VYTE LABEL Industries GmbH
GDPR Compliant

Privacy Policy

Transparency matters to us. Learn how we process and protect your personal data on our website and in our B2B portal.

Last updated: Februar / February 2026

GDPR

Compliant

0

Tracking Cookies

EU

Server Location

TLS

Encrypted

1. Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you use our website (vytelabel.com) and/or our B2B customer portal. Personal data is any data that can be used to personally identify you.

2. Responsible Party

The party responsible for data processing on this website is:

VYTE LABEL Industries GmbH
Grethe-Jürgens-Str. 66
30655 Hannover
Deutschland / Germany

For data protection inquiries, please contact us at:
Email: info@vytelabel.com
Phone: +49 (0) 511 - 37 35 46 56

3. Legal Basis for Data Processing

The processing of personal data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR – Consent of the data subject
  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – Compliance with a legal obligation
  • Art. 6(1)(f) GDPR – Legitimate interest (e.g., platform security, fraud prevention)

4. Hosting

This website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel processes technically necessary data (IP address, access time) for providing the website. Vercel is certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection. Additionally, Standard Contractual Clauses (SCC) according to Art. 46(2)(c) GDPR are in place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable website provision).

5. Database

Application data is stored in a PostgreSQL database hosted by Supabase. The database server is located in the AWS region eu-central-1 (Frankfurt, Germany). Your data therefore does not leave the European Union. Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in secure data storage).

6. Cookies

This website uses only technically necessary cookies and a privacy-friendly analytics tool. No tracking or marketing cookies are used. The cookies and technologies used are:

  • Session cookie (for authentication in the B2B portal, NextAuth.js)
  • Language preference (for the selected interface language)
  • Web analytics (Umami): We use Umami as a self-hosted, privacy-friendly analytics tool on our public website. Umami does not set cookies, does not store personal data, and does not create individual user profiles. Only anonymized, aggregated data (page views, time on site, country of origin) is collected.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision of the website and anonymous analysis of website usage to improve our services). A cookie consent banner is not required as no consent-dependent cookies are used.

7. Contact, Inquiries and User Account

On our public website, you can contact us via contact and inquiry forms. The following data is collected: name, email address, phone number (optional), company name, and your message or product inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Our B2B customer portal is a closed system. Access is granted exclusively through an invitation by the administrator. During registration and use of the portal, the following additional data is collected:

  • Company name and company address
  • First and last name of users
  • Email address
  • Phone number (optional)
  • User role within the organization
  • Language preference

Legal basis for portal data: Art. 6(1)(b) GDPR (contract performance). The data is necessary for order processing and portal use.

8. Email Communication

For sending emails (responses to website inquiries, order notifications, status changes, invitations), we use the email service of Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. Data processing takes place exclusively within Germany. Legal basis: Art. 6(1)(b) GDPR (contract performance and pre-contractual measures).

9. File Upload and Storage

Uploaded files (logos, documents, invoices) are stored on Cloudflare R2, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the EU-US Data Privacy Framework. Additionally, Standard Contractual Clauses (SCC) are in place. Legal basis: Art. 6(1)(b) GDPR (contract performance).

10. AI-Powered Features (optional)

The portal offers optional AI-powered features (e.g., order assistant) provided through the APIs of OpenAI, L.P. (USA) and/or Anthropic PBC (USA). When using this feature, order data may be transmitted to these services. Both providers have committed to not using transmitted data for training their models. Standard Contractual Clauses (SCC) according to Art. 46(2)(c) GDPR are in place. Legal basis: Art. 6(1)(a) GDPR (consent) – AI features are optional and can be enabled/disabled by the administrator.

11. Push Notifications

You may voluntarily enable browser push notifications to be informed about status changes. For this purpose, a push subscription token is stored in our database. Notifications are sent via the Web Push API directly from our server without any third-party involvement. You can disable push notifications at any time in your browser settings. Legal basis: Art. 6(1)(a) GDPR (consent).

12. Data Sharing

Your data will only be shared with third parties where necessary for contract fulfillment or where a legal obligation exists:

  • To production facilities (subcontractors) for order processing – transmission of order details, product specifications, and logos where applicable
  • To carriers for delivery notification – transmission of delivery address, contact person, and phone number
  • To tax authorities in accordance with statutory retention obligations

13. Data Transfer to Third Countries

In the context of the data processing described in this privacy policy, personal data may be transferred to recipients in the USA. The following measures ensure an adequate level of data protection:

  • Vercel Inc. (Hosting): EU-US Data Privacy Framework + Standard Contractual Clauses
  • Cloudflare, Inc. (File Storage): EU-US Data Privacy Framework + Standard Contractual Clauses
  • OpenAI, L.P. (AI, optional): Standard Contractual Clauses according to Art. 46(2)(c) GDPR
  • Anthropic PBC (AI, optional): Standard Contractual Clauses according to Art. 46(2)(c) GDPR

14. Your Rights (Art. 15–21 GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority about the processing of your personal data. The competent supervisory authority for us is the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hannover, Germany.

15. Storage Duration and Deletion

Personal data will be deleted as soon as the purpose of storage no longer applies. Statutory retention periods remain unaffected, in particular:

  • Commercial law retention obligation: 6 years (§ 257 HGB)
  • Tax law retention obligation: 10 years (§ 147 AO)
  • Contract data: Until the end of the business relationship plus statutory periods
  • Server logs: Maximum 30 days

16. Data Security

This website uses TLS encryption (HTTPS) for security purposes. All data transmissions between your browser and our server are encrypted. Additionally, we employ technical and organizational measures to protect your data, including encrypted password storage, role-based access controls, and regular security updates.

17. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or service modifications. The current version can always be found on this page.

More Legal Information

Read our Legal Notice and Terms & Conditions as well.

Legal NoticeTerms and Conditions