Privacy Policy

Last updated: November 2025

1. Introduction

The protection and security of your personal data are important to us. This Privacy Policy explains how we process the personal data you provide to us when using our website brandarrow.de (the “Website”). It helps you understand which personal data we request from you, why we request these data, what we do with them, and how long we store them.

Echowise GmbH (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data.

2. Controller

Echowise GmbH

Lauker Weg 14

61276 Weilrod, Germany

Email: rechtlich@brandarrow.de

Echowise GmbH is the controller responsible for processing your personal data pursuant to applicable data protection law, including the EU General Data Protection Regulation (GDPR).

3. Data We Collect

When you visit our Website and use its features, we process personal data. Unless otherwise stated, you are not required to provide personal data to us. However, in this case we may not be able to make the Website or certain services available to you.

In the following sections, we explain which data we process for which purposes, on what legal basis, how long we store them, and who receives your data. At the end of this Privacy Policy, you will also find general information on storage periods, recipients, and automated decision-making.

3.1 General Use and Provision of the Website

Purposes:

When you visit our Website, we process certain data to enable the use of the Website and its features and to ensure the technical stability and security of our content.

Categories of data:

In particular: IP address, necessary technical usage data (e.g., file requests, access times), device and browser information, and inputs made within our Website.

Recipients:

HOSTINGER operations, UAB, Švitrigailos str. 34, 03230 Vilnius, Lithuania. Privacy Policy: Privacy Policy.

Volentio JSD Limited (jsDelivr), Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB. Privacy Policy: Privacy Policy.

Legal basis:

Our legitimate interest in the secure and efficient provision of our online offering (Art. 6(1)(f) GDPR).

Storage period:

We do not store personal data permanently for these purposes.

3.2 Collection of Access Data and Server Log Files

Purposes:

We or our hosting provider collect data whenever the server is accessed, known as server log files. These log files may be used for security purposes (e.g., preventing server overload) and to ensure server performance and stability.

Categories of data:

Content data (e.g., entries in online forms), usage data (e.g., pages visited, interest in content, access times), and meta/communication data (e.g., device information, IP addresses).

Recipient:

HOSTINGER operations, UAB, Švitrigailos str. 34, 03230 Vilnius, Lithuania. Privacy Policy: Privacy Policy.

Legal basis:

Our legitimate interest in pursuing the purposes set out above (Art. 6(1)(f) GDPR).

Storage period:

Server log files are stored for 90 days and then deleted.

3.3 Contacting Us

Purposes:

If you contact us (via contact form or email), we process the personal data you provide to the extent necessary to respond to your inquiry and any related measures.

Categories of data:

Master data (e.g., name, address), contact data (e.g., email address, telephone number), content data (e.g., information entered in the online form).

Recipients:

(No additional specific recipients.)

Legal basis:

Responses to contact requests within pre-contractual or contractual relationships are processed for the performance of our (pre-)contractual duties (Art. 6(1)(b) GDPR).

In all other cases, processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in effectively responding to inquiries.

Storage period:

We store your inquiries as long as necessary to respond to them. Messages from the contact form and associated correspondence are typically stored for up to 12 months unless longer retention is required for legitimate business or legal reasons.

4. General Information on Recipients

When processing your data, it may be necessary to transfer or disclose your data to other recipients. In the sections above, we have named the specific recipients where possible.

If recipients are located outside the EU, we explicitly point this out. If we do not reference an adequacy decision, it means no adequacy decision exists for the respective country. In such cases, we use appropriate safeguards, such as standard contractual clauses (unless other safeguards, such as Binding Corporate Rules, apply).

The current version of the standard contractual clauses is available at:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Possible categories of additional recipients include:

Our employees, who are bound by confidentiality.

Service providers acting as processors under our instructions, particularly technical service providers whose services we use when we cannot reasonably perform certain functions ourselves.

Third-party providers who support us in offering our services in line with our terms (e.g., payment providers, marketing service providers).

Authorities where required to meet our legal or reporting obligations.

5. General Information on Storage Periods

We process your personal data for the storage periods specified above. Since data may be processed for more than one purpose, it is possible that data will be stored beyond one period until all applicable periods have expired. Once the final retention period has ended, we will delete your data without delay.

6. Your Rights (under the GDPR)

As a data subject, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR, “right to be forgotten”)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

Withdrawal of consent: You may withdraw any consent given at any time with effect for the future.

Right to lodge a complaint with a supervisory authority

(In Germany: Hessian Commissioner for Data Protection and Freedom of Information)

To exercise these rights, please contact us at:

rechtlich@brandarrow.de

7. Obligation to Provide Data

You are not legally or contractually required to provide personal data to us. However, without the data you provide, we may not be able to offer you our services.

8. Automated Decision-Making

We do not use automated decision-making that produces legal effects concerning you or significantly affects you in a similar manner.

9. Data Protection for Children

Our Website is not directed at children under the age of 16.

We do not knowingly collect personal data from children. If we have inadvertently received such data, please contact us and we will delete it without delay.

10. Links to Other Websites

Our Website may contain links to external websites operated by third parties.

We are not responsible for the content or privacy practices of these third-party websites.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

The most current version is always available on our Website, with the date of the latest update shown above.

12. Contact

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Echowise GmbH

Lauker Weg 14

61276 Weilrod, Germany

Email: rechtlich@brandarrow.de