Privacy

Controller

Legal basis and general processing principles

We process personal data only where this is necessary for communication, pre-contractual steps, contract performance, system security, or compliance with legal obligations.

Processing based on consent is carried out under Art. 6(1)(a) GDPR. Processing for contract performance or pre-contractual steps is carried out under Art. 6(1)(b) GDPR. Processing for legal obligations is carried out under Art. 6(1)(c) GDPR. Where we pursue legitimate interests, the legal basis is Art. 6(1)(f) GDPR.

Access to information stored on terminal equipment is additionally governed by Section 25 TDDDG. Non-essential cookies and comparable technologies are used only after consent.

Your rights

Data subjects have the following rights under the GDPR:

• access to personal data processed under Art. 15 GDPR,
• rectification of inaccurate or incomplete data under Art. 16 GDPR,
• erasure of personal data under Art. 17 GDPR,
• restriction of processing under Art. 18 GDPR,
• data portability under Art. 20 GDPR,
• objection to processing under Art. 21 GDPR,
• withdrawal of consent with effect for the future under Art. 7(3) GDPR.

You also have the right to lodge a complaint with a competent supervisory authority.

Hosting and server log files

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Further information is available in Hetzner's privacy policy: https://www.hetzner.com/legal/privacy-policy/

Server log files may include IP address, access time, requested URL, referrer URL, browser type, operating system, hostname, transferred data volume, HTTP status code, and comparable technical data. Log data is stored only as long as required for delivery, security, error analysis, or abuse prevention.

Contact form and direct contact

If you contact us through the contact form, we process the data entered there. This usually includes name, email address, company, message, and technical metadata of the submission.

The contact form is operated without an external form provider. The website sends the entered data to a same-origin endpoint at /api/contact, hosted on the Tertia/Hetzner server. From there, the message is delivered by email through the Tertia Zoho EU mailbox or Zoho SMTP service.

To protect the contact form against automated abuse, we use Cloudflare Turnstile. The provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Turnstile loads a security script from challenges.cloudflare.com, checks technical browser and interaction signals, and generates a verification token that our server validates with Cloudflare. This processing protects the security, spam resilience, and availability of the form and is based on our legitimate interest under Art. 6(1)(f) GDPR. Further information is available in Cloudflare's Turnstile privacy notice and privacy policy .

Consent management, cookies, and comparable technologies

This website uses Cookiebot by Usercentrics to collect, manage, and document consent choices. The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

You can change or withdraw your consent at any time through the cookie settings below:

Technically necessary cookies or comparable storage may be used for consent management, security, and website operation. Non-essential cookies, local storage, tracking pixels, or comparable technologies are activated only after consent.

Analytics

This website may use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is loaded only after your consent.

External resources, fonts, maps, and media

Fonts are embedded locally via Fontsource. External scripts from Cookiebot by Usercentrics, Google Tag Manager, or Google Analytics may be loaded for consent management and statistics. Cloudflare Turnstile is loaded for technical contact-form protection.

LinkedIn links

This website may link to LinkedIn. This is only an external link. No LinkedIn tracking pixel and no LinkedIn Insight Tag are integrated.

Customer inquiries and project processing

If an inquiry becomes a contractual relationship, we also process customer, contact, project, billing, and communication data where necessary for proposal preparation, project implementation, documentation, handover, invoicing, and support.

Tertia Assistant and website chat

This website may provide an AI-supported Tertia Assistant. The assistant answers questions about Tertia, services, industries, process, privacy, and contact based on approved website and knowledge content. Use of the assistant is voluntary.

When you use the assistant, we process the entered message, the current chat context, the generated answer, sources used, technical metadata such as timestamp, page context and request ID, and security-relevant server log data. We do not create long-term user profiles. The session is processed only in pseudonymized or hashed form.

For answer generation, inputs, conversation context, and relevant excerpts from approved sources may be transmitted to AI API service providers. This may currently include the API of OpenAI Ireland Ltd. or affiliated OpenAI companies. According to OpenAI's API terms, API inputs and outputs are not used to train models unless this is explicitly enabled. OpenAI may process API data for a limited period for service provision, security, and abuse prevention.

The legal basis is Art. 6(1)(f) GDPR, our legitimate interest in user-friendly answers to website questions, quality assurance, security, and abuse prevention. If a request concerns pre-contractual steps, Art. 6(1)(b) GDPR may also apply.

Chat logs are stored only as long as necessary for operation, error analysis, quality assurance, and abuse prevention, and are deleted regularly. Please do not enter confidential information, special categories of personal data under Art. 9 GDPR, or credentials into the chat. The assistant does not make automated decisions within the meaning of Art. 22 GDPR and does not replace legal, tax, or medical advice.

AI-supported automation systems

Tertia develops AI-supported automation and assistance systems for clients. No AI-supported analysis of website visitors takes place on this website.

Which providers, models, infrastructure components, or automation services are used in a customer project is agreed and documented project by project.

Processors and service providers

We may use service providers for hosting, form processing, email, project management, accounting, development, and security. Where required, we conclude data processing agreements with these service providers.

• Hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
• Contact form: same-origin endpoint on the Tertia/Hetzner server, email delivery through Zoho Mail/SMTP.
• Form security: Cloudflare Turnstile by Cloudflare, Inc.; technical bot-protection check for the contact form.
• Website chat and AI API: OpenAI Ireland Ltd. or affiliated OpenAI companies, where the Tertia Assistant or customer projects use OpenAI API services.
• Consent management: Cookiebot by Usercentrics, Usercentrics A/S, Copenhagen.
• Analytics: Google Analytics 4 by Google Ireland Limited; only after consent.

Technical and organizational measures

We take technical and organizational measures to protect personal data against loss, destruction, alteration, unauthorized access, and unauthorized disclosure. Depending on the processing, these include TLS encryption, access restrictions, role-based permissions, secure transfer of credentials, backups, logging, and documentation.