loader image
Skip to main content

Data protection

1) Introduction and Contact Details of the Data Controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. “Personal data” refers to all information by which you can be personally identified.

1.2 The controller responsible for processing data on this website within the meaning of the GDPR (General Data Protection Regulation) is:

Hagel Team Ltd.
ul. Maragidik No 19, floor 2, apt. office 1
8000 Burgas, Bulgaria

Phone: +49 (0) 30 22 399 52 816
Email: info@hagel-team.com

The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only — that is, if you do not register or otherwise submit information — we only collect data that your browser sends to the server (“server log files”). When you access our website, we collect the following technical data required to display the website:

  • The website you visited

  • Date and time of access

  • Amount of data transferred in bytes

  • Referral/source from which you accessed the site

  • Browser used

  • Operating system used

  • IP address (possibly anonymized)

Processing is based on Article 6(1)(f) GDPR, on the basis of our legitimate interest in improving the stability and functionality of our website. The data is neither passed on nor used otherwise. However, we reserve the right to retrospectively review server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the controller), this website uses SSL/TLS encryption. You can recognize a secure connection by the “https://” prefix and the padlock icon in your browser’s address bar.

3) Cookies

To make your visit more attractive and to enable certain functions, we use cookies — small text files stored on your device. Some cookies are deleted automatically after closing your browser (session cookies), while others remain longer and help store site settings (persistent cookies). You can find the storage duration of individual cookies in your browser’s cookie settings overview.

If cookies process personal data, this is done in accordance with Article 6(1)(b) GDPR for contract implementation, Article 6(1)(a) GDPR in case of consent, or Article 6(1)(f) GDPR for our legitimate interest in optimal website functionality and user-friendly site navigation.

You can configure your browser to notify you about cookies and to accept or reject them individually or universally. Please note that refusing cookies may limit our website’s functionality.

4) Contacting Us

4.1 Tidio

This website uses the live chat system provided by Tidio Poland Sp. z o.o., Wojska Polskiego 81, 70-481 Szczecin, Poland.

Processing of personal data transmitted via chat is based on Article 6(1)(b) GDPR, as it’s necessary for contract initiation or performance, or Article 6(1)(f) GDPR, based on our legitimate interest in effectively assisting site visitors.

Data submitted via chat is deleted once the matter is fully resolved, subject to applicable statutory retention periods.

Additionally, for pseudonymized usage profiling, cookies may collect information that cannot directly identify you. If any data is potentially personal, processing is based on Article 6(1)(f) GDPR, given our legitimate interest in statistical user behavior analysis for optimization.

Allowing cookies via browser settings may be required for chat functionality. You can object at any time to the storage and use of pseudonymized usage profiles. We have concluded a data processing agreement with the provider to ensure data protection and forbid unauthorized sharing.

4.2 Calendly

We use the online scheduling services of Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

To schedule appointments, we collect your first and last name, email address, and—if phone calls are requested—phone number. This is processed under Article 6(1)(b) GDPR for contract initiation or execution, as well as Article 6(1)(f) GDPR for our legitimate interest in efficient customer management. These data are transmitted to Calendly for appointment scheduling and stored there.

After the appointment or the agreed period expires, your data is deleted by the provider. We have a processing agreement in place, ensuring your data’s protection and prohibiting unauthorized disclosure.

For transfers to the USA, Calendly relies on the EU Standard Contractual Clauses to ensure compliance with the European data protection level.

4.3 Contact Form or Email

If you contact us (e.g., via contact form or email), personal data may be collected. The specific data required is visible in the form itself. Data is used solely to respond to your inquiry and for technical administration.

Under Article 6(1)(f) GDPR, our legitimate interest is in responding to your request. If contact aims at contracting, Article 6(1)(b) GDPR additionally applies. Once your request process is complete—and no legal retention obligations exist—your data will be deleted.

5) Use of Customer Data for Direct Advertising

5.1 Email Newsletter Registration

When you subscribe to our email newsletter, we send you information about our offers. Your email address is mandatory; other details are optional and used for personal address. We use a double opt-in procedure: we only send the newsletter after you confirm your consent via a confirmation email.

By clicking the confirmation link, you consent under Article 6(1)(a) GDPR. We log your IP address, date, and time of registration to prevent misuse. Your data is used solely for newsletter delivery. You can unsubscribe anytime via the link in the newsletter or by contacting us. Upon unsubscribe, your email address is deleted from the mailing list unless you have explicitly consented to further use or we have a lawful basis for retention, which we will inform you about in this privacy notice.

5.2 MailChimp

Newsletters are sent using MailChimp (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA).

Based on our legitimate interest in effective newsletter marketing (Article 6(1)(f) GDPR), we transmit your agreed data for dispatch. With your explicit consent (Article 6(1)(a) GDPR), MailChimp may use web beacons or tracking pixels to measure open rates and interactions in anonymized form. Device info (time, IP, browser, OS) may also be collected but not merged with other datasets.

You can withdraw your consent at any time. A data processing agreement is in place. For US transfers, MailChimp adheres to the EU‑US Data Privacy Framework to ensure EU-compliant protection.

6) Online Marketing – Google AdSense

We use Google AdSense (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). It uses cookies and web beacons to analyze user behavior. Information (including your IP) is sent to and stored by Google, possibly in the USA.

Google uses this data to evaluate how you interact with ads. IP addresses are not merged with other Google data. Data may be shared with third parties only per law or where they process it for Google.

Processing is based strictly on your explicit consent (Article 6(1)(a) GDPR). Without consent, Google AdSense is not active. You can withdraw consent at any time via our cookie consent tool. Google adheres to the EU‑US Data Privacy Framework. Google’s privacy policy is available on Google’s site.

7) Web Analytics Services

7.1 Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited). Cookies are set by default to analyze site usage. IP addresses are truncated to prevent direct identification.

Data is sent to Google servers and may be transferred to the USA. Google processes data on our behalf—analysis, reporting, and other services. Truncated IP is not merged with other Google data. Data is stored for two months, then deleted.

Processing (especially cookies) only occurs with your explicit consent (Article 6(1)(a) GDPR). Without consent, GA4 is not used. You can withdraw via the cookie consent tool. We have a data processing agreement with Google.

Demographics & Google Signals: GA4 may collect age, gender, and interests via ad networks and third-party data. Data is anonymized and stored for two months. Google Signals enables cross-device reporting if you have personalized ads enabled and are logged into Google. We do not receive personal data—only anonymized stats. To opt out, disable personalized ads in your Google account. Additional info is in Google’s support.

UserIDs: If you have added a user account with consent, activities across devices can be merged. Data transfers to the USA rely on the EU‑US Data Privacy Framework.

7.2 1&1 IONOS WebAnalytics

We also use 1&1 IONOS WebAnalytics (1&1 IONOS Internet SE). It collects pseudonymized data (device, browser, IP, heatmaps, scrolls, clicks) for statistical behavior analysis. No direct identification or merging with personal data occurs.

Processing (especially cookies or similar technologies) only happens with your explicit consent (Article 6(1)(a) GDPR). You can withdraw via our cookie consent tool. A data processing agreement ensures data protection.

7.3 Google Optimize

We use Google Optimize (Google Ireland Limited) to test different website versions. It sets cookies to deliver test variants. Data may go to Google servers, including in the USA. Used only with your consent (Article 6(1)(a) GDPR) and inactivated otherwise. You may withdraw via the cookie consent tool. A data processing agreement is in place. Data transfers rely on the EU‑US Data Privacy Framework.

7.4 Google Tag Manager

This website uses Google Tag Manager (Google Ireland Limited). It does not itself store or analyze data, but triggers other tags. Your IP address may be sent to Google and stored. This is performed only with your explicit consent (Article 6(1)(a) GDPR). You can withdraw via the cookie consent tool. A data processing agreement is in place. Transfers to the USA rely on the EU‑US Data Privacy Framework.

8) Retargeting / Remarketing and Conversion Tracking

8.1 Facebook Pixel

We use Facebook Pixel (Meta Platforms Ireland Limited). When you click a Facebook ad, URL parameters and cookies track visits for custom audiences and conversion tracking. Data is anonymized on our side but stored by Facebook, which may use it for its own advertising purposes.

Processing occurs only with your explicit consent (Article 6(1)(a) GDPR). You can withdraw at any time via our cookie consent tool. Meta adheres to the EU‑US Data Privacy Framework.

8.2 Google Ads Remarketing

We employ Google Ads remarketing (Google Ireland Limited) via cookies to serve interest-based ads. If you are logged into Google and consent, Google may combine data sets to build audience lists across devices.

This processing only happens with your explicit consent (Article 6(1)(a) GDPR). You can opt out via our cookie consent tool. Transfers to the USA rely on the EU‑US Data Privacy Framework.

8.3 Google Ads Conversion Tracking

We use Google Ads conversion tracking (Google Ireland Limited). Cookies are set when users click a Google Ads ad, lasting about 30 days. This helps us identify successful ad clicks, while keeping users anonymous to us. Data may be sent to Google’s servers, including in the USA.

Processing requires your explicit consent (Article 6(1)(a) GDPR). You can withdraw via our cookie consent tool. You can also opt out using Google’s browser plugin. Transfers rely on the EU‑US Data Privacy Framework.

Customer Match (Customer Data Upload): With your explicit consent (Article 6(1)(a) GDPR), we upload hashed customer data (emails, phones) to Google to match them with Google accounts for personalized ads. Google compares encrypted info and cannot access your raw data. You can withdraw consent at any time. More info is in Google’s support. Transfers rely on the EU‑US Data Privacy Framework.

Google Marketing Platform (GMP)

We use GMP cookies (Google Ireland Limited) for relevant ad delivery, campaign reporting, and avoiding repeated ad impressions. GMP uses cookie‑based IDs and may track conversions.

When activated, Google learns which parts of our site you’ve accessed. If logged into Google, this info may tie to your account. IP addresses may also be stored.

Processing only occurs with your explicit consent (Article 6(1)(a) GDPR). You can withdraw via our cookie consent tool. Transfers comply with the EU‑US Data Privacy Framework. More details are in Google’s privacy policy.

Google Ads Conversion Tracking Without Cookies

We also run Google Ads conversion tracking without cookies. Instead, IDs are stored in browser local storage. This ID tracks ad clicks and conversions.

Processing is based on our legitimate interest (Article 6(1)(f) GDPR). No personal identifiers are collected. Transfers to the USA comply with the EU‑US Data Privacy Framework.

9) Site Functionalities

9.1 Google Maps

We integrate Google Maps (Google Ireland Limited) to display interactive maps (location, directions). When these pages load, data such as your IP may be transmitted to Google servers, including in the USA.

If you are logged into Google, usage may be linked to your account. To avoid this, please log out before accessing the map. Data is processed under Article 6(1)(f) GDPR for personalized ads, market research, and site design. You can object through Google. With sufficient legal requirements, we have obtained your consent. Refusing requires disabling JavaScript, which disables map functionality. Transfers comply with the EU‑US Data Privacy Framework.

9.2 Google Web Fonts

To standardize fonts (Google Ireland Limited), your browser loads Web Fonts from Google servers, sending basic data including IP, potentially to the USA. This occurs only with your consent (Article 6(1)(a) GDPR), which you can withdraw via our cookie consent tool. If unsupported, your system’s default fonts are used. Transfers comply with the EU‑US Data Privacy Framework.

9.3 Google Seller Ratings (“Google Customer Reviews”)

We use Google Customer Reviews (Google Ireland Limited) to collect feedback after purchases. With your consent (Article 6(1)(a) GDPR), we provide your email to Google, which then invites you via survey email. Ratings are aggregated and displayed in our merchant dashboard and seller rating badge. Data may be transferred to Google LLC in the USA. You can withdraw at any time by contacting us or Google. Transfers comply with the EU‑US Data Privacy Framework.

9.4 Google Meet

We use Google Meet (Google Ireland Limited) for webinars, video meetings, etc. Data transmission may involve servers of Google LLC in the USA. Data processed may include your login details (name, email, phone, password), session details (IP, device, topic), and possibly audio/video/chat content.

If data is needed for contract performance, processing is based on Article 6(1)(b) GDPR. Otherwise, it relies on your consent (Article 6(1)(a)) or our legitimate interest (Article 6(1)(f)). A data processing agreement is in place. Transfers rely on the EU‑US Data Privacy Framework.

9.5 Zoom

Our meetings, webinars, or conferences may use Zoom (Zoom Video Communications, Inc., San Jose, CA, USA). Data processed includes login info, session data, and media content as applicable.

Contractual or pre‑contractual processing is under Article 6(1)(b) GDPR. Where you’ve given consent, it’s Article 6(1)(a). Otherwise, it’s based on our legitimate interest (Article 6(1)(f)). A data processing agreement is in place. Transfers rely on the EU Standard Contractual Clauses.

9.6 Heyflow

For surveys or online forms, we use Heyflow GmbH (Jungfernstieg 49, Hamburg, Germany). Form data, OS, browser, timestamps, referrer, and IP are collected and transmitted to Heyflow servers, where they’re securely stored.

Processing is based on contract necessity (Article 6(1)(b) GDPR) or, if consent‑based, on Article 6(1)(a). Consent may be revoked at any time. A data processing agreement ensures protection.

9.7 Online Job Applications via Form

Job postings can be applied to via an online form. Applicants must provide all personal data required for evaluation (contact info, qualifications, health info if needed).

Form submissions are encrypted and processed exclusively for application evaluation. Legal basis is Article 6(1)(b) GDPR and § 26(1) BDSG (employment contract initiation). Sensitive data (e.g., health data, disability status) is processed under Article 9(2)(b) GDPR (legal obligations regarding employment) or Article 9(1)(h) GDPR (health care/employment health analysis).

If not selected or if withdrawn, all data and correspondence are deleted after notification, but no later than six months—for legitimate follow-up questions or record obligations. If hired, data processing continues based on Article 6(1)(b) GDPR (or § 26(1) BDSG).

9.8 Job Applications via Email

Similarly, applications via email require personal data. Processing is for recruitment purposes under Article 6(1)(b) GDPR (and § 26(1) BDSG). Vulnerable data is processed under Article 9(2)(b) or (1)(h) GDPR. If not hired or withdrawn, data and communication are deleted after notification, no later than six months. If hired, processing follows Article 6(1)(b) GDPR.

10) Tools and Other

Cookie Consent Tool
We use a tool that requires explicit opt-in for non-essential cookies via checkboxes. The tool only loads cookies/services based on your consent. Only technically necessary cookies (to store preferences) are set by default; they don’t process personal data.

If any personal data is processed (e.g., IP), it is based on Article 6(1)(f) GDPR for legitimate interest in compliant opt‑in management. Also based on Article 6(1)(c) GDPR, as we are legally required to conditionally load non-essential cookies. A data processing agreement is in place. You can find more info in the interface provided on the site.

11) Your Rights

11.1 Under data protection law, you have the following rights against us regarding your personal data (legal basis in parentheses):

  • Right to access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restrict processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

11.2 Right to object
If we process your data based on a legitimate interest, you may object at any time for reasons related to your particular situation. We will then cease processing unless we have compelling legitimate grounds or need it for legal claims. You also have a right to object to the use of your data for direct marketing; we will cease such processing upon objection.

12) Storage Duration

The storage duration depends on the legal basis, processing purpose, and any statutory retention periods.

  • If based on consent (Article 6(1)(a)), data is stored until withdrawal.

  • Contractual/legal obligation data (Article 6(1)(b)) is deleted after retention requirements expire, unless needed for contract performance or legitimate interest.

  • Data processed under legitimate interest (Article 6(1)(f)) is kept until objection, unless we have overriding reasons or legal necessity.

  • Direct marketing data (Article 6(1)(f)) is retained until you object.

  • Unless specified otherwise, data is deleted when no longer needed for its purpose.