Legal
Privacy Policy
Last updated: July 3, 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:
Think Ahead Technologies GmbH, Sophienstraße 32, 70178 Stuttgart, Germany
Managing Director: Waldemar Kindler
Email: admin@think-ahead.tech · Phone: +49 1578 5161 921 · Website: https://think-ahead.tech
A data protection officer has not been appointed, as the statutory conditions for a mandatory appointment (Art. 37 GDPR, Section 38 BDSG) are not met.
2. Hosting and Server Log Files
Our website is operated on our own infrastructure hosted at Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). All hosting data is processed exclusively in Germany; no transfer to third countries takes place in this respect.
When the website is accessed, information is automatically processed in server log files: IP address, date and time of access, page accessed, referrer URL, browser type and version, operating system. This data is technically necessary to deliver the website, ensure its stability and security, and defend against attacks.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website). A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner.
Server log files are deleted no later than 30 days.
3. Cookies and Consent Management
Our website uses cookies and similar technologies. Cookies that are not technically necessary (analytics, marketing) are only set with your consent via our cookie consent banner (Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR). Technically necessary cookies — for example to store your consent preferences — are based on Section 25(2) TDDDG or Art. 6(1)(f) GDPR.
You can withdraw or adjust your consent at any time with future effect by opening the "Cookie settings" in the footer. Analytics scripts are only loaded after consent has been given.
Your consent preference is stored for 12 months.
4. Web Analytics: Google Analytics 4
On the basis of your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG), we use Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Data processed: pages visited, session duration, traffic sources, browser type, device type, approximate location (IP addresses are truncated/anonymized before processing). Cookies used: _ga, _ga_* (lifetime up to 2 years).
The purpose is the statistical analysis of website use to optimize our offering. Data may be transferred to Google servers in the USA; the basis is the EU-U.S. Data Privacy Framework and, in addition, the EU Standard Contractual Clauses. Retention in Google Analytics is configured to 14 months.
You can withdraw your consent at any time via the cookie settings or install the Google Analytics opt-out add-on: https://tools.google.com/dlpage/gaoptout
5. Web and Social Media Analytics: Metricool
On the basis of your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG), we use Metricool, an analytics service provided by Metricool Software S.L. (Calle Diego de León 47, 28006 Madrid, Spain).
Metricool helps us understand how visitors use our website and how our social media activities perform (referrer, pages accessed, dwell time). Processing takes place within the EU. Without your consent, the Metricool script is not loaded.
We have concluded a data processing agreement with Metricool pursuant to Art. 28 GDPR. Further information: https://metricool.com/legal-notice-and-privacy-policy/
6. Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to manage website tags. Tag Manager itself does not set cookies and does not collect personal data; it triggers other tags which are in turn only loaded after your consent (Google Consent Mode). The legal basis for its use is Art. 6(1)(f) GDPR (legitimate interest in efficient and consent-compliant tag management).
7. Google Ads and Conversion Tracking
We use Google Ads, an online advertising service provided by Google Ireland Limited, to promote our services, and we use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. When you click on an ad placed by us, a conversion cookie is set on your device — only after your consent via the cookie banner (Marketing category) — with a lifetime of up to 90 days.
Data processed: click data, conversion events, anonymized IP address, device and browser information. We receive only aggregated statistics and no information that would allow individual users to be identified. Legal basis: Art. 6(1)(a) GDPR, Section 25(1) TDDDG (consent). Data transfers to the USA take place on the basis of the EU-U.S. Data Privacy Framework and, in addition, the EU Standard Contractual Clauses. You can deactivate personalized advertising here: https://adssettings.google.com
8. Contact (Email and Contact Form)
When you contact us by email (e.g. hello@think-ahead.tech) or via our contact form, we process the data you provide (name, email address, optionally company, message content) to handle your inquiry.
For the technical processing of the contact form we use Web3Forms, a form processing service (operator: Surjith S M, India). Your form data is transmitted to Web3Forms for forwarding to us and is encrypted in transit using TLS. A data processing agreement is in place with Web3Forms; the transfer to a third country takes place on the basis of EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (efficient handling of inquiries). We delete inquiry data 6 months after the last interaction, unless a business relationship arises.
9. Appointment Booking via Microsoft Bookings
For online appointment scheduling ("Book an appointment") we use Microsoft Bookings, a service provided by Microsoft Ireland Operations Limited (One Microsoft Place, Dublin 18, Ireland). When you book, we process the data you provide (name, email address, requested appointment, optionally your request) to organize and carry out the appointment.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures). Microsoft processes data on our behalf (Art. 28 GDPR); transfers to the USA are safeguarded by EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework. Further information: https://privacy.microsoft.com/en-us/privacystatement
10. Workshops and Webinars via Microsoft Teams
We conduct workshops and online events via Microsoft Teams (Microsoft Ireland Operations Limited). Upon registration, we process your name, email address, company name and, where applicable, further voluntary information to organize and carry out the event (Art. 6(1)(b) GDPR).
When participating via Microsoft Teams, the following may be processed: IP address, device information, join/leave times, display name, chat messages, questions and poll responses, and — if you voluntarily enable your camera or microphone — audio/video data. If an event is recorded, we inform all participants at the beginning; continued participation after this notice is deemed consent to the recording (Art. 6(1)(a) GDPR).
Microsoft processes this data on our behalf under a data processing agreement (Art. 28 GDPR); US transfers take place on the basis of EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.
Any promotional use of your registration data takes place only with your separate, explicit consent (separate opt-in). Retention: registration data without marketing consent 6 months after the event, with marketing consent until withdrawal (max. 24 months from last interaction), recordings max. 24 months.
11. Job Applications
If you apply to us (by email to jobs@think-ahead.tech or for advertised positions), we process your application data (contact details, CV, references, work samples such as code repositories, interview notes) solely to carry out the application procedure.
Legal basis: Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG (decision on the establishment of an employment relationship). Insofar as you voluntarily provide us with special categories of personal data, we process these under Art. 9(2)(b) GDPR in conjunction with Section 26(3) BDSG.
If no employment relationship is established, we delete your application documents no later than 6 months after conclusion of the procedure (evidence periods under the AGG), unless you consent to longer storage for future positions (talent pool, max. 12 months, revocable at any time). Recipients of your data are exclusively the persons involved in the selection procedure. Please note that documents transmitted unencrypted by email are not fully protected during transmission.
12. Company Social Media Profiles
We maintain company profiles on social networks, including LinkedIn (linkedin.com/company/think-ahead-tech), X (@ThinkAheadTech), Facebook (facebook.com/thinkaheadtech) and GitHub (github.com/think-ahead-technologies). This privacy policy also applies to our presence on these platforms as well as to any other social media profiles we operate.
When you visit our profiles or interact with content, the platform operators process your data under their own responsibility; we receive aggregated statistics from the platforms (e.g. Page Insights). For the processing carried out in the context of page statistics, we are jointly responsible with the respective platform operator (Art. 26 GDPR): with LinkedIn Ireland Unlimited Company (agreement: https://legal.linkedin.com/pages-joint-controller-addendum) and with Meta Platforms Ireland Limited for Facebook Page Insights (agreement: https://www.facebook.com/legal/terms/page_controller_addendum). Meta may transfer data to the USA; the basis is the EU-U.S. Data Privacy Framework and the EU Standard Contractual Clauses used by Meta.
We process data communicated to us via the platforms (comments, direct messages, contact details) in order to respond to your inquiries (Art. 6(1)(b) or (f) GDPR — communication with prospects and customers). You may assert your data subject rights both against us and against the platform operators; requests for access to or deletion of platform data are most effectively addressed directly to the respective operator. Platform privacy notices: LinkedIn (https://www.linkedin.com/legal/privacy-policy), X (https://x.com/en/privacy), Facebook/Meta (https://www.facebook.com/privacy/policy), GitHub (https://docs.github.com/privacy).
13. Recipients and Processors (Overview)
| Service | Provider | Purpose | Legal basis | Third country |
|---|---|---|---|---|
| Hosting | Hetzner Online GmbH, Germany | Website operation, server logs | Art. 6(1)(f) GDPR | none (DE) |
| Google Analytics 4 | Google Ireland Ltd., Ireland | Web analytics | Art. 6(1)(a) GDPR | USA (DPF/SCC) |
| Metricool | Metricool Software S.L., Spain | Web/social analytics | Art. 6(1)(a) GDPR | none (EU) |
| Google Tag Manager | Google Ireland Ltd., Ireland | Tag management | Art. 6(1)(f) GDPR | USA (DPF/SCC) |
| Google Ads | Google Ireland Ltd., Ireland | Ad/conversion measurement | Art. 6(1)(a) GDPR | USA (DPF/SCC) |
| Web3Forms | Surjith S M, India | Contact form | Art. 6(1)(b)/(f) GDPR | India (SCC) |
| Microsoft Bookings/Teams/365 | Microsoft Ireland Operations Ltd., Ireland | Appointment booking, webinars, email | Art. 6(1)(b)/(f) GDPR | USA (SCC, DPF) |
14. Data Subject Rights
Under the GDPR you have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and the right to withdraw consent given at any time with future effect (Art. 7(3)).
Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to processing based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. You may object at any time, without giving reasons, to processing for the purposes of direct marketing.
To exercise your rights, an informal message to admin@think-ahead.tech is sufficient.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, phone +49 711 615541-0, https://www.baden-wuerttemberg.datenschutz.de
15. Retention Periods (Overview)
| Data category | Retention period |
|---|---|
| Server log files | max. 30 days |
| Contact/form inquiries | 6 months after last interaction (no business relationship) |
| Appointment booking data | 6 months after the appointment, unless a business relationship arises |
| Application documents | 6 months after conclusion of the procedure; talent pool max. 12 months (consent) |
| Analytics data (GA4) | 14 months |
| Cookie consent preferences | 12 months |
| Workshop/webinar data | 6 months (without marketing consent); max. 24 months (with consent); recordings max. 24 months |
| Contract-related data | Contract duration plus statutory retention periods (up to 10 years, HGB/AO) |
16. Legal Bases (Overview)
We process personal data on the basis of Art. 6(1)(a) GDPR (consent, e.g. analytics cookies), (b) GDPR (contract and pre-contractual measures, e.g. inquiries, appointment booking, applications), (c) GDPR (legal obligations, e.g. commercial and tax retention) and (f) GDPR (legitimate interests, e.g. secure website operation, communication). Where processing is based on legitimate interests, our interest is the secure, efficient operation of our website and communication with prospects and customers.
17. Automated Decision-Making
Automated decision-making, including profiling, within the meaning of Art. 22 GDPR does not take place.
18. Changes to This Privacy Policy
We adapt this privacy policy when our processing activities or the legal situation change. The version published on this page with the stated date applies.