1. Controller
The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:
SW Save the Water GmbH
Mörfelder Landstraße 277b
60598 Frankfurt am Main
Germany
Represented by the managing director: Tim Nixdorff
Registered in the commercial register of the district court Frankfurt am Main, HRB 137595
E-mail: info@soapeya.com
2. General Information on Data Processing & Legal Bases
We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. Processing generally takes place only with the user's consent or where another legal basis applies.
Legal Bases
Art. 6 para. 1 lit. a GDPR – Consent (e.g. newsletter, non-essential cookies).
Art. 6 para. 1 lit. b GDPR – Performance of a contract or pre-contractual measures.
Art. 6 para. 1 lit. c GDPR – Compliance with a legal obligation.
Art. 6 para. 1 lit. f GDPR – Legitimate interests (e.g. secure provision of the website, responding to contact requests).
Storage Duration and Deletion
Personal data will be deleted as soon as the purpose of processing ceases and no statutory retention obligations stand in the way.
Transfer to Third Countries
Transfer of personal data to countries outside the EU/EEA only takes place if the requirements of Art. 44 et seq. GDPR are met (e.g. adequacy decision, standard contractual clauses, explicit consent).
3. Your Rights as a Data Subject
You have the following rights with respect to your personal data:
Right of access (Art. 15 GDPR),
Right to rectification (Art. 16 GDPR),
Right to erasure (Art. 17 GDPR),
Right to restrict processing (Art. 18 GDPR),
Right to data portability (Art. 20 GDPR),
Right to object to processing (Art. 21 GDPR),
Right to withdraw consent with effect for the future (Art. 7 para. 3 GDPR).
To exercise your rights, a simple notification to the contact details mentioned in section 1 is sufficient.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us (Art. 77 GDPR). The competent authority for us is:
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
datenschutz.hessen.de
4. Hosting & Server Log Files
The website is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. We have a data processing agreement with the provider in accordance with Art. 28 GDPR. Data processing takes place exclusively within the European Union.
Each time the website is accessed, technically necessary data is automatically recorded by our hosting provider in so-called server log files:
anonymized IP address of the requesting device,
date and time of access,
name and URL of the requested file,
amount of data transferred and HTTP status code,
referrer URL (previously visited page),
browser and operating system used.
Purpose: Ensuring smooth connection establishment, convenient use, evaluation of system security and stability, and defense against attacks.
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and stable operation of the website).
Storage Duration: Log files are stored for a maximum of 14 days and then deleted. No consolidation with other data sources takes place.
5. Contact Form
On our website, we offer you the opportunity to contact us via a contact form. The following data is collected:
First name (mandatory field),
Last name (mandatory field),
Company (optional),
Role / Position (optional),
E-mail address (mandatory field),
Your message (mandatory field),
Confirmation of the privacy policy (mandatory field, consent).
The data is transmitted exclusively by e-mail to info@soapeya.com; no intermediate storage on the web server takes place.
Purpose: Processing your request and any subsequent communication.
Legal Basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures / contract initiation), if your request is aimed at concluding a contract; otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest in effectively responding to contact requests) as well as Art. 6 para. 1 lit. a GDPR (consent).
Storage Duration: The transmitted data is stored until your request has been finally processed and then deleted, unless statutory retention obligations stand in the way.
6. Newsletter (Brevo)
You can subscribe to our newsletter on our website. The following data is collected as part of the registration:
E-mail address,
Consent to receive the newsletter,
Date and time of registration and confirmation (for evidence purposes).
Double Opt-In Procedure
Registration takes place using the so-called double opt-in procedure. After registration, you will receive an e-mail with a confirmation link. Your e-mail address will only be added to our mailing list after you click on this link. This ensures that the registration was actually made by you.
Mailing Service Provider: Brevo
The newsletter is sent via the Brevo service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin, Germany) as part of the Brevo Group (Brevo SAS, 106 boulevard Haussmann, 75008 Paris, France). We have a data processing agreement with the provider in accordance with Art. 28 GDPR.
Success Measurement (Click Rates)
Our newsletters contain so-called tracking pixels and individualized links with which we can evaluate whether and when you have opened a newsletter e-mail and which links you have clicked on. This information is used for statistical evaluation and to optimize our newsletter content.
Legal Basis: Art. 6 para. 1 lit. a GDPR (consent).
Storage Duration: The data is stored as long as you are subscribed to the newsletter. After unsubscribing, the data is stored in a suppression list if necessary to prevent future mailings.
Withdrawal of Consent / Unsubscribe
You can withdraw your consent to receive the newsletter and to measure success at any time with effect for the future, e.g. via the unsubscribe link in each newsletter or by e-mail to info@soapeya.com.
Further information on data protection at Brevo can be found at: www.brevo.com/de/legal/privacypolicy/
7. Cookie Consent with Cookiebot
On our website, we use the consent management tool Cookiebot from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot enables us to obtain and document legally compliant consent from users for the processing of personal data.
Currently, only technically necessary cookies are used on this website, which are required for the operation of the website. No consent is required for this.
In the context of using Cookiebot, the following data is processed:
anonymized IP address,
date and time of consent,
browser information,
information about the end device,
status of consent (as evidence).
Legal Basis: Art. 6 para. 1 lit. c GDPR (legal obligation to document consent) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in legally secure consent management).
Storage Duration: Consent data is stored in accordance with statutory proof obligations for up to 12 months.
Further information on data protection at Cookiebot can be found at: www.cookiebot.com/de/privacy-policy/
8. Data Security
We use the widely used SSL/TLS procedure in connection with the highest level of encryption supported by your browser during website visits. In addition, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.
9. Currency and Amendment of this Privacy Policy
This privacy policy is currently valid and is as of May 2026. Due to the further development of our website and services or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version can be accessed at any time on this page.