With the following information, we would like to provide you, as the "data subject," with an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without providing personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
The processing of personal data, such as your name, address, or email address, is always carried out in compliance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "seventhings GmbH". Through this Privacy Policy, we aim to inform you about the scope and purpose of the personal data collected, used, and processed by us.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed through this website. Nevertheless, internet-based data transmissions can fundamentally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or by mail.
You can also take simple and easily implemented measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to provide you with some advice on the secure handling of your data:
Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or names of relatives, but rather a mix of upper and lower case letters, numbers, and special characters.
The controller within the meaning of the GDPR is:
seventhings GmbH
Hainstrasse 2 , 01097 Dresden, Germany
Representative of the Controller: The Management Board
You can reach the Data Protection Officer as follows:
DataOrga® GmbH
Email: dsb@seventhings.com
You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection.
The Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this Privacy Policy, we use, among others, the following terms:
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Art. 6(1) a) GDPR (in conjunction with Section 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6(1) b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) c) GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6(1) d) GDPR.
Finally, processing operations could be based on Art. 6(1) f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. The legislator was of the opinion that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
Our offering is generally aimed at adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect it, and do not pass it on to third parties.
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
1. You have given your express consent pursuant to Art. 6(1) a) GDPR,
2. the disclosure is permissible pursuant to Art. 6(1) f) GDPR for the protection of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. in the event that there is a legal obligation for disclosure pursuant to Art. 6(1) c) GDPR, as well as
4. this is legally permissible and, pursuant to Art. 6(1) b) GDPR, necessary for the processing of contractual relationships with you.
In the context of the processing operations described in this Privacy Policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework, thus applying the adequacy decision of the EU Commission pursuant to Art. 45 GDPR. We have explicitly named this for the affected service providers in the Privacy Policy. To protect your data in all other cases, we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1) a) GDPR may serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
When using our website for purely informational purposes, i.e., if you do not register or otherwise transmit information to us or do not give consent for processing that requires consent, we only collect data that is technically absolutely necessary for us to provide the service. These are regularly data that your browser transmits to our server ("in so-called server log files"). With every access to a page by you or an automated system, our website records a series of general data and information. This general data and information is stored in the server log files. The following can be recorded:
1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (so-called referrer),
4. the sub-websites that are accessed on our website via an accessing system,
5. the date and time of access to the website,
6. a truncated Internet Protocol address (anonymized IP address) and,
7. the Internet Service Provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to
1. correctly deliver the content of our website,
2. optimize the content of our website as well as the advertising for it,
3. ensure the permanent functionality of our IT systems and the technology of our website, as well as
4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
These collected data and information are therefore evaluated by us statistically and, on the other hand, with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6(1) f) GDPR. Our legitimate interest follows from the purposes for data collection listed above.
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
Information is stored in the cookie that results from the context with the specific device used. However, this does not mean that we immediately gain knowledge of your identity.
The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific, defined period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a respectively defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.
The data processed by the cookies that are necessary for the proper functioning of the website are thus required to protect our legitimate interests and those of third parties pursuant to Art. 6(1) f) GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner within the meaning of Art. 6(1) a) GDPR.
You have the option at any time to delete cookies, allow only selected cookies, or completely deactivate cookies via the settings of your browser. Further information can be found on the support pages of the respective providers:
You have the option to register on our website by providing personal data.
The personal data transmitted to us depends on the respective input mask used for registration. The personal data entered by you is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the transfer to one or more processors, for example, a parcel service provider, who also uses the personal data exclusively for internal use attributable to us.
By registering on our website, the IP address assigned by your Internet Service Provider (ISP), the date, and the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented, and this data enables the investigation of committed criminal offenses if necessary. In this respect, the storage of this data is necessary for our security. As a matter of principle, this data is not passed on to third parties. This does not apply unless we are legally obliged to pass it on or the disclosure serves the purpose of criminal prosecution.
Your registration, with the voluntary provision of personal data, also serves to offer you content or services that, due to the nature of the matter, can only be offered to registered users. Registered persons have the option of modifying the personal data provided during registration at any time or having them completely deleted from our database.
We will provide you with information at any time upon request as to which personal data about you is stored. Furthermore, we will correct or delete personal data at your request, provided that no statutory retention obligations conflict with this. A data protection officer named in this Privacy Policy and all other employees are available to the data subject as contact persons in this regard.
The processing of your data is carried out in the interest of a comfortable and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6(1) f) GDPR.
We only transmit personal data to third parties if this is necessary within the framework of contract execution, for example, to the credit institution commissioned with the payment processing.
No further transmission of the data takes place, or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.
The basis for data processing is Art. 6(1) b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
We have integrated the Matomo component from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. We have installed the Matomo software on our own server instance in the EU and do not transfer any data to the USA. These processing operations only take place upon the granting of express consent in accordance with Art. 6(1) f) GDPR. Matomo is a software tool for web analysis, i.e., for the collection, gathering, and evaluation of data about the behavior of website visitors. Among other things, data is collected about which website a data subject came from to a website (so-called referrer), which sub-pages of the website were accessed, or how often and for what duration a sub-page was viewed. This is used to optimize the website. The software is operated on the server of the controller; the data protection-sensitive log files are stored exclusively on this server. Matomo sets a cookie on your IT system. By setting the cookie, we are enabled to analyze the use of our website. With every call of one of the individual pages of this website, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we gain knowledge of personal data, such as the IP address of the data subject, which, among other things, serves us to understand the origin of visitors and clicks. By means of the cookie, personal information, such as the access time, the location from which an access originated, and the frequency of visits to our website are stored. With every visit to our website, this personal data, including the IP address of the internet connection you use, is transferred to our server. This personal data is stored by us. We do not pass this personal data on to third parties.
On our website, we use the communication platform Intercom, provided by Intercom Inc., 55 2nd St, 4th Fl, San Francisco, CA 94105, USA. Data Processing Purposes: Intercom allows us to interact with visitors to our website and users of our software, including messages, notifications, and in-app chats, to ensure efficient support. Data Collected: The data collected may include your name, email address, and other information voluntarily provided by you. Legal Basis: The processing takes place for the better design of our services in accordance with Art. 6(1) f) GDPR. Storage Location and Security: Our Intercom instance is hosted on servers in the EU, and the data protection-relevant information is stored exclusively on these servers. Cookies: Intercom sets cookies on your IT system to enable effective use of the platform. These cookies allow for an analysis of the use of our website. Automatic Data Transmission: With every visit to our website or login to our software, your internet browser automatically transmits data to the Intercom component for support and analysis purposes. Personal Information: This includes, among other things, your IP address, which is used to determine the origin of visitors and to analyze clicks. Data Disclosure: We do not pass on your personal data to third parties and use it exclusively for the purposes mentioned.
We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. These processing operations only take place upon the granting of express consent in accordance with Art. 6(1) f) GDPR. In the context of processing via Sentry, data may be transferred to third countries. The security of the transmission is regularly ensured via so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. We have concluded a valid contract with Sentry for this purpose: https://sentry.io/legal/dpa/ Sentry serves solely these goals and does not evaluate data for advertising purposes. User data, such as device information or time of error, is collected anonymously and not used personally and is subsequently deleted. Further information on this can be found in Sentry's Privacy Policy: https://sentry.io/privacy/.
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
You have the right to obtain from us at any time, free of charge, information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
You have the right to request from us that the personal data concerning you be erased without undue delay, provided that one of the legally specified reasons applies and insofar as the processing or storage is not necessary.
You have the right to request from us the restriction of processing if one of the statutory requirements is met.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1) a) GDPR or Art. 9(2) a) GDPR or on a contract pursuant to Art. 6(1) b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1) e) (data processing in the public interest) or f) (data processing based on a balancing of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
You have the right to withdraw consent to the processing of personal data at any time with effect for the future.
You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of personal data.
We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the laws to which our company is subject.
If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
This Privacy Policy is currently valid and has the status: October 2025.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed out by you at any time on the website under "[LINK]".
This Privacy Policy was created with the support of the data protection software: audatis MANAGER.
