This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Logo-sens2act_color.png
Get in Touch

Privacy Policy for sens2act GmbH

 

Effective date: 27 November 2025


sens2act GmbH takes the protection of your personal data very seriously. This privacy policy explains how we collect and use personal data when you visit our website, contact us or use our products and services, and it describes your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Brazil’s Lei Geral de Proteção de Dados (LGPD), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable data‑protection laws. Our headquarters is located at Robert‑Bosch‑Str. 10, 01454 Radeberg, Germany, and you can reach us at info@sens2act.com or by postal mail at our address.

 

1. Who is responsible for your data?

The data controller responsible for processing your personal data is:

  • sens2act GmbH 
  • Robert‑Bosch‑Str. 10 01454 Radeberg, Germany 
  • Email: info@sens2act.com

If you have any questions about this policy or about how we handle personal data, you can contact us at the above address or email.

We do not currently have a designated Data Protection Officer (DPO). Nevertheless, we handle all data‑protection matters with the utmost care. If you believe your data protection rights have been violated, you may also lodge a complaint with the supervisory authority in the state of Saxony, Germany (Der Sächsische Datenschutzbeauftragte).


2. What is personal data?

Personal data means any information that relates to an identified or identifiable natural person (data subject). Examples include a name, postal address, email address, identification number, online identifier (such as an IP address), location data or one or more factors specific to a person’s physical, physiological, genetic, mental, economic, cultural or social identity.

3. Categories of personal data we collect and legal bases for processing

We collect personal data in several ways. The following table lists the categories of data, why we collect them and the legal bases we rely on under the GDPR. Where other jurisdictions require different legal bases or offer additional rights (e.g., consent or legitimate interest requirements under PIPEDA or LGPD), those bases are considered as well.

Category of data Purpose / Why we collect it Legal basis (GDPR) and global justification
Server and device data (IP address, date and time of access, browser type/version, operating system, referrer URL and similar technical information) We collect these data automatically via our web servers and cookies when you visit our website, in order to display our pages correctly, maintain system security, optimise our services and compile anonymous statistics. The data are processed on our behalf by our hosting provider (see section External hosting by jweiland.net) and are not used for marketing purposes. Legitimate interest (Art. 6(1)(f) GDPR) in ensuring security and performance of the website. These data are necessary for the operation of the website and are anonymised where feasible.
Contact and enquiry data (name, company, email address, telephone number and other information you provide in contact forms or email correspondence) To respond to enquiries, provide information about our products and services, negotiate or conclude contracts, provide customer support and maintain customer relationships. Legitimate interest in communicating with prospective customers and fulfilling your requests; performance of a contract or pre‑contractual measures (Art. 6(1)(b) GDPR); consent when you voluntarily provide information.
Order and contract data (billing information, delivery address, order details, payment information) To process orders, supply goods and services, manage payments, provide warranties and maintain business records. Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR) for tax and commercial record‑keeping; legitimate interest in customer management.
Sensor and device data (information about devices we manufacture or service, such as serial numbers, firmware versions or diagnostic data) To configure, calibrate and support our sensor products, provide updates and offer technical assistance. Legitimate interest in ensuring the proper functioning of our products; performance of a contract when providing support services.
Marketing and newsletter data (email address, marketing preferences, information about how you interact with our marketing emails or website) To send newsletters or marketing communications, invite you to events, administer surveys or promotions and improve our communications. Consent (Art. 6(1)(a) GDPR), which you may revoke at any time; legitimate interest in promoting our business where allowed.
Application data (CV/resume, cover letter, employment history, qualifications, references) To evaluate and respond to job applications and manage recruitment. Legitimate interest in selecting suitable candidates; performance of a contract or pre‑contractual measures; legal obligation to comply with employment law.

Special categories of personal data

We do not intentionally collect sensitive personal data (e.g., health information, genetic or biometric data, religious or political beliefs). We will only process such data if you provide it voluntarily and if there is a legal basis (e.g., explicit consent) or if we are required to do so by law.


4. Sources of data

We obtain personal data directly from you when you:

  • Visit our website (through cookies and server log files);
  • Contact us via email, phone or online forms;
  • Place an order for products or services;
  • Request a quotation or technical support;
  • Sign up to receive newsletters or marketing communications;
  • Apply for a job at sens2act.

We may also collect personal data from publicly available sources (e.g., business registers) or receive information from trusted business partners and service providers when necessary for our relationship (e.g., when they forward your enquiry to us). When we receive personal data from third parties, we will inform you within one month of the collection and provide the same information as required when we collect data directly, unless this would involve disproportionate effort.


External hosting by jweiland.net

Our website is hosted by an external service provider, jweiland.net – Jochen Weiland, located at Echterdinger Str. 57, 70794 Filderstadt, Germany. All personal data collected via our website are stored on the servers of this hosting provider. As part of an order‑processing contract (Auftragsverarbeitungsvertrag), jweiland.net processes personal data solely on our instructions and in compliance with the GDPR. The use of external hosting is based on our legitimate interest under Art. 6(1)(f) GDPR in ensuring the reliable and secure provision of our website.

When you access our website, jweiland.net automatically collects certain data (server log files) to ensure security and functionality. These data include your IP address, date and time of the request, time zone difference to GMT, the content requested (specific page or file), HTTP status code, the amount of data transferred, the website from which you accessed our site (referrer), your browser type, operating system, language and version. The data are stored temporarily to detect and fend off attacks and to maintain the stability of our systems; they are not analysed for marketing purposes. Log files are deleted or anonymised after approximately seven days.

We have concluded a data‑processing agreement with jweiland.net to ensure that personal data are processed only according to our instructions and in compliance with the GDPR.


5. Cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that allow us to recognise your browser on subsequent visits. We use:

  • Essential cookies that are necessary to operate the website and provide security; without these, the site may not function properly.
  • Preference cookies that remember your settings (e.g., language) to enhance your user experience.
  • Analytics cookies (including third‑party tools) that collect aggregated information about how visitors use our site to help us improve its design and performance. Analytics cookies only collect pseudonymous data and we use them in accordance with applicable law.

You can control cookie preferences through our cookie banner and your browser settings. Under the ePrivacy Directive and Article 5 GDPR, we only store cookies on your device if they are strictly necessary or if you consent to them. You can revoke your consent at any time.


6. How we use personal data

We use personal data only for the purposes described in this policy. We will not use personal data for new purposes that are incompatible with the original purpose unless you consent or the law requires us to do so. Our uses include:

  • Providing our website and services. We process data to operate, maintain and improve our website and to provide information about our products and services.
  • Communicating with you. We respond to enquiries, provide quotations, support our customers and send transactional or administrative messages.
  • Fulfilling contracts. We use personal data to manage orders, deliver products, process payments, provide warranties and maintain our business records.
  • Developing and improving products. We may analyse aggregated data to enhance our sensor technologies, create new products and improve quality.
  • Marketing. We send newsletters and promotional communications if you consent. You can unsubscribe at any time.
  • Legal compliance. We may process personal data to comply with statutory obligations (e.g., tax and accounting duties) or to respond to legal requests.

7. Sharing your data

We will not sell your personal data and we do not rent or trade personal data for marketing purposes. We may share personal data with:

  • Service providers who assist us in hosting the website, managing email communications, processing payments, shipping products, maintaining IT systems, performing analytics or providing marketing services. These providers act as processors under contractual arrangements that ensure data protection and confidentiality.
  • Business partners such as resellers or distributors who support us in delivering our products and services. They may act as independent controllers of your data when providing their own services; we require them to protect your data.
  • Public authorities or courts when required by law or to protect our rights (e.g., to comply with tax obligations, enforce our contracts or respond to legal requests).

If we transfer personal data to countries outside the European Economic Area (EEA) or the United Kingdom, we will ensure that an adequate level of protection exists (e.g., through adequacy decisions or standard contractual clauses).

8. Retention of data

We retain personal data only as long as necessary for the purposes described above or to comply with legal retention requirements. The retention period depends on the nature of the data:

  • Server and log data are stored for a short period (usually 7–14 days) and then deleted or anonymised, unless we need them longer to investigate security incidents.
  • Contact and enquiry data are kept until your enquiry is resolved and for up to three years afterwards to defend against legal claims.
  • Order and contract data are stored for the duration of the contract and for six to ten years thereafter to fulfil commercial and tax retention obligations.
  • Sensor or support data are kept until the device’s lifecycle ends or until support is complete.
  • Marketing data are retained until you withdraw your consent or for up to three years since your last interaction with us.
  • Application data are stored for the duration of the application process and for up to six months thereafter unless you consent to a longer period.

We review our retention periods periodically to ensure we do not store data longer than necessary.


9. Your rights under the GDPR and other laws

9.1 Rights of individuals within the European Union / European Economic Area

Under the GDPR, you have the following rights:

  1. Right to be informed. We must provide clear information about how we process your personal data, as required by Articles 13 and 14 GDPR.
  2. Right of access. You have the right to obtain confirmation of whether we process your personal data and to receive a copy of your data, along with information about processing purposes, categories of data, recipients, retention periods and your other rights.
  3. Right to rectification. You may request that inaccurate personal data be corrected or incomplete data completed.
  4. Right to erasure (right to be forgotten). Under certain conditions you may request the deletion of personal data (e.g., if the data are no longer necessary for the purposes, you withdraw consent or object to processing). We will comply unless legal obligations or overriding legitimate interests prevent deletion.
  5. Right to restriction of processing. You may request the restriction of processing, for example if you contest the accuracy of the data or object to processing; we will restrict processing while the dispute is resolved.
  6. Right to data portability. You may request to receive your data in a structured, commonly used and machine‑readable format and to transmit it to another controller.
  7. Right to object. You may object to processing based on our legitimate interests or to processing for direct marketing. In such cases we will stop processing unless we have compelling legitimate grounds.
  8. Rights related to automated decision‑making and profiling. We do not use automated decision‑making that has a legal or similarly significant effect on you.

You may exercise these rights by contacting us at info@sens2act.com. We will handle your request without undue delay and at the latest within one month. You also have the right to lodge a complaint with the competent supervisory authority.


9.2 Rights of California residents (CCPA/CPRA)

If you are a resident of California, USA, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

  1. Right to know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business or commercial purposes for collecting or sharing it, and the categories of third parties with whom we share it. You can request this information for the 12‑month period preceding your request.
  2. Right to delete. You may request deletion of personal information we have collected about you, subject to certain exceptions (e.g., if we need the data to provide services, for security or to comply with legal obligations).
  3. Right to opt out of sale or sharing. You have the right to direct us not to sell or share your personal information for cross‑context behavioural advertising. sens2act does not sell personal information as defined by the CCPA. If we engage in targeted advertising, we will provide a “Do Not Sell or Share My Personal Information” link and honour your choice.
  4. Right to correct. You may request the correction of inaccurate personal information.
  5. Right to limit the use of sensitive personal information. You may instruct us to restrict our use of sensitive personal information (e.g., precise geolocation, racial or ethnic origin, religious beliefs, union membership, health information, etc.) to what is necessary to provide requested goods or services. We do not use sensitive personal information for inferring characteristics.
  6. Right to non‑discrimination. We will not discriminate against you for exercising your rights. This means we will not deny goods or services, charge different prices or provide a different level of quality solely because you exercise your privacy rights.

To exercise your CCPA/CPRA rights, please email us at info@sens2act.com with “California Privacy Request” in the subject line or call our U.S. toll‑free number (if we provide one). We will verify your identity before processing your request and respond within the timeframes set by law.


9.3 Rights of Brazilian data subjects (LGPD)

For individuals residing in Brazil, the Lei Geral de Proteção de Dados (LGPD) provides specific rights. You have the right to:

  1. Confirm whether we process your data.
  2. Access your data and obtain information on our processing activities.
  3. Correct incomplete or inaccurate data.
  4. Request anonymisation, blocking or deletion of unnecessary, excessive or unlawfully processed data.
  5. Data portability to another service or product provider.
  6. Delete data processed with your consent.
  7. Obtain information about public and private entities with whom we share data.
  8. Be informed of your ability to withhold consent and the consequences of refusal.
  9. Revoke consent at any time.

You may exercise these rights by contacting us at info@sens2act.com and specifying that your request concerns the LGPD.


9.4 Rights under Canada’s PIPEDA

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to our commercial activities. PIPEDA is based on ten fair information principles:

  1. Accountability. We are responsible for personal data under our control and have appointed an individual accountable for our compliance.
  2. Identifying purposes. We will identify the purposes for collecting personal information before or at the time of collection.
  3. Consent. Your knowledge and consent are required for the collection, use and disclosure of personal information.
  4. Limiting collection. We limit our collection of personal data to what is necessary for the identified purposes.
  5. Limiting use, disclosure and retention. We will not use or disclose personal information for purposes other than those for which it was collected, except with consent or as required by law.
  6. Accuracy. We will keep personal information as accurate, complete and up‑to‑date as necessary for the purposes.
  7. Safeguards. We protect personal data using security safeguards appropriate to the sensitivity of the information.
  8. Openness. We will make specific information about our policies and practices available to individuals.
  9. Individual access. Upon request, you may access your personal data and challenge its accuracy and completeness.
  10. Challenging compliance. You may challenge our compliance with these principles.

You can contact us at info@sens2act.com to exercise your PIPEDA rights or to challenge our compliance.


9.5 Other jurisdictions

Many other countries have privacy laws that grant similar rights, such as: – Australia’s Privacy Act (APPs), which provides rights to access and correct personal information and requires notice of data collection; – New Zealand’s Privacy Amendment Act 2025, which requires organisations to notify individuals when they collect personal information from a source other than the individual; – Chile’s Personal Data Protection Act (LPPD)Singapore’s PDPA and other regional laws; – U.S. state laws (e.g., Colorado Privacy Act, Virginia Consumer Data Protection Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act), which give rights to access, delete, correct data and opt out of targeted advertising. We endeavour to respect all applicable rights and will respond to individual requests accordingly.

If you are located in a jurisdiction with specific data‑protection rights not listed above, please contact us and we will take reasonable steps to comply with your request.


10. Security measures

We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, alteration, disclosure or destruction. These include:

  • Secure server infrastructure with firewalls and encryption;
  • Access controls and authentication mechanisms to limit access to authorised personnel;
  • Regular updates and patch management of software and hardware;
  • Data backup and recovery procedures;
  • Internal policies and staff training on confidentiality and data protection;
  • Procedures to address personal data breaches.

Despite these measures, no system is completely secure. We therefore encourage you to take steps to protect your own data, such as using strong passwords and keeping your devices and software up to date.


11. Data processing agreements and accountability

Under the GDPR’s accountability principle, controllers must demonstrate compliance with data protection laws and maintain records of processing activities. We therefore:

  • Maintain documentation of processing operations and the legal bases used;
  • Enter into data processing agreements with processors and ensure they provide sufficient guarantees of data protection and implement appropriate measures;
  • Provide privacy training to staff and limit access to personal data to those who need it;
  • Conduct data protection impact assessments when required (e.g., for new technologies or high‑risk processing);
  • Review and update our policies and procedures regularly.

12. Children’s privacy

Our products and services are intended for a business audience and not for children. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will delete the data as soon as possible. Parents or guardians who believe that their child has provided personal data to us should contact us.


13. Links to other websites and third‑party services

Our website may contain links to third‑party websites or embed third‑party content (e.g., videos or maps). When you click on a link to an external site, you leave our domain and our privacy policy no longer applies. The third party’s privacy policy governs the collection and processing of your data on their website. We encourage you to review those policies.

We may also integrate third‑party services (such as hosting providers, email service providers or analytics tools) that process data on our behalf. We ensure these providers offer adequate data protection and that they are contractually obligated to act only under our instructions.


14. Updates to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements or technology. The date at the top of this document indicates when it was last updated. We will publish the updated policy on our website. If we make material changes that affect your rights, we will provide a prominent notice or, where appropriate, seek your consent.

If you have any questions about this privacy policy or wish to exercise your rights, please contact us at info@sens2act.com or write to us at our company address. We will be happy to assist you.