Privacy Policy

General information
The following information provides a simple overview of what happens to your personal data when you visit this website.
Personal data means any data with which you can be personally identified.
Detailed information on data protection can be found in the privacy policy set out below.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the controller”.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter into a contact form or when booking an appointment.

Other data is collected automatically or after your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website.
Other data may be used to analyse your user behaviour, for marketing purposes, to respond to enquiries (if applicable with the use of artificial intelligence) and to handle enquiries about client engagements and other situations involving the initiation of a contract.

What rights do you have regarding your data?
You have the right at any time, free of charge, to obtain information about the origin, recipients and purpose of your stored personal data.
You also have the right to request the rectification or erasure of this data.
If you have given your consent to data processing, you may revoke this consent at any time with effect for the future.
Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data.
You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and any other questions on the subject of data protection.

Analysis tools and tools from third parties
When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analysis and tracking programs. We also use tools for appointment booking, error monitoring, newsletter dispatch, CRM systems and social media analysis.

Detailed information on these tools can be found in the following sections of this privacy policy.

We host the content of our website with the following provider:

External hosting (Vercel)

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).
If corresponding consent was requested (e.g. consent to cookies, tracking or certain tools), processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG; consent can be revoked at any time.

We use the following hosting provider:
Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
USA

We have concluded a data processing agreement with Vercel (Art. 28 GDPR) which ensures that Vercel processes personal data only in accordance with our instructions.
A transfer of data to the USA cannot be ruled out. In such cases, processing is based on the EU Standard Contractual Clauses (Art. 46 GDPR). Nevertheless, there may be an increased risk that US authorities could access the data.

Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of the data from access by third parties is not possible.

Information on the controller

The controller responsible for data processing on this website is:
Christian Salat (sole proprietor)
Fritz-Erler-Straße 24b
81737 Munich
Germany
Phone: +49 (0) 89 244 119 790
Email: info(at)prokodo.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Storage period
Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies.
If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, erasure will take place after these reasons no longer apply.

General information on the legal bases of data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, insofar as special categories of data pursuant to Art. 9(1) GDPR are processed.
If you have consented to the storage of cookies or to the access to information on your device pursuant to Section 25 TDDDG, processing is additionally based on Section 25(1) TDDDG.
If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR.
If we are subject to a legal obligation, data is processed on the basis of Art. 6(1)(c) GDPR.
In all other cases, data is processed on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR (e.g. IT security, error analysis, direct advertising to existing customers).

Recipients of personal data
In the course of our business activities, we work with various external service providers (e.g. IT service providers, hosting providers, CRM providers, newsletter services, tracking and analysis tools).
Personal data will only be transferred if:

• this is necessary for the performance of a contract (Art. 6(1)(b) GDPR),
• we are legally obliged to do so (Art. 6(1)(c) GDPR),
• there is a legitimate interest in the transfer (Art. 6(1)(f) GDPR), or
• you have given your consent (Art. 6(1)(a) GDPR).

We conclude data processing agreements with processors pursuant to Art. 28 GDPR.

Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You may revoke consent you have already given at any time with effect for the future. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.

Right to object under Art. 21 GDPR
You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling to the extent that it is related to such direct marketing.
Further details can be found in Art. 21 GDPR.

Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects shall have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement.

Right to data portability
You have the right to receive the data that we process on the basis of your consent or in fulfilment of a contract automatically in a commonly used, machine-readable format and to transmit those data to a third party (Art. 20 GDPR). Where you request the direct transfer of the data to another controller, this will only be done where technically feasible.

Access, rectification, erasure, restriction
Within the framework of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data (Art. 15 GDPR), their origin and recipients and the purpose of the data processing and, if applicable, a right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR). You can contact us at any time for this purpose or for further questions on the subject of personal data.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption.
You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Objection to unsolicited marketing emails
We hereby object to the use of contact data published within the scope of the imprint obligation for the transmission of unsolicited advertising and information material. We expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example by spam emails.

Consent management
We use our own consent management solution, which is integrated via Google Tag Manager, in order to obtain consent for the storage of certain cookies on your device and for the use of certain technologies (e.g. analysis and marketing tools) and to document such consent in a manner compliant with data protection law.

To this end, we set a technically necessary consent cookie and use comparable technologies. In particular, the following data are processed:

• your consent decision (consents given or refused) and any subsequent changes,
• information about your device and your browser,
• time of visit and time of consent,
• a shortened or pseudonymised IP address,
• a unique consent ID or session identifier.

The legal basis for the use of this consent management solution is Art. 6(1)(c) GDPR (fulfilment of our legal obligations to demonstrate consent in accordance with GDPR/TDDDG) and Art. 6(1)(f) GDPR (our legitimate interest in legally compliant and user-friendly management of consents).

Insofar as processing is related to the storage of information on your device, Section 25 TDDDG applies. Without this consent management, the use of services requiring consent (e.g. Google Analytics, Google Ads, LinkedIn Insight Tag, HubSpot tracking, Mailchimp tracking) is not possible.

Cookies
Our websites use cookies and similar technologies. Cookies are small data packets that are stored on your device.
We use:

• technically necessary cookies (e.g. for language selection, security, our consent management system),
• statistics/analytics cookies (e.g. Google Analytics),
• marketing/tracking cookies (e.g. Google Ads, LinkedIn Insight Tag, HubSpot, Mailchimp).

Necessary cookies are set on the basis of Art. 6(1)(f) GDPR or, where required for the performance of a contract, on the basis of Art. 6(1)(b) GDPR.
All non-essential cookies are set only with your explicit consent via the consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

You can revoke or adjust your consent at any time in the consent banner.

Server log files
The provider of the pages (Vercel) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and version,
• operating system used,
• referrer URL,
• host name of the accessing computer,
• time of the server request,
• IP address.

This data is not combined with other data sources.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technically error-free presentation and optimisation of the website).

Contact form
If you send enquiries to us via the contact form, your details from the enquiry form, including the contact details you provide (e.g. name, email address, telephone number), will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.
The legal bases are:

• Art. 6(1)(b) GDPR, insofar as the enquiry is related to a contractual relationship or pre-contractual measures,
• Art. 6(1)(f) GDPR (legitimate interest in effectively processing enquiries),
• Art. 6(1)(a) GDPR, insofar as we request your consent.

The data you enter in the contact form will remain with us until the purpose for storing the data no longer applies or you request erasure; statutory retention periods remain unaffected.

Enquiries by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry, including all personal data resulting from it, will be stored and processed by us for the purpose of handling your request.

The legal bases correspond to those for the contact form (Art. 6(1)(b), (f) and, where applicable, (a) GDPR).

We offer you the opportunity to book appointments online on our website. For this purpose, we use the service Calendly of Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, GA 30363, USA.

If you book an appointment via Calendly, the data you enter (e.g. name, email address, subject of the appointment) will be transmitted to Calendly and processed there. Technical data (IP address, browser/device information, time zone) may also be processed.

Data processing is carried out for the purpose of scheduling and managing appointments on the basis of Art. 6(1)(b) GDPR (contract or pre-contractual measures).
Insofar as Calendly uses cookies/tracking, this is done only with your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG).

As Calendly is based in the USA, data may be transferred to the USA. This is based on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. A residual risk of access by US authorities cannot be completely excluded.

In certain cases, we use AI-based systems to assist in responding to enquiries (e.g. for pre-structuring content, generating wording suggestions or analysing frequently recurring questions).
In particular, the following data may be processed:

• the content of your enquiry (free text),
• where applicable, master data (name, email address, communication history),
• communication metadata.

We ensure that no automated decisions within the meaning of Art. 22 GDPR are made that produce legal effects concerning you or similarly significantly affect you.
The final assessment and response to you is always made by a natural person.

Depending on the situation, processing is based on:

• Art. 6(1)(b) GDPR (initiation of a contract / handling of client engagements),
• Art. 6(1)(f) GDPR (interest in efficient communication and handling of enquiries),
• Art. 6(1)(a) GDPR, where we explicitly ask you for consent in individual cases.

Where external AI service providers located in third countries are used, we ensure an adequate level of data protection (e.g. by data processing agreements and EU Standard Contractual Clauses).

We use the CRM system HubSpot, a service of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, for managing contacts, tracking communication, sending certain emails and, where applicable, analysing interactions.

The data processed may include, in particular:

• contact details (name, email address, telephone number),
• information on enquiries and interests,
• communication content and times,
• website activities, where you have consented (tracking cookies).

Legal bases:

• Art. 6(1)(b) GDPR (initiation and performance of a contract),
• Art. 6(1)(f) GDPR (interest in an efficient organisation of our business and communication processes),
• Art. 6(1)(a) GDPR, where tracking and marketing functions are based on consent.

HubSpot may transfer data to third countries, in particular the USA. Where such transfers take place, we base them on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. A residual risk of access by foreign authorities cannot be completely excluded.

If you subscribe to our newsletter, your data will be processed for the purpose of sending and analysing the newsletter.
We use Mailchimp, a service of Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA (or the competent European entity) for sending newsletters.

Data processed:

• email address,
• where applicable, name,
• time of registration (double opt-in),
• information on opens and click behaviour (tracking pixels, individual links).

The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG). You can revoke your consent at any time with effect for the future, e.g. via the unsubscribe link in the newsletter.

Mailchimp may transfer data to the USA; the legal basis for this is the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. A residual risk of access by US authorities cannot be ruled out.

To monitor the stability and errors of our website/app, we use the service Bugsnag, a product of SmartBear Software Inc. (USA).
Bugsnag helps us detect and analyse technical errors (e.g. JavaScript errors, crashes). The following data may be processed:

• IP address (possibly shortened),
• browser type and version,
• operating system,
• times and URLs on which an error occurred,
• technical details of the error.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in error analysis and stability of our website).
Insofar as Bugsnag uses cookies or similar technologies, this is only done with your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG).

Data may be transferred to the USA. This is generally based on the EU Standard Contractual Clauses.

Google Tag Manager
We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Tag Manager itself does not set cookies and does not collect personal data. It is used solely to manage other tracking tags.
The activation of the embedded tools (e.g. Google Analytics, Google Ads) only takes place if you have given your consent via our consent banner.
The legal basis is Art. 6(1)(f) GDPR (efficient management of tags); insofar as tracking cookies are set via Tag Manager, the legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG).

Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited.
Google Analytics uses cookies which enable an analysis of your use of the website. The information generated about your use of this website is generally transmitted to and stored on a Google server.

We use Google Analytics only with IP anonymisation, so that your IP address is shortened within the EU/EEA.

Data processed:

• IP address (shortened),
• usage data (pages viewed, time spent, clicks),
• technical information (browser, operating system),
• origin (referrer URL).

The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG). You can revoke your consent at any time in the consent banner.
Data may be transmitted to servers in the USA. The transfer is based on the EU Standard Contractual Clauses; a residual risk remains.

Google Ads & Google Conversion Tracking
We use Google Ads to advertise our website in Google search results and on third-party websites. In this context, we also use Google Conversion Tracking.
If you click on an ad placed by Google, a conversion cookie is set. This enables us to recognise whether users perform certain actions on our website after clicking (e.g. contacting us).
The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG). Without your consent, no conversion tracking takes place.
**
Google Ads Remarketing**
Our website uses Google Ads Remarketing features. This allows us to target users who have already visited our website with interest-based advertising on other websites within the Google advertising network.
Google uses cookies or similar technologies for this purpose. The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG).

LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The Insight Tag helps us track the behaviour of visitors who have come to our website via LinkedIn advertisements (conversion tracking, reach measurement, retargeting).

Data collected:

• IP address (shortened),
• device and browser characteristics,
• page views,
• referrer URL,
• timestamps.

The data is transmitted to LinkedIn in anonymised form. However, LinkedIn may link the data to your LinkedIn profile if you are logged in there.
The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25 TDDDG).

You can revoke your consent at any time and adjust your advertising settings in your LinkedIn profile.

** LinkedIn profile / company page**
We maintain a profile/company page on LinkedIn in order to communicate with clients, prospects and applicants and to inform them about our services.
When you visit our LinkedIn page, personal data is processed by LinkedIn and possibly also by us.

To this extent, we are often joint controllers with LinkedIn (Art. 26 GDPR), in particular within the framework of “Page Insights”. LinkedIn provides the corresponding information.
The primary responsibility for the processing of your data on LinkedIn lies with LinkedIn. You can exercise your rights (access, erasure, etc.) both against LinkedIn and against us.

In addition to LinkedIn, we may maintain further presences on social networks and platforms (e.g. Meta, Instagram and X) to communicate with users active there and to inform them about our company.

When you access the respective networks, the terms of service and data protection notices of the respective operators apply.
We process your data when you communicate with us via these platforms (e.g. via messages, comments, likes).

The legal basis is Art. 6(1)(b) GDPR (initiation of a contract / contractual relationship) or Art. 6(1)(f) GDPR (public presence, communication with the public).

Our website may be available in multiple languages (including German and, where applicable, English).
If you select a different language version, we process the corresponding setting (e.g. via cookie or browser setting).

The legal basis is Art. 6(1)(f) GDPR (user-friendly presentation of our web offering).

This privacy policy is currently valid and was last updated on 08/12/2025.

Due to the further development of our website and offerings or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can be accessed at any time on this website.