PRIVACY POLICY
for the website https://www.utover.com
Last updated: January 18, 2026
1. Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
UTOVER GmbH
Taubenweg 14
51381 Leverkusen
Germany
Email: hello@utover.com
2. Data Protection Officer
No data protection officer has been appointed. If you have any questions regarding data protection, please contact us using the contact details above.
3. Overview of Processing Activities, Purposes, and Legal Bases
We process personal data only to the extent necessary, in particular
- to provide the website and ensure IT security,
- to respond to inquiries (email / WhatsApp),
- for reach measurement and analysis (Google Analytics) – only with consent.
Depending on the processing activity, the following legal bases apply:
- Art. 6(1)(f) GDPR (legitimate interest, e.g. secure and stable operation),
- Art. 6(1)(b) GDPR (contract or pre-contractual measures, e.g. project inquiries),
- Art. 6(1)(a) GDPR (consent, e.g. analytics),
as well as for storing or accessing information on your end device (cookies / local storage)
Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG).
4. Accessing the Website / Server Log Files
When you visit our website, information is automatically collected by the web server and stored in so-called server log files. This is technically necessary in order to deliver the website and ensure security.
Processed data typically includes:
- IP address (possibly shortened, depending on server configuration),
- date and time of the request,
- requested page or file (URL),
- amount of data transferred,
- HTTP status code,
- referrer URL (previously visited page, if transmitted),
- browser type/version, operating system, language settings,
- possibly provider or network information.
Purposes:
- technical provision of the website,
- ensuring IT security (e.g. attack detection and analysis),
- error analysis and system stability.
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
Storage period:
Server log files are regularly deleted. Longer storage occurs only if required to investigate security incidents, prevent abuse or fraud, or assert legal claims.
5. Hosting and Processing on Behalf
We use a hosting service provider to operate this website. The provider processes personal data on our behalf in accordance with Art. 28 GDPR. In this context, the provider may have access to the technical data mentioned above (in particular server log files) insofar as this is necessary for providing the hosting services.
Recipients / categories of recipients:
- hosting and IT service providers (processors),
- if applicable, additional service providers for maintenance and administration (processors), each only to the extent necessary.
6. Cookies, Local Storage, and Consent Management
We use information on your end device (cookies and local storage). Some of these are technically necessary, others serve optional purposes such as analytics.
6.1 Technically Necessary Storage
a) Consent cookie
To store your cookie selection, we use a technically necessary cookie:
- Name: utover_cookie_consent
- Content: selection (e.g. “necessary only” or “all”), timestamp
- Storage duration: 180 days
Purpose:
- storage and implementation of your consent decision.
Legal basis:
- Art. 6(1)(c) GDPR (compliance with consent obligations) and/or Art. 6(1)(f) GDPR (legitimate interest in consistent and lawful consent management),
- Section 25(2) no. 2 TDDDG (technically necessary to provide the requested consent management).
b) Local storage for display preference (dark / light mode)
Local storage may be used to store your selected display preference:
- Key: utover_theme
Purpose:
- restoring your preferred display mode and avoiding visual switching.
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in user-friendly and stable presentation) and Section 25(2) no. 2 TDDDG.
Note:
Depending on server or infrastructure configuration, additional technically necessary cookies (e.g. for load balancing or security functions) may be used.
6.2 Optional Cookies / Analytics
Optional cookies or tracking technologies (e.g. Google Analytics) are activated only if you select “Accept all cookies” in the cookie banner. If you select “Necessary cookies only”, analytics remains disabled.
Withdrawal / change:
You can change your selection at any time by using the “Cookies” link in the footer and making a new choice. Any consent given can be withdrawn at any time with effect for the future.
7. Google Analytics (only with consent)
If you have given your consent, we use Google Analytics to analyze the use of our website and to improve it.
Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Data may also be transferred to Google LLC, USA.
Processed data typically includes:
- usage data (e.g. pages visited, interactions, time spent),
- technical information (e.g. browser, device type, screen resolution),
- approximate location data (derived regionally),
- online identifiers (e.g. cookie IDs / client IDs).
Purposes:
- reach measurement and analysis,
- improvement of content, performance, and user experience.
Legal bases:
- Art. 6(1)(a) GDPR (consent),
- Section 25(1) TDDDG (consent for storing or accessing non-essential information).
Third-country transfer (USA):
Data transfers may be based on appropriate safeguards, in particular the EU–U.S. Data Privacy Framework and/or EU Standard Contractual Clauses (SCCs).
Withdrawal:
You can withdraw your consent at any time via the cookie settings (“Cookies” link in the footer). The lawfulness of processing prior to withdrawal remains unaffected.
8. Contact
8.1 Contact by email
If you contact us by email, we process the data you provide (e.g. name, email address, message content) in order to handle your inquiry.
Legal bases:
- Art. 6(1)(b) GDPR (pre-contractual measures / contract performance), where applicable,
- Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
8.2 Contact via WhatsApp
We provide a contact link to WhatsApp. When using this option, data is processed not only by us but also by WhatsApp Ireland Limited.
The use of WhatsApp is voluntary. You may contact us by email at any time instead.
Data may include your phone number, profile information (if available), message content, and technical metadata.
WhatsApp processes data under its own responsibility. Further information can be found at:
https://www.whatsapp.com/legal/privacy-policy-eea
9. External Links
Our website contains links to external websites (e.g. LinkedIn). When you click such a link, you leave our website. Data processing on the target site is the responsibility of the respective provider.
10. Recipients of Data
We disclose personal data only where necessary, in particular to processors (hosting, IT), analytics providers (with consent), authorities where legally required, or legal advisors and courts for the assertion of legal claims.
11. Your Rights
You have the rights to access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent in accordance with Articles 15–21 GDPR.
Requests may be addressed to: hello@utover.com
12. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority for North Rhine-Westphalia is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
13. Obligation to Provide Data
Providing personal data is generally neither legally nor contractually required. However, without certain data, we may not be able to process your inquiry.
14. Automated Decision-Making / Profiling
No automated decision-making within the meaning of Art. 22 GDPR takes place.
15. Changes to this Privacy Policy
We reserve the right to amend this privacy policy if required due to changes in legal requirements, technical changes, or new or further developed services.
16. Chatbot (OpenAI API via Chatkit)
We provide a chatbot on our website. Once you start the chat, the OpenAI API is called via Chatkit. In doing so, the data typically required to operate the chat is transmitted, including the text you enter and the previous chat history, so the chatbot can generate consistent responses.
Data processed (typically):
- content you enter (messages, questions, and, if offered, files/attachments),
- chat history within the session (context for follow-up questions and replies),
- technical metadata (timestamps, session identifiers, error and diagnostic information),
- IP address and connection data to the extent technically necessary (e.g. abuse prevention and stability),
- usage and telemetry data for technical monitoring and troubleshooting (e.g. performance metrics).
Note on content:
Please do not share special categories of personal data (e.g. health data) or confidential information via the chat unless it is strictly necessary.
Purposes:
- responding to inquiries and providing support and information services,
- improving user experience and service quality,
- technical security, abuse prevention, as well as error analysis and system stability.
Legal bases:
- Art. 6(1)(b) GDPR (pre-contractual measures / performance of a contract), where the chat is used to initiate or perform services,
- Art. 6(1)(f) GDPR (legitimate interests in efficient communication, support, IT security, and stable operation),
- Art. 6(1)(a) GDPR (consent), where the chatbot or specific features are enabled only with consent.
Recipients / categories of recipients:
- OpenAI as a service provider for AI processing (within the use of the OpenAI API via Chatkit),
- hosting and IT service providers (processors) for operation, maintenance, and security,
- if applicable, providers of technical telemetry and security monitoring, to the extent necessary.
Technical connections / domains (typically when using the chatbot):
- https://api.openai.com
- https://eu-api.openai.com
- https://sentinel.openai.com
- https://browser-intake-datadoghq.com
- https://*.oaiusercontent.com
- https://chatgpt.com
Third-country transfers:
Depending on configuration and sub-processors used, processing outside the EU/EEA cannot be ruled out (in particular the USA). Where applicable, transfers are carried out on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses (SCCs), and supplemented by suitable technical and organizational measures.
Storage period:
We store chat content only for as long as necessary to handle the request, ensure quality, prevent abuse, or troubleshoot. Longer storage occurs only where statutory retention obligations apply or where required to assert or defend legal claims. Telemetry and security data is regularly deleted and retained only to the extent necessary.
Objection / withdrawal:
Where processing is based on Art. 6(1)(f) GDPR, you may object for reasons arising from your particular situation (Art. 21 GDPR). Where consent is applicable, you may withdraw it at any time with effect for the future (Art. 7(3) GDPR). In both cases, use of the chatbot may be limited or no longer possible.
