Legal

Privacy Policy

Last updated: February 2026

1. Controller & Contact

The controller within the meaning of Art. 4(7) GDPR and § 2 BDSG is the operator named in our Imprint.

For all data-protection enquiries:
contact@swapto.eu

2. Hosting & Server Log Files

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. IONOS acts as a data processor on our behalf pursuant to Art. 28 GDPR. A data processing agreement (DPA/AVV) is in place. All servers are located exclusively in Germany.

When you visit our site the hosting provider automatically collects and stores the following data in server log files that your browser transmits (Art. 6(1)(f) GDPR):

  • Anonymised IP address
  • Date and time of the request
  • URL and HTTP method of the requested page
  • HTTP status code
  • Referrer URL
  • Browser type/version and operating system
  • Amount of data transferred

Our legitimate interest lies in the secure, stable and efficient provision of this website. Log data is not merged with other data sources and is deleted automatically after 7 days.

3. Data We Collect

We follow the principle of data minimisation (Art. 5(1)(c) GDPR) and collect only data that is strictly necessary for the respective purpose.

a) Suggest an Alternative form

When you submit a suggestion we collect the product name, website URL, category, description and your email address. Legal basis: Art. 6(1)(a) GDPR (your consent). Your email is used solely to follow up on your submission and is not shared with third parties. You may request deletion at any time by emailing contact@swapto.eu.

b) Contact via email

If you email us we process the data you provide (name, email address, message content) to respond to your enquiry. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in answering enquiries) or Art. 6(1)(b) GDPR if the enquiry relates to a contract. Your data is deleted once the purpose of storage ceases to apply and no statutory retention obligations (e.g. § 147 AO, § 257 HGB) prevent deletion.

4. Cookies & Similar Technologies

This website uses only technically necessary cookies as defined in § 25(2) TDDDG (Telekommunikation-Digitale-Dienste- Datenschutz-Gesetz). No tracking, marketing or third-party cookies are set. Because only essential cookies are used, consent under § 25(1) TDDDG is not required. For full details please see our Cookie Policy.

5. Analytics

We use Plausible Analytics, a privacy-friendly web analytics tool operated by Plausible Insights OÜ (registered in Estonia, EU). Plausible is open source (AGPL-3.0) and hosted on Hetzner servers in Germany.

Plausible does not:

  • Set any cookies or use local storage
  • Collect or store personal data or IP addresses
  • Track users across websites or devices
  • Use fingerprinting or any persistent identifiers

Plausible generates a daily-rotating hash from the visitor's IP address and User-Agent to count unique visitors. This hash is discarded after 24 hours and cannot be used to identify individuals. No raw IP address is ever stored or transmitted to us.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding aggregate website usage). Because Plausible does not process personal data or set cookies, no consent under § 25(1) TDDDG is required. The French data protection authority (CNIL) has confirmed that Plausible can be used without consent.

We do not use Google Analytics, Meta Pixel, or any other tracking tool. No profiling, fingerprinting or retargeting takes place.

6. Third-Party Services

We use the following third-party services that may process data on our behalf:

  • IONOS SE (Web Hosting) – Elgendorfer Str. 57, 56410 Montabaur, Germany. Data processing agreement in place. All data is stored on servers in Germany. No transfer to third countries.
  • Google Fonts – We load the "Inter" typeface via next/font, which downloads fonts at build time. No requests to Google servers are made from your browser; no IP address or other personal data is transmitted to Google during your visit.

7. Data Transfer to Third Countries

Our hosting provider IONOS operates servers exclusively in Germany. We do not transfer personal data to countries outside the EU/EEA. Should this change in the future, we will ensure appropriate safeguards pursuant to Art. 44–49 GDPR (e.g. adequacy decision, Standard Contractual Clauses) and update this policy accordingly.

8. Data Retention

We retain personal data only for as long as necessary for the respective purpose or as required by law:

  • Server log files: max. 7 days
  • Suggestion form data: deleted once the submission has been reviewed and is no longer needed
  • Email correspondence: deleted once the purpose ceases to apply, unless statutory retention periods apply (§ 147 AO: 10 years for tax-relevant documents; § 257 HGB: 6 years for commercial correspondence)

9. Your Rights Under GDPR & BDSG

You have the following rights at any time and free of charge:

  • Right of access (Art. 15 GDPR) – Obtain confirmation whether personal data concerning you is being processed and request a copy.
  • Right to rectification (Art. 16 GDPR) – Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR) – Request deletion of your personal data, unless retention is required by law.
  • Right to restriction of processing (Art. 18 GDPR) – Request restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR) – Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) – Object to processing based on legitimate interests at any time. We will then cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR) – Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@swapto.eu.

10. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG. You may contact the data protection authority of the German federal state in which you reside, in which the alleged infringement occurred, or the authority responsible for us. A list of German supervisory authorities is available at bfdi.bund.de.

11. No Obligation to Provide Data

You are not legally or contractually required to provide personal data to us. However, if you choose not to provide certain data (e.g. your email address in the suggestion form), you may not be able to use certain functions of our website.

12. No Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The current version is always available on this page. We recommend reviewing it periodically.