google LLC servers in the USA cannot be ruled out. Google is certified under the EU-US Data Privacy Framework (DPF); an adequate level of data protection is thus ensured.
| Purpose | Legal basis | Provider | Further information |
|---|---|---|---|
| Protection of the contact form against spam and automated abuse | Art. 6(1)(f) GDPR (legitimate interest in protecting the website against abuse) | Google Ireland Limited, Dublin, Ireland | policies.google.com/privacy |
For the uniform display of fonts, this website uses fonts ("Google Fonts") provided by Google Ireland Limited. When you access a page, your browser loads the required fonts from Google servers; in doing so, your IP address is transmitted to Google.
The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in the uniform and appealing presentation of our online offering. Google has submitted to the EU-US Data Privacy Framework (DPF); an adequate level of protection is therefore ensured. You can prevent Google Fonts from loading via your browser settings (by blocking fonts.googleapis.com); in this case, a standard system font will be used.
On our references page, we embed a map provided by Google Maps provided by Google Ireland Limited to show you our location and customer reviews. When you access this page, your browser establishes a connection to Google servers; your IP address is transmitted in the process.
The legal basis is Art. 6(1)(f) GDPR — our legitimate interest in an appealing presentation of our location and customer reviews. Further information can be found in the Google privacy policy.
You can apply to us by email or post. We process your application data (e.g. cover letter, CV, references, contact details) exclusively for conducting the application process and assessing suitability.
| Processing phase | Legal basis | Retention period |
|---|---|---|
| Application process, aptitude assessment | Section 26 (1) BDSG (establishment of an employment relationship); Art. 6(1)(b) GDPR | For the duration of the application process |
| After rejection | Art. 6(1)(f) GDPR (defence against potential claims, e.g. under the German General Equal Treatment Act) | Deletion 6 months after the rejection is sent |
| Applicant pool (optional) | Art. 6(1)(a) GDPR (consent) | Up to 12 months upon request |
| Upon hiring | Section 26 BDSG (performance of the employment relationship) | Transfer to the personnel file; retention for the duration of the employment relationship plus statutory periods |
Our website uses no tracking or marketing cookies and no analytics tools. Only technically necessary storage technologies are used:
| Technology | Purpose | Duration | Legal basis |
|---|---|---|---|
| Session storage (sessionStorage) | Technical operation, session management (e.g. controlling page animations) | Until the browser tab is closed | Section 25 (2) No. 2 TDDDG |
| Preference storage | Storing page settings | Up to 12 months | Section 25 (2) No. 2 TDDDG |
As only technically necessary storage takes place, no cookie banner is required.
As a matter of principle, your personal data is not passed on to third parties. Exceptions apply only in the following cases:
Your data is never sold to third parties.
Personal data is stored only for as long as is necessary for the respective processing purpose or as required by statutory retention obligations:
| Data category | Retention period | Basis |
|---|---|---|
| Server log files | 7 days | Operational necessity |
| Contact enquiries (general) | Until processing is complete + 3-year limitation period | Art. 17 GDPR, Section 195 German Civil Code (BGB) |
| Business letters / emails | 6 years | Section 257 (1) German Commercial Code (HGB) |
| Tax-relevant documents | 10 years | Section 147 German Fiscal Code (AO) |
| Applications (rejection) | 6 months after rejection | Art. 6(1)(f) GDPR / German General Equal Treatment Act (AGG) |
| Personnel data (employees) | Duration of employment + statutory periods | Section 26 BDSG |
You have the following rights with regard to the personal data we hold about you:
To exercise your rights, an informal message by email is sufficient, addressed to info@sdf-gmbh.com.
Without prejudice to other legal remedies, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
Saxon Commissioner for Data Protection and Transparency
Devrientstraße 5
01067 Dresden, Germany
Web: www.datenschutz.sachsen.de
No automated decision-making, including profiling, pursuant to Art. 22 GDPR takes place on this website.
This privacy policy is currently valid; last updated: July 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can always be found on this page.