[ Legal ]

Privacy Policy

This policy explains which personal data we process when you visit this website, why we process it and which rights you have.

Summary

We primarily process data to provide this website and respond to your enquiries. The fonts and videos embedded by Charamel are hosted on our own servers. The optional Zapier contact form, including its captcha, is only loaded after you have given consent and then establishes connections to third-party providers. Analytics and marketing services are not active. You can withdraw or change your choice at any time using the “Open privacy settings” button in section 5.1.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the member states and other data protection provisions is:

Charamel GmbH
Subbelrather Str. 13
50672 Cologne, Germany
Phone: +49 (0) 221 — 33 66 4-0
Email: info@charamel.com
Represented by managing directors Alexander Stricker and Norbert Helff

Further information is available in our Legal notice.

2. Your rights at a glance

You have the right at any time to obtain information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to request correction, restriction or deletion of this data. These and other data protection rights are described in detail in section 8. For any privacy-related matter, you may contact us at the address stated in the legal notice.

3. Hosting and server log files

This website is hosted by an external service provider (hosting provider). Personal data collected through this website is stored on the provider's servers. This may include IP addresses, contact enquiries, metadata and communication data, contract data, contact details, names, website access data and other data generated through a website.

The hosting provider is used to operate this website on the basis of Article 6(1)(f) GDPR (our legitimate interest in providing a secure, fast and efficient online service) and, where corresponding consent has been requested, on the basis of Article 6(1)(a) GDPR. A data processing agreement pursuant to Article 28 GDPR is concluded with the hosting provider.

Whenever this website is accessed, our system automatically collects data and information from the accessing computer system in server log files. The following data is collected: browser type and version, operating system, referrer URL, host name of the accessing computer, time of the server request and a shortened IP address. This data is processed solely to ensure reliable operation and the security of our information technology systems (Article 6(1)(f) GDPR) and is not combined with other data sources.

4. General information on legal bases

Where we obtain consent for processing personal data, Article 6(1)(a) GDPR serves as the legal basis. Where processing is required to perform a contract or take steps before entering into a contract, Article 6(1)(b) GDPR serves as the legal basis. Where processing is required to comply with a legal obligation, Article 6(1)(c) GDPR serves as the legal basis. Where processing is necessary for the purposes of a legitimate interest pursued by us or a third party, and the data subject's interests, fundamental rights and freedoms do not override that interest, Article 6(1)(f) GDPR serves as the legal basis.

5. Data collection on this website

5.1 Cookies, local storage and consent management

Our website uses cookies and comparable storage technologies such as your browser's local storage. Cookies are small text files stored on your device and managed by your browser. We distinguish between the following categories:

Necessary — technically required for the website and consent management to function (e.g. storing your cookie choice in local storage under the key charamel_cookie_consent). The legal basis is Article 6(1)(f) GDPR; consent is not required under Section 25(2) TDDDG.

Functional — enables the embedded Zapier contact form, including the required captcha. The required third-party content is only loaded after you have given consent.

Analytics — would help us understand and improve use of the website (e.g. audience measurement). We currently do not use any analytics or tracking tool; this category is reserved for possible future use.

Marketing — would be used for personalised advertising or remarketing. We currently do not use any marketing or advertising cookies; this category is also reserved for possible future use.

When you first visit this website, our privacy banner informs you about the storage technologies and services currently in use. At present, only the embedded Zapier contact form is available as an optional functional service; analytics and marketing services are not active. Your choice is stored locally in your browser. Additional optional services will only be activated after your informed consent. You can reopen the settings at any time using the following button and withdraw your consent with effect for the future.

You can also configure your browser to notify you when cookies are set, allow cookies only in individual cases, exclude their acceptance in certain cases or in general, and automatically delete cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

5.2 Contact form

If you send us an enquiry using the contact form, we process the information entered there (name, email address, telephone number and message) to handle your enquiry and any follow-up questions. The form also includes a captcha to prevent automated submissions.

We use Zapier Forms (formerly Zapier Interfaces), a service provided by Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA, to provide and automatically process contact enquiries. The form is only loaded as external content after you have consented to the “Functional” category or clicked “Load form”. From that point, your browser establishes a direct connection to Zapier and loads the form page and technically required subresources, including the captcha. Even before submission, technical connection data such as your IP address, browser information, referrer, and the date and time of access may be transmitted to the providers involved.

When you submit the form, the information entered is transmitted directly to Zapier, recorded in the Zapier table connected to the form and processed within the automated workflow we have configured. This workflow may create a task from your enquiry in our Asana project management system. Data may be processed in the United States and other countries and stored in the Zap history in accordance with our Zapier account settings. According to Zapier, international data transfers are based, among other mechanisms, on the EU–US Data Privacy Framework and standard contractual clauses. Further information is available in Zapier's privacy policy and its data processing information.

The external form is loaded and accesses information on your device on the basis of your consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG). You can withdraw this consent at any time with effect for the future using the button in section 5.1. An enquiry you actively submit is processed on the basis of Article 6(1)(b) GDPR where it relates to a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in handling incoming enquiries effectively (Article 6(1)(f) GDPR).

Data stored by us remains with us until you ask us to delete it, withdraw your consent to storage or the purpose for storing the data no longer applies, for example once your enquiry has been fully processed. Processing and retention by Zapier are additionally governed by our Zapier account settings and the agreements concluded with Zapier. Mandatory statutory provisions, especially retention periods, remain unaffected.

5.3 Contact by email or telephone

If you contact us by email or telephone, your enquiry, including all resulting personal data such as your name and request, will be stored and processed by us to handle your matter. We do not disclose this data without your consent. This data is processed on the basis of Article 6(1)(b) or (f) GDPR.

5.4 Fonts used

We use the Sora and Space Mono web fonts to design our website. These fonts are hosted entirely locally on our server; loading these local files does not establish a connection to Google or other third parties. The optional Zapier contact form, which is loaded only after consent, is separate third-party content; the information in section 5.2 applies to its resources.

5.5 Video content

We include video material on several pages. These videos are stored as files directly on our own server and delivered from there. They are not embedded from external platforms such as YouTube or Vimeo, so no data is transferred to such providers.

6. Disclosure of data

We do not transfer your personal data to third parties for purposes other than those listed below. We only disclose your personal data to third parties if you have given express consent under Article 6(1)(a) GDPR, disclosure is required under Article 6(1)(f) GDPR to establish, exercise or defend legal claims, a legal obligation to disclose exists under Article 6(1)(c) GDPR, or disclosure is legally permissible and required under Article 6(1)(b) GDPR to process contractual relationships with you, for example to hosting or email providers acting as processors pursuant to Article 28 GDPR.

7. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as enquiries you send to us, this website uses SSL or TLS encryption. You can recognise an encrypted connection when the browser address changes from “http://” to “https://” and a lock symbol appears in your browser. When SSL or TLS encryption is active, data you transmit to us cannot be read by third parties.

8. Your rights as a data subject

Access, correction, deletion and restriction

Within the scope of applicable law, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients, and the purpose of processing. Where applicable, you also have the right to correction (Article 16 GDPR), deletion (Article 17 GDPR) or restriction of processing (Article 18 GDPR).

Right to object (Article 21 GDPR)

Where your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

Withdrawal of consent to data processing

Many data processing operations are only possible with your express consent. You may withdraw consent already given at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. For consent relating to optional website services, this function is available using the button in section 5.1.

Right to data portability (Article 20 GDPR)

You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used, machine-readable format, or to have it transmitted to a third party.

9. Right to lodge a complaint with the supervisory authority

If you believe data protection law has been infringed, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for privacy matters concerning Charamel GmbH, based in Cologne, North Rhine-Westphalia, is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany
www.ldi.nrw.de

10. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it continues to meet current legal requirements or reflects changes to our services, for example when new services are introduced. The revised privacy policy will apply to your subsequent visits.

Last updated: July 2026