Privacy Policy
This Privacy Policy applies to the website pointzero.tech.
Last updated: 10 July 2026
This English translation is provided for convenience only. In the event of any inconsistency or conflict, the German version shall prevail.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Point Zero GmbH
Speditionstr. 15A
40221 Düsseldorf
Germany
Email: info@pointzero.tech
Phone: +49 162 7555786
Further information can be found in our Legal Notice.
2. Data protection officer
We have not appointed a data protection officer because the statutory requirements for such an appointment do not apply.
For questions concerning data protection, please contact us at info@pointzero.tech.
3. Website delivery and hosting
This website is hosted by:
Vercel Inc.
440 N Barranca Avenue #4133
Covina, CA 91723
United States
When you access the website, Vercel processes the technical data transmitted by your browser or device. This may include:
- your IP address,
- the date and time of the request,
- the page or file requested,
- the HTTP status code and amount of data transferred,
- the referring URL, where transmitted,
- browser type, browser version, operating system and device type,
- technical request, diagnostic and security information.
This processing is necessary to deliver the website, maintain its stability and security, and identify and investigate technical faults and attacks.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure, reliable and efficient operation of our website.
We use Vercel under a Pro plan. The Vercel Data Processing Addendum forms part of the agreement and applies where Vercel acts as our processor. To the extent that Vercel processes certain service-generated data as an independent controller, such processing is governed by the Vercel Privacy Notice.
Runtime logs available to us through the Vercel dashboard are generally retained for one day under the current Pro configuration. Vercel processes and retains other service-generated data in accordance with its applicable contractual terms and privacy notice.
4. Vercel Web Analytics
We use Vercel Web Analytics to understand, in aggregated form, how our website is used, which pages are visited most frequently and which technical environments visitors use to access the website.
The following data points may be processed:
- time of the page view,
- page, URL or route visited,
- filtered URL parameters,
- referrer,
- approximate location derived from the IP address,
- browser and browser version,
- operating system and version,
- device type,
- version of the analytics script.
Vercel Web Analytics does not use cookies or store persistent visitor identifiers in the browser. Visits are distinguished using a server-side hash generated from the incoming request. The hash is valid for one day only, cannot be used to recognize visitors across different websites or days, and is discarded after 24 hours. The IP address is not stored together with the analytics data. We only receive aggregated statistics.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in understanding the use of our corporate website and improving its content, navigation and technical quality. We do not use analytics data for advertising, individual user profiles or automated decision-making.
Vercel Web Analytics does not use cookies or comparable persistent identifiers and does not access the language or theme preferences stored by us for analytics purposes. Further information is available in the Vercel Web Analytics privacy documentation.
5. International data transfers
Vercel is based in the United States. Personal data may therefore be processed in the United States and in other countries in which Vercel or its subprocessors operate.
Vercel is certified under the EU–US Data Privacy Framework. Where required, transfers are additionally protected by the European Commission’s Standard Contractual Clauses and the supplementary safeguards contained in the Vercel Data Processing Addendum.
In connection with Google Workspace, data may also be processed by Google entities or subprocessors outside the European Economic Area. Such transfers are governed by the Google Cloud Data Processing Addendum and are based, as applicable, on an adequacy decision, applicable Standard Contractual Clauses or another legally recognized transfer mechanism.
6. Language settings, cookie and local storage
The website stores only functional preferences and only after you actively select a language or appearance setting.
Language
When you select German or English using the language switcher, the following entries are stored:
- Cookie
pz-lang- Value:
deoren - Retention period: one year
- Path:
/ - SameSite:
Lax
- Value:
- Local-storage entry
pz-lang- Value:
deoren - Retention period: until manually cleared in the browser
- Value:
The cookie is required so that the server can render the selected language correctly on the first page load. The local-storage entry keeps the client-side language state synchronized.
Appearance
When you change the appearance setting, the following entry is stored:
- Local-storage entry
pz-theme- Value:
light,darkorsystem - Retention period: until manually cleared in the browser
- Value:
Nothing is stored on the first visit. Until you actively make a selection, the initial language is determined using the Accept-Language header transmitted by your browser. The initial appearance follows your operating system preference. The website does not persist these defaults.
The entries are used exclusively to apply your selected language and appearance. They are not used for analytics, advertising or tracking and are not shared with third parties.
Storing and accessing these entries is strictly necessary to provide the functions you have expressly requested and is therefore permitted under § 25(2) no. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG) without consent. To the extent that personal data is processed, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in providing a consistent and user-friendly website experience.
You can delete the cookie and local-storage entries at any time through your browser settings.
7. Fonts
This website uses the Hanken Grotesk and IBM Plex Mono typefaces. The font files are bundled locally and delivered together with the website through our hosting provider.
Loading the fonts does not establish a connection to Google Fonts or any other external font provider.
8. Contact and Google Workspace
The form on our contact page runs entirely in your browser. Submitting the form opens a pre-filled message in your own email application. The website itself does not transmit the entered form data to Point Zero GmbH or store it on our website servers.
We receive and process the information only when you send the message using your email application. Processing by your chosen email application or email provider is governed by that provider’s own privacy terms.
We use Google Workspace to receive and process business emails. The provider responsible under our agreement is:
Google Cloud EMEA Limited
70 Sir John Rogerson’s Quay
Dublin 2
Ireland
If you contact us by email, the data processed may include your name, email address, message content, attachments and technical sending and delivery information.
Google processes this data as a processor within Google Workspace. The Google Cloud Data Processing Addendum forms part of the agreement.
Where your enquiry relates to entering into or performing a contract, the legal basis is Article 6(1)(b) GDPR. For other enquiries, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in handling and responding to business enquiries.
If you contact us by phone, we process the information you provide and, where available, your phone number and the time of the call for the same purposes and on the same legal bases.
9. Recipients of personal data
Where necessary, personal data may be disclosed to the following recipients or categories of recipients:
- Vercel Inc. for hosting, technical delivery and web analytics,
- Google Cloud EMEA Limited and Google’s subprocessors for email communications,
- persons within our company who need access to handle the relevant matter,
- public authorities, courts, legal advisers, tax advisers or other bodies where disclosure is required by law or necessary to establish, exercise or defend legal claims.
We do not sell or rent personal data.
10. Retention periods
We retain personal data only for as long as necessary for the relevant purpose or as required by statutory retention obligations.
The following criteria apply in particular:
- Runtime logs available through the Vercel Pro dashboard are generally retained for one day under the current configuration.
- The hash generated by Vercel Web Analytics to distinguish daily visitors is discarded after 24 hours.
- Aggregated analytics data is retained only for as long as required to analyze and improve the website and as permitted by the applicable Vercel settings.
- Data from general enquiries is deleted once the enquiry has been fully handled and no further retention is necessary.
- Contractual or business-relevant communications may be retained for six, eight or ten years in accordance with applicable German commercial and tax-law requirements, depending on the nature and content of the records.
Statutory retention obligations remain unaffected.
11. Your rights
Where the applicable statutory conditions are met, you have the following rights:
- right of access under Article 15 GDPR,
- right to rectification under Article 16 GDPR,
- right to erasure under Article 17 GDPR,
- right to restriction of processing under Article 18 GDPR,
- right to data portability under Article 20 GDPR,
- right to object to processing based on Article 6(1)(f) GDPR under Article 21 GDPR.
Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.
To exercise your rights, contact us at info@pointzero.tech.
Under Article 77 GDPR, you also have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2–4
40213 Düsseldorf
Germany
Further information is available on the LDI NRW website.
12. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Article 22 GDPR on this website.
13. Obligation to provide data
You are under no statutory or contractual obligation to provide personal data through the website.
However, certain technical data must be transmitted in order to deliver the website to your device. If you contact us, we also require sufficient contact information to respond to your enquiry.
14. Changes to this Privacy Policy
We update this Privacy Policy when changes to the website, the services used or the applicable legal requirements make this necessary.
The version currently published on this website applies. The date of the current version is shown at the beginning of this Privacy Policy.