Last updated: April 19, 2026

Privacy Policy

1. Controller and data protection contact

This notice explains how we process personal data when you use our website and informs you about your rights under the GDPR.

Levarc Engineering GmbH
Mooswiesenweg 28
84570 Polling
Email: [email protected]

For data protection inquiries please contact: [email protected]. We will usually respond within 30 days.

2. Hosting (Netlify)

This site is hosted by Netlify. When you access the site, technical server logs are processed (e.g. IP address, timestamp, user agent, referrer, HTTP status). This is necessary for availability, security and troubleshooting.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation). More information: Netlify Privacy Policy.

3. CDN, DNS and SSL/TLS (Cloudflare)

We use Cloudflare as a content delivery network (CDN), for DNS management and SSL/TLS certificate provisioning. Your request is routed through Cloudflare's global network before reaching Netlify. Cloudflare acts as a reverse proxy — it terminates the TLS connection from your browser and establishes a new encrypted connection to our origin server.

Cloudflare may process: IP address, requested URL, HTTP headers (user agent, referrer, Accept-Language), timestamps and traffic metadata. Purpose: performance optimisation, caching, DDoS protection and security.

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (EU representative: Cloudflare Germany GmbH, Munich). Legal basis: Art. 6(1)(f) GDPR. Cloudflare is certified under the EU-U.S. Data Privacy Framework; Standard Contractual Clauses (Art. 46 GDPR) apply additionally. More information: Cloudflare Privacy Policy.

4. Web analytics (Umami)

We use Umami for privacy-friendly analytics. The script is loaded from our subdomain umami.levarc.de. We process aggregated usage data (page views, referrers, browser/device, approximate region). Umami runs without cookies and does not create user profiles.

Legal basis: Art. 6(1)(f) GDPR (interest in improving the website). You may object at any time, for example by blocking umami.levarc.de in your browser or by contacting us.

5. Contact form and email (Resend)

When you contact us we process the data you provide (name, email, message) to handle your request. Emails are delivered via Resend (USA). Legal basis: Art. 6(1)(b) GDPR (pre-contractual communication) or Art. 6(1)(f) GDPR (general inquiries).

Standard Contractual Clauses (Art. 46 GDPR) are in place with Resend. Data is retained only as long as necessary for processing or as required by law.

6. Newsletter (Resend & Airtable)

When you subscribe to our newsletter we process your email address and, if provided, your name. Subscription uses double opt-in. Emails are sent via Resend; subscriber management is handled by Airtable (USA). Legal basis: your consent, Art. 6(1)(a) GDPR. You may withdraw consent at any time via the unsubscribe link in each email.

International transfers are protected by Standard Contractual Clauses (Art. 46 GDPR). We store your data until you withdraw consent.

7. Bot protection (Cloudflare Turnstile)

To protect our forms from automated abuse we use Cloudflare Turnstile. When you submit a form, a script from challenges.cloudflare.com performs an automated check. Your IP address, browser information and interaction data may be transmitted to Cloudflare.

Provider: Cloudflare, Inc. (see above). Legal basis: Art. 6(1)(f) GDPR (spam and abuse protection). Appropriate safeguards for US transfers are in place (Standard Contractual Clauses, Art. 46 GDPR). More information: Cloudflare Privacy Policy.

8. Recipients and processors

We use the following service providers as processors: Netlify (hosting), Cloudflare (CDN, DNS, SSL/TLS, bot protection), Resend (email delivery), Airtable (newsletter management) and our self-hosted Umami instance (web analytics). Data processing agreements pursuant to Art. 28 GDPR are in place with each.

9. International transfers

For Cloudflare, Resend and Airtable, processing in the USA may occur. Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF), based on the EU Commission adequacy decision of 10 July 2023. Additionally, and for all named providers, we rely on Standard Contractual Clauses (Art. 46 GDPR).

10. Storage periods

We retain personal data only as long as necessary for the respective purpose or as required by statutory retention obligations, after which data is deleted or anonymised.

11. Your rights

Under the GDPR you have the right to:

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)

If you believe the processing of your data infringes the GDPR you may lodge a complaint with a supervisory authority (Art. 77 GDPR). Competent authority: Bavarian State Office for Data Protection Supervision (BayLDA).

12. Data security

We implement technical and organisational measures to protect your data (e.g. TLS encryption). However, no method of transmission over the Internet is 100 % secure.

13. Changes to this notice

We will update this notice when laws, our processes or services change. The latest version is always available on this page.