Menü

Privacy Policy

General Information and Mandatory Information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data are collected. Personal data is information that can personally identify you. This Privacy Policy explains which data we collect, what we use it for, and on what legal basis this is done.

Please note that data transmission over the Internet (e.g., communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Definitions

The privacy policy of PF IT is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to explain the terminology used.

In this privacy policy, we use, inter alia, the following terms:

  • a) Personal data: Any information relating to an identified or identifiable natural person (“data subject”).
  • b) Data subject: Every identified or identifiable natural person whose personal data is processed by the controller.
  • c) Processing: Any operation or set of operations performed on personal data, such as collection, recording, organization, storage, etc.
  • d) Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.
  • e) Pseudonymization: The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information.
  • f) Controller: The natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • g) Processor: A natural or legal person who processes personal data on behalf of the controller.
  • h) Recipient: A natural or legal person to whom the personal data are disclosed.
  • i) Third party: A natural or legal person other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • j) Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

Name and Address of the Controller

The controller within the meaning of the GDPR and other national data protection laws is:

PF IT Consult GmbH
Carl-Reichstein-Str. 1
14770 Brandenburg an der Havel, Germany
Managing Director: Michael Herse

Data Protection Officer

For questions or concerns regarding data protection, you can contact our Data Protection Officer at any time:

PF IT Consult GmbH
Attn: Data Protection Officer
Carl-Reichstein-Str. 1
14770 Brandenburg an der Havel, Germany
Email: datenschutz@pfitconsult.de

Competent Supervisory Authority

Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (LDA Brandenburg)

Storage Duration

Personal data will only be stored for as long as necessary for the respective purpose or as required by legal retention periods. Upon revocation of your consent or a legitimate request for deletion, data will be deleted unless legal retention obligations prevent this.

Legal Basis for Data Processing on this Website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR (or Art. 9 (2) lit. a GDPR for special categories). In the case of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25 (1) TDDDG. Consent can be revoked at any time.

If your data is required for the fulfillment of a contract or for pre-contractual measures, processing is based on Art. 6 (1) lit. b GDPR. Furthermore, we process data to fulfill legal obligations based on Art. 6 (1) lit. c GDPR. Processing may also be based on our legitimate interest according to Art. 6 (1) lit. f GDPR.

Your Rights (Data Subject Rights)

  • Revocation of Consent: You can revoke your consent at any time. The legality of the processing carried out until the revocation remains unaffected.
  • Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data based on Art. 6 (1) lit. e or f GDPR for reasons arising from your particular situation.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.
  • Right to Data Portability: You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.
  • Information, Correction, and Deletion: You have the right to free information about your stored personal data, its origin, recipients, and the purpose of the data processing, as well as the right to correction or deletion.
  • Restriction of Processing: You have the right to request the restriction of the processing of your personal data.

Data Security

This site uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and the lock symbol in your browser line.

Cookies

Our website uses “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device.

Technically necessary cookies are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. All other cookies (e.g., for analysis or marketing) are used only after your express consent (Art. 6 (1) lit. a GDPR).

Server Log Files

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request The basis for data processing is Art. 6 (1) lit. f GDPR.

Contact via Email, Telephone, or Offer Form

If you contact us, your request, including all resulting personal data, will be stored and processed by us for the purpose of processing your concern. This processing is based on Art. 6 (1) lit. b GDPR (contractual/pre-contractual) or Art. 6 (1) lit. f GDPR (legitimate interest).

Chatbot

We offer a chatbot on our website. It processes your communication content and user data (name, contact) to answer your inquiries. The legal basis is Art. 6 (1) lit. b GDPR (contract initiation) or Art. 6 (1) lit. f GDPR (efficient communication).

Google Analytics

This website uses Google Analytics. Provider: Google Ireland Limited, Dublin, Ireland.

  • Consent: Use only occurs with your express consent.
  • IP Anonymization: We use the “_gat._anonymizeIp” function to ensure that your IP address is truncated within the EU/EEA.
  • Google Signals: Cross-device tracking is only used if you have consented.
  • Basis: Art. 6 (1) lit. a GDPR.

YouTube

We embed YouTube videos. Provider: Google Ireland Limited. Use is based on our legitimate interest in an appealing presentation (Art. 6 (1) lit. f GDPR) or your consent (Art. 6 (1) lit. a GDPR).

HITS Apps (Inventory Manager, Maintenance Manager, etc.)

Our Terms of Use / GTC apply additionally to the use of the HITS Apps.

Additional Information for Business Customers (B2B)
When using our HITS Apps for business purposes, we process personal data on your behalf. In this scenario, you are the Controller, and we act as a Processor according to Art. 28 GDPR.

Important Note on the DPA:

A Data Processing Agreement (DPA) is legally required. Our Standard DPA, including technical and organizational measures (TOMs) based on BSI IT-Grundschutz++, regulates the scope of processing and our high security standards (encryption, monitoring via CheckMK, NIS2 compliance). This DPA is automatically agreed upon as a part of the contract when cloud/subscription functions are activated.

For Private Users (B2C):

If you use the app purely privately, we are the Controller for your data. A separate DPA is not required; your rights are fully protected by this Privacy Policy.

Push Notifications & Google Firebase

Our apps use Push Notifications (legal basis: Art. 6 (1) lit. b GDPR) and Google Firebase (Analytics, Cloud Messaging, Crash Reporting). Data transfer to the USA may occur; consent is based on Art. 6 (1) lit. a GDPR and can be revoked at any time.

Status of this Privacy Policy: February 2026