Privacy Policy

Information on the processing of personal data pursuant to Art. 13 GDPR · Last updated: 15 April 2026

1.Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

Appointment of a data protection officer is not required by law and has not been made. Please direct privacy-related inquiries to the email address above.

2.General information on data processing

We process personal data only insofar as this is necessary to provide a functional website and to fulfil legitimate interests. Processing is regularly based on the following legal grounds:

• Art. 6 (1) (b) GDPR – where processing is necessary for the performance of pre-contractual measures (e.g. handling email enquiries);
• Art. 6 (1) (c) GDPR – where there is a legal obligation to process (e.g. tax retention obligations);
• Art. 6 (1) (f) GDPR – where processing is necessary for the purposes of the legitimate interests pursued by the Provider or by a third party, except where such interests are overridden by the interests, fundamental rights, and freedoms of the data subject.

3.Data processed when accessing the Website (server logs)

Each time the Website is accessed, information is automatically collected which your browser transmits to our server. This includes:

• IP address
• Date and time of access
• Requested URL and HTTP method
• HTTP status code and amount of data transferred
• User-Agent header (typically including browser and operating system identifier)
• Referrer URL (if sent by the browser)

Purpose: ensuring technical operation, protection against abuse and attacks, error analysis, statistical evaluation in anonymised form.

Legal basis: Art. 6 (1) (f) GDPR. Our legitimate interest lies in the proper provision and security of the Website.

Storage period: server logs are typically stored for a maximum of 30 days and then deleted or anonymised. Longer retention only takes place in cases of suspected abuse or to investigate specific security incidents, and only for as long as necessary for the respective purpose.

4.Hosting

The Website is operated on infrastructure that the Provider administers independently. We deliberately refrain from using hyperscaler or third-party cloud services (in particular Amazon Web Services, Microsoft Azure, Google Cloud) for the delivery of this Website.

As soon as processors within the meaning of Art. 28 GDPR are engaged for the operation of individual components, they will be named in this Privacy Policy and integrated on the basis of corresponding data processing agreements.

5.Fonts

The Website uses the “Inter” typeface. This font is delivered exclusively from our own server and is not loaded from external providers (in particular not from Google Fonts). When the Website is accessed, no data is transferred to any third party for the purpose of font delivery.

The font is licensed under the SIL Open Font License 1.1; a copy of the license is available on our server.

6.Cookies and similar technologies

In its current form, the Website uses no cookies and no comparable technologies (in particular no localStorage, no sessionStorage, no tracking pixels) for re-identifying users or for tracking. Consent within the meaning of § 25 TDDDG (formerly TTDSG, the German implementation of the ePrivacy Directive) is therefore not required; we deliberately do not deploy a cookie banner.

If cookies or comparable technologies are introduced in the future, this will be announced transparently in advance and – where required – appropriate consent will be obtained.

7.Contact by email

If you contact us by email (e.g. via the mailto links provided on the Website), the personal data contained in your message (in particular your email address, your name if provided, and the content of your message) will be stored for the purpose of handling your enquiry.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in responding to enquiries), depending on the content of the enquiry.

Storage period: the data will be deleted as soon as it is no longer required for the purpose of handling your enquiry, and at the latest upon expiry of any statutory retention obligations (in particular commercial and tax law obligations of up to 10 years, where applicable).

Note on unencrypted email communication: standard email transmission is not end-to-end encrypted. Please therefore do not send us particularly sensitive information (such as health data or credit card numbers) by unencrypted email.

8.Transfers to third countries

In the operation of this Website, no transfer of personal data to third countries outside the European Union or the European Economic Area currently takes place.

9.Storage period

We generally store personal data only for as long as is necessary to achieve the respective processing purpose or as required by statutory retention obligations. Specific retention periods are stated in the relevant sections above.

10.Data security

We employ technical and organisational measures to protect your data against accidental or intentional manipulation, loss, destruction, and unauthorised access. In particular, the transmission of this Website over the internet is secured by transport encryption (TLS, commonly known as “HTTPS”). Our security measures are continuously improved in line with technological developments.

11.Rights of data subjects

You have the following rights vis-à-vis the Provider with regard to personal data relating to you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on Art. 6 (1) (f) GDPR (Art. 21 GDPR)
• Right to withdraw consent with effect for the future (Art. 7 (3) GDPR) – currently not applicable, as no consent-based processing takes place.

To exercise your rights, an informal email to contact@unisession.co is sufficient. In cases of doubt, we reserve the right to request additional information for identification purposes.

12.Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

The supervisory authority responsible for the Provider is:

13.Obligation to provide data

The provision of personal data is neither legally nor contractually required for the mere use of the Website. You are not obliged to provide data. Failure to provide data may have the consequence that you cannot make use of certain functions (e.g. having an enquiry sent by email answered).

14.Automated decision-making and profiling

A decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR) does not take place.

15.Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy so that it always meets current legal requirements or to reflect changes to our services in the Privacy Policy, e.g. when introducing new services. The version current at the time of your next visit shall apply.