Privacy Policy

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

Mark Hollering
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Germany

Email: contact@patchmygear.com

(“we”, “us”)

This privacy policy applies to the website:

PatchMyGear – patchmygear.com
(hereinafter referred to as the “Website”).

2. General information on data processing

We process personal data of our users only insofar as this is necessary to provide a functional Website as well as our content and services, or if you have given us your consent.

The processing of personal data is carried out in accordance with the provisions of the GDPR and the applicable national data protection laws (in particular the German Federal Data Protection Act – BDSG, if applicable).

Legal bases

Unless stated otherwise in this privacy policy, we rely in particular on the following legal bases:

Art. 6(1)(b) GDPR
Processing for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (for example, when you contact us to request an offer).

Art. 6(1)(f) GDPR
Processing based on our legitimate interests, e.g. ensuring a secure, stable and user-friendly provision of the Website, as well as minimal, privacy-friendly web analytics.

Art. 6(1)(a) GDPR
Where we request your consent for specific processing operations (e.g. optional tools), the processing is based on that consent.

3. Hosting of the Website (Vercel)

Our Website is hosted by:

Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
USA
(“Vercel”) Vercel Inc.

When you visit our Website, personal data (such as your IP address and browser information) are processed on Vercel’s servers.

We have concluded a data processing agreement (DPA) with Vercel pursuant to Art. 28 GDPR, under which Vercel acts as our processor and is contractually obliged to process personal data only in accordance with our instructions and in compliance with the GDPR.

Third-country transfers (USA) & EU–US Data Privacy Framework

As Vercel is based in the USA, a transfer of personal data to the United States cannot be excluded. Vercel participates in the EU–US Data Privacy Framework (DPF). On this basis, the European Commission has adopted an adequacy decision pursuant to Art. 45 GDPR, confirming that, for certified companies, the USA provides an adequate level of data protection comparable to that in the EU.

Further information on data protection at Vercel can be found in Vercel’s Privacy Policy:
https://vercel.com/legal/privacy-policy

We use Vercel on the basis of our legitimate interest in a secure, efficient and scalable provision of our Website (Art. 6(1)(f) GDPR).

4. Access data and server log files

When you access our Website, your browser automatically transmits information to our hosting provider’s server, which is stored temporarily in server log files. This may include:

• IP address of your device
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Accessed page / file and amount of data transferred
• Message whether the request was successful (HTTP status code)
• Referrer URL (the previously visited page)
• Browser type and version
• Operating system and its interface

These data are processed for the following purposes:

• Ensuring a smooth connection to the Website
• Ensuring comfortable use of our Website
• Evaluation of system security and stability
• Technical administration of the hosting environment

The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above.

Log files are deleted after an appropriate retention period, unless a longer storage is required for evidentiary purposes (e.g. in case of misuse or fraud), in which case the data are deleted after the incident has been conclusively clarified.

5. Contact via email or contact form

If you contact us by email or via a contact form on the Website, we process the personal data you provide (e.g. name, email address, content of the message) in order to handle your enquiry and any follow-up communication.

Purpose: Handling and replying to your enquiry, and any subsequent communication.

Legal basis:

• Art. 6(1)(b) GDPR, where your enquiry is related to (pre-)contractual measures.
• Art. 6(1)(f) GDPR in all other cases (our legitimate interest in processing and answering enquiries).

We will delete the data arising in this context after storage is no longer necessary for the respective purpose (e.g. once your enquiry has been fully answered), unless statutory retention obligations require a longer storage period.

6. Web analytics with Vercel Web Analytics

We use Vercel Web Analytics, a service provided by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA.

How Vercel Web Analytics works and which data are processed

Vercel Web Analytics enables us to analyse how our Website is used and to improve it. The service is designed to be privacy-friendly and does not use cookies:

• No third-party cookies are set.
• Instead, visitors are distinguished using a hash generated from the incoming request.
• This hash is only used to distinguish page views within a single session of up to 24 hours; afterwards, the underlying session data are discarded.

With each page view, the following data may be processed as anonymised or pseudonymised usage data:

• Accessed URL and dynamic paths
• Referrer URL (the website you visited before ours)
• Query parameters (insofar as not filtered or shortened by us)
• Timestamp of the page view
• Rough geolocation (e.g. country, region, city)
• Device type (desktop, tablet, mobile)
• Operating system and version
• Browser type and version

According to Vercel, the data are used only to provide aggregated statistics and do not enable the reconstruction of full individual browsing sessions across different websites.

No transmission of plain personal identifiers

We configure Vercel Web Analytics so that no plain personal identifiers (such as names, email addresses, concrete user IDs, order numbers, tokens, etc.) are transmitted in URLs or custom events. Where necessary, we use mechanisms to redact or filter sensitive parameters before data are sent to Vercel.

Legal basis

We use Vercel Web Analytics on the basis of our legitimate interest in accordance with Art. 6(1)(f) GDPR. This interest lies in the statistical analysis of the use of our Website in order to optimise its content, functions and user experience, while avoiding invasive tracking methods and third-party cookies.

Due to the privacy-friendly design (no cookies, short retention period, no cross-site profiling), we consider that no overriding interests of the data subjects oppose this processing.

Objection options (browser / system-level)

You can to some extent object to analytics and profiling in your browser by:

• enabling “Do Not Track” (DNT) in your browser settings; or
• using technical measures such as content blockers.

If we provide a specific opt-out option for Vercel Web Analytics on our Website in the future, we will inform you about it here.

7. Use of cookies

At present, we do not use non-essential cookies for analytics or marketing purposes on our Website.

Technically necessary cookies (e.g. to display the Website correctly or to store your session preferences) may be used without your consent. The legal basis in such cases is Art. 6(1)(f) GDPR in conjunction with Section 25(2) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), where applicable (our legitimate interest in the technically error-free and optimised operation of the Website).

Should we introduce additional cookies or similar technologies for analytics or marketing purposes in the future, we will inform you via an appropriate cookie / consent banner and – where required – obtain your consent beforehand (Art. 6(1)(a) GDPR, Section 25(1) TTDSG).

8. Recipients of personal data / processors

To provide this Website and the related functionality, we may engage external service providers in addition to Vercel (e.g. email providers, IT service providers). These service providers process personal data exclusively on our behalf and on the basis of a data processing agreement in accordance with Art. 28 GDPR.

We only disclose personal data to other recipients if:

• this is necessary for the performance of a contract with you (Art. 6(1)(b) GDPR),
• we are legally obliged to do so (Art. 6(1)(c) GDPR), or
• you have given your consent (Art. 6(1)(a) GDPR).

9. Storage periods

Unless a more specific storage period is stated in this privacy policy, we store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations.

Once the processing purpose ceases to apply or statutory retention periods expire, the personal data will be deleted or anonymised in accordance with the legal requirements.

For Vercel Web Analytics, the underlying session data are discarded after a maximum of 24 hours. We only have access to aggregated statistics, not to individual session logs.

10. Your rights as a data subject

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)
  You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to those data and further information.
• Right to rectification (Art. 16 GDPR)
  You have the right to obtain the rectification of inaccurate personal data and to have incomplete data completed.
• Right to erasure (Art. 17 GDPR)
  You have the right to obtain the erasure of personal data concerning you, unless statutory retention obligations or other legal grounds require further storage.
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
  Where we process data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object, on grounds relating to your particular situation, at any time to such processing. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
• Right to withdraw consent (Art. 7(3) GDPR)
  Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future.

To exercise your rights, you can contact us at any time:
contact@patchmygear.com

11. Right to lodge a complaint with a supervisory authority

If you believe that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).

12. Obligation to provide personal data

Some personal data are technically or contractually necessary for the operation of our Website and for handling your enquiries (e.g. IP address, browser data, contact details). Without this data, we may not be able to provide you with all features of the Website or respond to your requests.

13. Automated decision-making / profiling

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

14. Data security (TLS / SSL encryption)

We use TLS / SSL encryption on our Website to protect the transmission of confidential content (for example, enquiries that you send to us). You can recognise an encrypted connection by the character string “https://” and the lock symbol in the address bar of your browser.

15. Changes to this privacy policy

We may update this privacy policy in the future, for example if we implement new services or functionalities on the Website or if the legal framework changes.

You can access the current version of this privacy policy at any time at:
https://patchmygear.com/privacy

Last updated: December 3, 2025