VITALIUS

Privacy policy

Information about the processing of personal data on vitalius.de.

Controller

Vitali Kristian
Rechberghäuser Weg 56
73035 Göppingen
Deutschland
Email: info@vitalius.de
Telephone: 017670148306

Data protection contact


Email: datenschutz@vitalius.de

Hosting and server logs

When this website is accessed, the server processes connection data that is technically required. This may include the IP address, time, requested file, referrer, browser type, operating system and transferred data volume. Processing is used to provide the website securely and reliably and to detect misuse. The legal basis is Article 6(1)(f) GDPR. Regular server logs are normally deleted after 7 days unless a security incident requires longer retention.

Hosting provider: ALL-INKL.COM, D-02742 Friedersdorf, Hauptstraße 68.

Strictly necessary storage

Strictly necessary cookies and browser storage are used for secure sessions, form protection and documentation of your privacy choice. The legal bases are Section 25(2) TDDDG and Article 6(1)(f) GDPR.

Language and convenience

The language is initially selected using available country and browser signals. A manually selected language is stored permanently on the device only if you consent to the “Language and convenience” category. The legal bases are Section 25(1) TDDDG and Article 6(1)(a) GDPR. Without consent, a manual selection remains active only for the current browser session. With consent, it can also be stored on the device for future visits.

Internal statistics, IP address and location

Internal statistics are activated only after your explicit consent. The following data may then be stored in the website’s own database:

  • time, requested page, page title and referrer;
  • full IP address and a country code supplied by the server or proxy;
  • user agent, browser and website language, platform, screen and viewport size, time zone, connection type and web-app mode, where supplied by the browser;
  • random visitor and session identifiers;
  • after an additional browser permission: geographic coordinates and the accuracy value.

The location request is made only after consent to “Statistics and location” and through the browser’s separate permission dialog. If permission is refused, no coordinates are stored. When reverse geocoding is enabled, consented coordinates may be sent to OpenStreetMap Nominatim to determine the country and a place description. The result is cached in the local database. The legal bases are Section 25(1) TDDDG and Article 6(1)(a) GDPR. The purpose is internal reach measurement, technical optimisation and error analysis. Statistics are normally deleted after 90 days.

Full IP addresses and exact location data are particularly sensitive. Before launch, the operator should verify that this level of detail is necessary for the actual purpose and reduce it where possible.

Contact form

When the contact form is used, we process first name, last name, email address, subject, message, time, IP address, country code and technical browser data. The data are used to answer the request, prevent misuse and document delivery. The legal basis is Article 6(1)(b) GDPR for contract-related requests and otherwise Article 6(1)(f) GDPR. Messages are normally deleted after 365 days unless statutory retention duties require longer storage.

CAPTCHA and form protection

The contact form uses a locally generated arithmetic question, a CSRF token, a hidden form field and rate limiting. No external CAPTCHA service is embedded and no data are sent to such a provider.

Email delivery

Contact requests are forwarded to info@vitalius.de and a confirmation copy is sent to the email address entered in the form. Depending on the configuration, delivery uses the hosting provider’s mail function or the configured SMTP provider. Recipients may therefore include the hosting or email provider and its technical subprocessors. The actual providers must be entered in this policy before publication.

Web app and offline storage

For the installable web app, the browser registers a service worker and stores public files in a cache. This supports installation, an offline notice and faster loading. Browsers can detect installation status only to a limited extent. App and cache data can be deleted in the browser or device settings.

Consent management

Your choice is documented locally and on the server with version, time, IP address, country code and user agent so that the website can respect and demonstrate the decision. You can change or withdraw your choice at any time through “Privacy settings”. Withdrawal applies to future processing.

Administration area

The administration area is password protected. Passwords are stored only as secure hashes. Login attempts and administrative actions may be recorded with time, username and IP address to detect unauthorised access. Security logs are normally deleted after 30 days.

Recipients and international transfers

Recipients may include hosting, email and IT providers where required for operation. Google Analytics, Google Tag Manager and comparable external advertising or analytics services are not used. In the protected administration area, OpenStreetMap map tiles are normally requested through a same-origin server proxy and cached locally. If the hosting server cannot retrieve the tiles, the administrator’s browser may load them directly from tile.openstreetmap.org as a technical fallback. This concerns only the logged-in administrator, not public visitors. If further external services are added, this policy must be updated before activation. International transfers depend on the providers actually selected.

Your rights

Subject to the statutory requirements, you have rights of access, rectification, erasure, restriction of processing, data portability and objection. Consent can be withdrawn at any time with effect for the future. You also have the right to lodge a complaint with a competent data protection supervisory authority.

Data security

Protective measures include HTTPS, security headers, secure sessions, CSRF protection, input validation, password hashing, access restrictions and prepared database statements. Absolute security of data transmission over the internet cannot be guaranteed.

Updates to this policy

This policy will be updated when functions, providers, the legal framework or processing operations change.

Last updated: 18.06.2026. Before publication, all operator, hosting, email and service-provider details must be completed and legally reviewed. The German version is authoritative.