Privacy Policy

1. General Information

Simic Labs UG (haftungsbeschränkt) takes the protection of personal data seriously. We process personal data only where this is necessary, lawful, and proportionate in connection with the operation of this informational website.

This website provides general information about Simic Labs, our business activities, technical focus, and product information. No products, subscriptions, user accounts, payment functions, newsletters, comment systems, client portals, or online shops are provided directly through this website.

This Privacy Policy applies only to this website. If this website links to external websites, the privacy policies and terms of those third-party websites apply.

2. Controller

The controller responsible for data processing on this website is:

Simic Labs UG (haftungsbeschränkt)
Sievekingsallee 169D
22111 Hamburg
Germany

Email: info@simiclabs.io
Phone: +49 40 8835 8393

Further company and legal information can also be found in our Imprint.

3. Data Protection Officer

We are not legally required to appoint a Data Protection Officer.

For privacy-related questions, requests, or concerns, please contact us at: info@simiclabs.io.

4. Processing When Visiting This Website

When you access this website, technical information is automatically transmitted by your browser to the web server. This is technically necessary to display the website, maintain stability and security, diagnose technical errors, and protect the website against misuse or attacks.

The following data may be processed in server access and error logs:

• requested page or file;
• date and time of access;
• transferred data volume;
• referrer URL, if transmitted by your browser;
• browser type and browser version;
• operating system;
• IP address or anonymised IP address;
• HTTP status code;
• technical error information, if applicable.

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest is the secure, stable, and technically correct operation of this website, including error analysis, abuse prevention, and protection against attacks.

Server log data is not used to identify individual visitors, is not combined with other data sources, and is not used for marketing, profiling, analytics, or behavioural tracking.

5. Hosting

This website is hosted by:

checkdomain GmbH
Große Burgstraße 27/29
23552 Lübeck
Germany

The hosting provider processes technical data required to provide, secure, and maintain this website. This may include server access logs, error logs, and other technical data required for hosting operations.

Processing by the hosting provider is carried out for the purpose of providing this website and maintaining its security, availability, and performance. The legal basis is Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with checkdomain GmbH in accordance with Art. 28 GDPR.

Further information about the hosting provider’s privacy practices can be found here: Checkdomain Privacy Policy .

6. Contact by Email or Contact Form

If you contact us by email or through a contact form, where available, we process the information you provide in order to respond to your inquiry.

This may include:

• your name, if provided or required in the contact form;
• your email address;
• your company name, if provided;
• your message content;
• any additional information you voluntarily provide.

If a contact form is provided, the mandatory fields are marked accordingly. Required fields are necessary so that we can process and respond to your inquiry. If you do not provide the required information, we may not be able to respond to your request.

The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in responding to inquiries. If your inquiry relates to a potential contractual relationship or pre-contractual communication, the legal basis may also be Art. 6(1)(b) GDPR.

We use contact data only to process and respond to your inquiry. We do not use contact inquiries for newsletter marketing, automated profiling, or unsolicited advertising.

7. Cookies and Local Storage

This website does not intentionally use non-essential cookies, analytics cookies, advertising cookies, tracking cookies, marketing pixels, or comparable tracking technologies.

We do not currently use a cookie banner because this website does not intentionally set cookies or use comparable technologies that require consent.

Where technically necessary cookies or comparable storage mechanisms are used by the website infrastructure — for example, a PHP session cookie (PHPSESSID) on the contact page to maintain form state and validate the security captcha during submission, or comparable CSRF tokens, security cookies, or load-balancing cookies — they are used only where strictly necessary to provide a function requested by the user or to operate the website securely. The legal basis for any related personal data processing is Art. 6(1)(f) GDPR. Access to or storage of information on the user's device is based on § 25(2) TDDDG where such access or storage is strictly necessary.

If we introduce non-essential cookies, analytics tools, embedded third-party services, or similar technologies in the future, this Privacy Policy will be updated accordingly and, where required, consent will be requested before such technologies are used.

8. No Analytics, Tracking, or Profiling

This website does not use Google Analytics, Matomo, Facebook Pixel, LinkedIn Insight Tag, remarketing tools, advertising trackers, heatmaps, session recording, fingerprinting, or comparable analytics and tracking technologies.

We do not create visitor profiles, do not monitor individual user behaviour across websites, and do not use website visit data for targeted advertising.

9. Fonts, Icons, Scripts, and Embedded Resources

This website loads all fonts, icons, stylesheets, scripts, and other technical assets locally from our own website infrastructure. No assets are loaded from external content delivery networks or third-party servers.

This website does not intentionally load Google Fonts, analytics scripts, advertising scripts, or social media widgets from external third-party servers.

10. No Embedded Social Media Widgets

This website does not currently use embedded social media widgets such as Facebook Like buttons, LinkedIn Share widgets, X/Twitter buttons, Xing buttons, or similar third-party plugins that automatically transmit visitor data to social media providers.

If this website contains links to social media profiles or third-party websites, no data is transmitted to those third parties by merely visiting this website. Data may only be processed by the third-party provider if you actively click such a link and access the external website.

11. External Links

This website may contain links to external websites operated by third parties. We have no control over the content, privacy practices, security, or data processing activities of those external websites.

When you leave this website by clicking an external link, the privacy policy of the respective external website applies.

12. Data Recipients

Personal data processed in connection with this website may be received by:

• our hosting provider, where technically necessary to provide and secure the website;
• technical service providers, where required for maintenance, security, or troubleshooting;
• public authorities or legal advisers, where disclosure is required by law or necessary to protect legal rights.

We do not sell personal data and do not share website visitor data with advertisers, analytics providers, data brokers, or social media platforms.

13. International Data Transfers

We do not intentionally transfer website visitor data to countries outside the European Union or the European Economic Area for analytics, advertising, tracking, or profiling purposes.

If data transfers to third countries become necessary in the future, such transfers will take place only where permitted under applicable data protection law and subject to appropriate safeguards where required.

14. Retention Periods

Personal data is stored only for as long as necessary for the purpose for which it was collected or where statutory retention obligations apply.

IP addresses in server access logs are deleted or anonymised after no more than 7 days, unless longer retention is required in an individual case to investigate security incidents, misuse, technical faults, or legal claims.

Server error logs may be retained for technical troubleshooting and security purposes and are deleted once they are no longer required, unless longer retention is necessary for the investigation of a specific incident.

Contact inquiries are retained for as long as necessary to process the inquiry and any follow-up communication. Where statutory retention obligations apply, data may be retained for the legally required period.

15. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

This website uses HTTPS/TLS encryption. You can recognise an encrypted connection by the lock symbol in your browser and by the use of “https://” in the address bar.

Please note that data transmission over the internet, including communication by email, may still have security vulnerabilities. Complete protection against access by third parties cannot be guaranteed.

16. Your Rights

Subject to the applicable legal requirements, you have the following rights under the GDPR:

• right of access to your personal data;
• right to rectification of inaccurate personal data;
• right to erasure of personal data;
• right to restriction of processing;
• right to data portability;
• right to object to processing based on legitimate interests;
• right to withdraw consent, where processing is based on consent;
• right to lodge a complaint with a competent data protection supervisory authority.

To exercise your rights, please contact us at: info@simiclabs.io.

17. Right to Object

Where we process personal data based on Art. 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation.

If you object, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing serves the establishment, exercise, or defence of legal claims.

18. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection law.

The competent supervisory authority for Simic Labs UG (haftungsbeschränkt) is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
Phone: +49 40 428 54-4040
Email: mailbox@datenschutz.hamburg.de
Website: https://datenschutz-hamburg.de/

19. No Automated Decision-Making

We do not use personal data collected through this website for automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

20. Children

This website is intended for general business and informational purposes and is not directed at children. We do not knowingly collect personal data from children through this website.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or organisational changes. The version published on this page applies at the time of your visit.

Last updated: April 2026