Privacy

Privacy Policy

As of: April 2026

This privacy policy applies to the website preq.eu, operated by PreQ GmbH.

1. Controller

PreQ GmbH
Ovelgönneweg 2
28844 Weyhe
Germany
Phone: +49 (0) 4203 832 064
Email: datenschutz@preq.eu

PreQ GmbH is the sole controller within the meaning of the General Data Protection Regulation (GDPR) for data processing on this website.

A data protection officer is not required by law. For data protection inquiries, please contact the email address above.

2. Hosting and Server Infrastructure

Our websites are hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Processing takes place exclusively in German data centres. We have concluded a data processing agreement with Hetzner in accordance with Art. 28 GDPR.

Server Log Files

Each time our websites are accessed, the server automatically records the following data in so-called server log files:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Notification of successful retrieval (HTTP status code)
  • Browser type and version
  • Operating system of the user
  • Referrer URL (previously visited page)

The data is evaluated exclusively to ensure trouble-free operation and to improve our services. It is not possible for us to identify individual persons. The log files are automatically deleted after 14 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and trouble-free operation).

3. SSL/TLS Encryption

Our websites use SSL/TLS encryption for security reasons. An encrypted connection is indicated by the browser's address bar changing from "http://" to "https://" and by the lock icon in your browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Cookies

Technically Necessary Cookies

Our websites use technically necessary cookies that are required for the operation of the site. These include:

  • Session Cookie — Management of your session (e.g. shopping cart, login status). Deleted at the end of the browser session.
  • CSRF Token — Protection against cross-site request forgery attacks. Deleted at the end of the session.
  • Cookie Consent — Storage of your cookie settings. Retention period: 1 year.
  • Language Selection — Storage of your preferred language. Retention period: 1 year.

No consent is required for these cookies (§ 25(2) No. 2 TDDDG).

Web Analytics with Matomo

We use Matomo, an open-source software for statistical analysis of website usage. Matomo is operated on our own server in Germany (self-hosted). No data is transmitted to third parties.

Matomo is used in a privacy-friendly configuration:

  • No cookies are set.
  • Your IP address is truncated by two bytes (e.g. 192.168.x.x → 192.168.0.0), so that no identification of individual persons is possible.
  • Data is evaluated exclusively in anonymised and aggregated form.

Since Matomo in this configuration neither sets cookies nor accesses end devices, no consent is required (§ 25(2) No. 2 TDDDG). No data is transmitted to third countries.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in statistical analysis to improve our services).

5. Contact Form and Email

If you contact us via our contact form or by email, the data you provide (name, email address, company if applicable, phone number and your message) will be stored by us to process your enquiry.

Emails are processed and stored on our own server in Germany (IMAP). No forwarding to external email services takes place.

Please note that data transmission by email may be unencrypted. Complete protection of data from third-party access is not possible with email communication.

The data will be deleted once your enquiry has been conclusively processed — unless statutory retention obligations prevent this.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual enquiries) or Art. 6(1)(f) GDPR (legitimate interest in processing general enquiries).

6. Customer Account

You can open a customer account on our websites. We collect the following data:

  • Company / Name
  • Email address
  • Password (stored exclusively in encrypted form)
  • Address (billing and, if applicable, delivery address)
  • VAT ID number if applicable

The data is used to manage your account, simplify the ordering process and display your order history. You can request deletion of your customer account at any time by contacting us at datenschutz@preq.eu.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

7. Order Processing

To process your order, we collect and process the following data:

  • Company / Name and address
  • Email address and phone number if applicable
  • Order details (product, quantity, specifications, price)
  • Billing and delivery address
  • Payment information
  • VAT ID number if applicable

This data is required for the performance of the purchase contract. Without this information, we cannot process your order.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

8. Disclosure of Data to Production Service Providers and Shipping Companies

Our products (labels, stickers, plastic cards, etc.) are manufactured and shipped by specialised production service providers on our behalf. To process your order, we share the following data with our production service providers:

  • Name and company
  • Delivery address
  • Order details (product, quantity, technical specifications)
  • Uploaded print data (see Section 9)
  • Email address or phone number for delivery queries if applicable

The disclosure is made exclusively for the purpose of contract performance (production and delivery of your order). We work with production service providers in Germany, the EU/EEA and in third countries (including China, Taiwan, Turkey). Where service providers act as processors, we have concluded data processing agreements in accordance with Art. 28 GDPR. For transfers to third countries, we ensure an adequate level of protection for your data through appropriate safeguards (in particular EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR).

For shipping the finished products, your delivery address and, where applicable, your email address (for shipment tracking) are shared with shipping service providers (e.g. DHL, GLS, DPD). The shipping service providers process your data as independent controllers.

Neutral Shipping: If you selected "neutral shipping" when placing your order, your shipment will be sent with a neutral sender. The name of our production service provider will then not appear on the parcel.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

9. Print Data Upload

For the production of your printed products, you upload print data (PDF files) to your customer account. These files are stored on our server in Germany and automatically processed for quality checking (resolution, colour mode, bleed, dimensions). The print data is then transmitted to the responsible production service provider (see Section 8).

Note: Your print data may contain personal data of third parties (e.g. names and contact details on business cards or ID cards). As the client, you are responsible for ensuring that you are authorised to transmit this data and that the data subjects have been informed accordingly.

Retention of Print Data: Your print data is stored during order processing and at least until the expiry of the statutory warranty period, to safeguard your rights and ours in the event of complaints (Art. 17(3)(e) GDPR). Early deletion within this period is not possible.

After the warranty period expires, your print data will be automatically deleted unless you have activated the free "Print Data Archive" service in your customer account. This service enables simplified reorders and is provided as a supplementary contractual service. You can deactivate the service at any time — your print data will then be irrevocably deleted within 30 days. In the event of inactivity of your customer account for more than 36 months, we reserve the right to delete archived print data after prior notification by email.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

10. Payment Processing

PayPal / PayPal Checkout

We offer payment via PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When you pay with PayPal, your payment data (name, amount, email address, billing and delivery address if applicable) is transmitted to PayPal. PayPal processes this data as an independent controller.

Further information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Legal basis: Art. 6(1)(b) GDPR (performance of contract — you actively choose PayPal as a payment method).

11. SaaS Portals and Subscription Services

Some of our websites offer cloud-based portals as subscription services (e.g. QR code portals, CE marking portals, Digital Product Passports). When using these services, we process:

  • Registration and account data
  • Content you enter and files you upload
  • Usage data (time and scope of use)
  • API credentials (tokens)
  • Payment data for subscription billing

Note on Controllership: If you as a customer process personal data of third parties through our portals (e.g. product data with contact persons, employee data in CE documentation), you are responsible for this processing yourself. We will provide you with a data processing agreement pursuant to Art. 28 GDPR upon request.

The data is stored for the duration of the contractual relationship. After contract termination, the content will be deleted within 90 days, unless statutory retention obligations apply.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

12. External Links

Our websites contain links to third-party external websites (e.g. for file format conversion). When you click these links, you are redirected to the respective external website. Data is only transmitted to the third-party provider upon clicking. We have no influence on the content and data protection practices of these external websites. Please inform yourself directly with the respective provider about their data protection provisions.

13. Recipients and Categories of Recipients

Transmission of your personal data to third parties only takes place in the cases described in this privacy policy. In summary, the following categories of recipients are involved:

  • Production Service Providers — Manufacturing and shipping of your orders (processors or independent controllers, based in DE/EU and third countries)
  • Shipping Service Providers — Parcel delivery (independent controllers)
  • Payment Service Providers — PayPal (independent controller, based in Luxembourg)
  • Hosting Provider — Hetzner Online GmbH (processor, based in Germany)
  • Web Analytics — Matomo (self-hosted on own server in Germany, no data disclosure to third parties)
  • Tax Adviser / Tax Authorities — within the scope of statutory obligations

14. Transfer to Third Countries

Your data is generally processed exclusively within the EU/EEA. Our hosting, email processing and web analytics (Matomo) are operated on servers in Germany.

Transfer to third countries takes place in the following cases:

  • Production Service Providers: For the manufacture of certain products, we work with service providers in third countries (including China, Taiwan, Turkey). Data transfer is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
  • PayPal: If you choose PayPal as a payment method, PayPal may transfer data to group companies in the USA. This is based on the EU-US Data Privacy Framework (EU Commission Adequacy Decision of 10 July 2023).

15. Retention Period and Deletion Deadlines

We store your personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations:

  • Order data, invoices, business correspondence — 10 years (§ 147 AO, § 257 HGB)
  • Contract data — Duration of contractual relationship + 3 years (limitation period)
  • Customer account data — Until account deletion, then in accordance with statutory retention periods
  • Print data — At least until expiry of warranty period (1 year); with activated print data archive until deactivation or account deletion
  • SaaS portal content — Duration of subscription + 90 days
  • Contact enquiries — Until conclusive processing + 3 years
  • Server log files — 14 days

16. Your Rights as a Data Subject

You have the following rights against us with regard to your personal data:

  • Right of Access (Art. 15 GDPR) — You have the right to obtain information about the data we have stored about you, including a copy of this data.
  • Right to Rectification (Art. 16 GDPR) — You have the right to request the correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR) — You have the right to request the deletion of your data, provided no statutory retention obligations prevent this.
  • Right to Restriction of Processing (Art. 18 GDPR) — You have the right to request the restriction of processing of your data.
  • Right to Data Portability (Art. 20 GDPR) — You have the right to receive the data concerning you in a structured, commonly used and machine-readable format.
  • Right to Withdraw Consent (Art. 7(3) GDPR) — You have the right to withdraw consent once given at any time. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.

Right to Object (Art. 21 GDPR)

If we process your personal data on the basis of a legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests.

If we process your data for direct marketing purposes, you have the right to object at any time. We will then no longer process your data for this purpose.

Please address your objection to: datenschutz@preq.eu

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Phone: +49 (0) 511 120-4500
Email: poststelle@lfd.niedersachsen.de
Website: www.lfd.niedersachsen.de

17. Obligation to Provide Data

In the context of an order, you are obligated to provide the data necessary for contract processing (name, address, payment details). Without this information, we cannot fulfil the contract. Any further information is voluntary.

18. Automated Decision-Making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

19. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our data processing. The current version can always be found on our websites. We recommend that you read this privacy policy regularly.

PreQ·preq.eu
Schedule a consultation

Non-binding first call about print, cards, QR solutions and compliance. We listen to your project and show you the right path across our brands.

Loading slots…
No slots currently available. Please try again later.

1. Pick a day

2. Pick a time for

3. Your contact details

You will receive an email with a confirmation link. Please click it within 30 minutes — only then your appointment is binding. After that you receive a second email with all details and a cancellation link.

Please check your inbox

We sent you an email with a confirmation link. Please click it within 30 minutes — only then your appointment is binding.

Privacy policy