SVA places highest priority on the protection of the personal data of their employees, prospective and existing customers, partners, and website visitors. In doing so, SVA strictly observes compliance with the principles of processing personal data, ensuring at all times lawful processing. Data protection is but one building block in our company, forming, amongst further compliance requirements, the ethical guardrails for all activities undertaken in our organization.

To guarantee our transparency principle, by which we wish to present to you all data protection information in a clear and comprehensible manner, we have subdivided this information into different subject areas.

For reasons of linguistic simplification, we have decided to use the generic masculine on subsequent pages. We consider this linguistic form to be gender neutral and unbiased.

Privacy Notice: Information and Structure

This data protection declaration serves the purpose of informing you of the kind of personal data we, SVA System Vertrieb Alexander GmbH (hereinafter ‘we’ or ‘us’), collect and process, for which reasons and to what extent.

Therefore, please take sufficient time to read the following information. Your personal rights are of utmost priority for us, and we endeavor, to the best of our knowledge and belief, to protect these rights. We process your personal data in accordance with the European Data Protection Regulations (Regulations (EU) 2016/679; hereinafter: ‘GDPR’) and the German Federal Data Protection Act (hereinafter: ‘BDSG’). Personal data is always adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Furthermore, please be advised that in this data protection declaration we clearly outline which personal data is transferred to other parties. All implemented technologies used on this website for the processing of data, such as plugins, tools, etc. are featured in this declaration.

Our data protection declaration is divided into several chapters with sub-chapters. This facilitates orientation and makes information easier to find.

By use of the latest technologies and the continuous further development of this website, as well as by changes to our service portfolio, e.g. when introducing new services, changes to this privacy notice may also become necessary. Thus, it is advisable and recommendable to familiarize yourself with the current version of this data protection declaration by regular visits to and whenever accessing our website.

All terms contained in this Privacy Notice have the meaning as defined in the current version of the GDPR and/or any subsequent regulation.

‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). (Art. 4(1) GDPR).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings may also contain personal data). (Art. 4(1) GDPR)
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. (Art. 4(2) GDPR)
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. (Art. 4(7) GDPR)
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data. (Art. 4(10) GDPR)
‘Processor’ is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service providers or data hosting providers). In terms of data protection legislation a processor is explicitly not a third party, but rather to be regarded as part of the controller’s organization, as there is direct authority to issue instructions regarding the processing of personal data and very strict legal framework conditions must be observed. (Art. 4(8) GDPR)
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. You will not suffer any disadvantages if you withdraw your consent. (Art. 4(11) GDPR)

Additional Definitions of Terms:

GDPR: The General Data Protection Regulation (GDPR) is a European regulation that governs the protection of personal data. It applies to all companies and organizations in the EU, as well as those outside of the EU which process data of European citizens. The GDPR therefore offers uniform protection of the personal data of all EU citizens.
BDSG (new): The Federal Data Protection Act (BDSG) is the German law that supplements the (EU) GDPR and sets out specific regulations for Germany. It determines how data may be processed and includes additional provisions.
TDDDG: The Telecommunications Digital Services Data Act (TDDDG). It contains provisions on telecommunications secrecy as well as regulations regarding the protection of personal data when using telecommunications and digital services.

The status of the privacy policy is 17.09.2025.

1. Contact data for the Data Controller, the Data Protection Officer, and the Data Protection Team

1.1. Contact Information: Controller

SVA System Vertrieb Alexander GmbH

Borsigstraße 26, 65205 Wiesbaden, Germany

Telephone: +49 (0)6122 536-0

Telefax: +49 (0)6122 536 399

E-Mail: mail@sva.de

Executive Management: Philipp Alexander, Sven Eichelbaum

1.2. Contact Information: Data Protection Officer

Data Protection Officer

SVA System Vertrieb Alexander GmbH

Borsigstraße 26, 65205 Wiesbaden, Germany

Telephone: +49 (0)6122 536-0

E-Mail: dsb@sva.de

1.3. Contact Information: Data Protection Department

Data Protection Department

SVA System Vertrieb Alexander GmbH

Borsigstraße 26, 65205 Wiesbaden, Germany

Telephone: +49 (0)6122 536-0

E-Mail: datenschutz@sva.de

2. Collection and Storage of Personal Data as well as the Nature and Purpose of Processing

2.1. Visiting this Website

In brief:

You may visit this website without providing personal details. During your visit, we will only store access data.

Processing Purpose:

We, as website operators, collect this data to properly provide this website, to detect attacks, and to protect us against them.

Personal data processed by SVA is:

Amongst other:

Browser type und browser version
Operating system used
The website you are visiting us from
This website’s visited subpages
Server request date and time
IP address

Storage duration for personal data:

We store your personal data until the purpose for which it was collected no longer applies. This generally is the case for 7 days at the longest.

Legal basis for processing:

When visiting our website, we process your personal data on the following legal basis:

Art. 6 para. 1 point (f) GDPR
“… processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data…”

The pursued (legitimate) interest in the processing of personal access data, derives from the above-mentioned purposes for the technologically secure and proper operation of the website.

Recipients:

Your data will not be transferred to any further recipients.

Transfer to third countries:

A transfer to a third country does not take place.

3. Data Transfer Security

Our website and other systems are secured by appropriate technical and organizational measures against loss, destruction, access, as well as modifications or the processing of your personal data by unauthorized people (e.g. by TLS encryption of our website). Our security measures comply with all legal stipulations and are continuously improved according to technological developments in order to guarantee an adequate level of security that is commensurate with the risk. Thus, your personal data is protected as securely as possible during the whole processing procedure (e.g. by firewalls, anti-virus systems, fail-safe power supply etc.).

We implement data protection through technical design and data protection-friendly default settings geared to the customary business industry standards such as ISO 27001.

This website uses ‘cookies’. Cookies are small text files consisting of letters and numbers which are sent to your browser and stored in your terminal equipment whenever you visit a website. When visiting our website, and any time thereafter, you can decide whether you wish to generally accept the setting of cookies, or which individual, additional functions to choose from. Changes can be made in your browser settings or via our cookie banner. A cookie typically contains the domain name from which the cookie originates, the ‘lifespan’ of the cookie, and a unique identifier.

Some cookies serve the purpose of making the website operational for the user’s visit. The type of cookie used is the technically required cookie that, according to § 25 para. 2 no. 2 TDDDG, may be set even without consent. The technical structure of the website requires the implementation of technologies such as these cookies. Without them, the website cannot be displayed correctly, or the support functions cannot be enabled. These cookies cannot be deselected, if you wish to use our website.

Furthermore, cookies enable a personalization of the website, facilitate the utilization of our website, as well as evaluate the collected usage data for the improvement of our online services. According to § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 point (a) GDPR, this type of cookie may only be used with effective consent under data protection law.

Subject to your prior consent, the following types of cookies are implemented on this website:

Session Cookies:
So-called session cookies are temporarily set cookies which remain in the browser’s cookie file until the user leaves the website. They contain a so-called session ID. This allows for the bundling of different requests under one shared session, and your computer can be recognized when you return to the website. Session cookies are especially required for the user to operate the website and possibly carry out registrations, logons, or place orders with it. Session cookies are deleted automatically once the browser session has ended.
Persistent Cookies:
These remain in the browser’s cookie file for a longer time. The period depends on the lifespan of the specific cookie. It can be of unlimited duration, and thus extends until deletion. Persistent cookies enable the website to remember the user’s selection (e.g. user registration data, his chosen language or region of his location).

Categories of cookies implemented by us:

First Party Cookies:

These cookies, called first party cookies, are generated by the actively visited website and can be used by us as website operators, for example to personalize content.

Third Party Cookies:

These cookies originate from third party providers and are activated by using third party services. A transfer to third parties (e.g. to the provider in question) does indeed take place, however, only after your prior consent.

Cookie Banner or Consent Manager:

To obtain the consent required according to § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 sentence 1 point (a) GDPR, we use a so-called consent management tool. As part of our consent management (‘cookie banner’) we offer you, at all times, the opportunity of differentiated choice in terms of website cookie setting preferences; we also offer more detailed information on cookies used.

In case you do not wish to accept cookies, you can also reject these without using the consent management tool, by setting up your Internet browser accordingly.

5. Tools and Plugins Used on Our Website

In brief:

Integrated into our website are services by third party providers or analytical services. Thus, we are legally bound to implement a cookie banner. Implementation of a cookie banner is necessary so that we only set the technically necessary cookies automatically and add the integrated external service providers (third party providers) or analytical services after your express consent.

Processing purpose:

Obtaining consent and creating transparency when implementing cookies.

Personal data processed by SVA:

Consent data

When visiting our website, the implemented cookie banner establishes contact with the servers. By approving third party cookies, you are giving consent, which is also documented. The cookie banner allows our website users to give consent to specific data processing operations or to withdraw previously given consent. Settings chosen will be stored in your browser until changed by you personally in the cookie banner. This can be done by you at any time by clicking on the icon and changing your preferences.

Storage duration for personal data:

Collected data is stored until you personally delete the cookie.

Legal basis for processing:

When obtaining consent via the cookie banner, we process your data on the following legal basis:

Art. 6 para. 1 point (c) GDPR
“… processing is necessary for compliance with a legal obligation to which the controller is subject…”
§ 25 para. 1 TDDDG
“… storing information in the end user’s terminal equipment or accessing information already stored in the terminal equipment is only permitted if the end user has consented based on clear and comprehensive information…”

Recipients:

Provider of the cookie banner

Transfer of Data to Third Countries:

A transfer to third countries does not take place.

5.2. Analysis of your user behavior / statistics

5.2.1. Matomo (self-hosted) – Analyzing your browsing behavior

In brief:

We use the tool Matomo in the ‘cookieless’ variant to collect and analyze information on your user behavior when using our website.

Processing purpose:

Analysis helps us to understand which pages on our website are called up most frequently.

Personal data processed by SVA:

IP addresses: These are shortened so that exact localization becomes impossible.
User data: This includes information such as the time of usage, terminal equipment data (e.g. operation system, browser, resolution) and all pages called up.

Storage duration of personal data:

No personal data storage takes place.

Recipients:

SVA is independently responsible for hosting. We do not use any external service providers for this.

Transfer to third countries:

A transfer to a third country does not take place.

5.3. Media

In brief:

Various media content is offered on our website to give you the opportunity of viewing and listening to interesting content.

Processing purpose:

Providing media content.

5.3.1. Youtube

After giving us your consent in our cookie banner, we use Youtube with extended data protection on this website. Youtube’s extended data protection mode, according to Youtube, does not store any website visitor information before the (embedded) video is played. It is possible that further data processing and data transferring activities occur by further third-party providers, as soon as the embedded video is started on this website. Also, Youtube can store various cookies or implement recognition technology on your device (e.g. fingerprinting).

We have no influence on this and cannot prevent it.

Please query Youtube on their handling of your personal data.

Provider.

The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Legal basis for processing:

In the context of media provision, we process your personal data on the following legal basis:

Art. 6 para. 1 point (a) GDPR
“… the data subject has given consent to the processing of his or her personal data for one or more specific purposes…”
§ 25 para. 1 TDDDG
“… storing information in the end user’s terminal equipment or accessing information already stored in the terminal equipment is only permitted if the end user has consented based on clear and comprehensive information…”

Of course, you have the right to withdraw your consent at any time, pertaining to and prevent future processing.

5.4. Marketing

5.4.1. Google Ads

In brief:

We use Google Ads to strategically and selectively place advertisements in Google Search and analyze their effectiveness. This allows us to track which ads have led to visits to our website and carry out an evaluation of the advertising costs.

Processing purpose:

The analysis helps us understand which pages on our website are accessed through advertising measures.

Personal data processed by SVA:

IP addresses
Usage data: This includes information such as the time of use, data regarding the device (e.g., operating system, browser, resolution), and the pages visited.

Storage duration for personal data:

Cookie lifespan: Up to 90 days (this only applies to cookies placed via our website).

Legal basis for processing:

When providing media content, we process your personal data on the following legal basis:

Art. 6 para. 1 point (a) GDPR
“… the data subject has given consent to the processing of his or her personal data for one or more specific purposes…”
§ 25 para. 1 TDDDG
“… storing information in the end user’s terminal equipment or accessing information already stored in the terminal equipment is only permitted if the end user has consented based on clear and comprehensive information…”

Of course, you have the right to withdraw your consent at any time, pertaining to and prevent future processing.

Recipients:

Google Ireland Ltd., Ireland

Transfer to third countries:

There will be no transfer to a third country on our part.

6. Your rights

The protection of personal data of individuals within the EU is considered the highest priority of the GDPR. The GDPR not only guarantees the protection of this sensitive data but also strengthens the rights of data subjects as a result. Articles 12 et. seq. GDPR list the rights that data subjects have regarding the processing of their data:

6.1. Right of access

You, as the data subject, have the right to demand confirmation from the controller as to the processing of personal data concerning you. Where that is the case, you may have access to the personal data and the information itemized under Article 15 GDPR.

6.2. Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data and to demand the completion of incomplete personal data (Article 16 GDPR).

6.3. Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds of Article 17 apply, for example if the personal data is no longer necessary for the specific purpose (Right of Erasure and ‘to be forgotten’).

6.4. Right to restrict processing

You have the right to obtain from the controller restriction of processing where one of the conditions featured in Article 18 GDPR applies, for example if you have objected to the processing and until it has not yet been determined whether the legitimate interests of the controller outweigh your interests.

6.5. Right to data portability

According to Article 20 GDPR, you have the right to obtain your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from the controller (right to data portability).

6.6. Right of withdrawal

Where you have given your consent to the processing of your data in accordance with Article 6(a), 9(2)(a) of the GDPR and Paragraph 25(1) of the TDDDG, you have the right to withdraw said consent at any time. This does not affect the lawfulness of the processing carried out before withdrawal (Art. 7 para. 3 GDPR). You can exercise your right of withdrawal, for example, by sending an email to app-support@sva.de.

6.7. Right to lodge a complaint

You have also the right to complain with a supervisory authority without prejudice to any other administrative of judicial remedy, if you have reason to believe that the processing of your personal data violates GDPR (Article 77 GDPR). You can assert your right with a supervisory authority in the member state of your residence, your workplace, or place of the alleged infringement. The competent authority for SVA is:

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163, 65021 Wiesbaden

Telephone: +49 (0)611 1408 – 0
E-mail: poststelle@datenschutz.hessen.de

6.8. Right to object

Insofar as we are processing your personal data on the basis of a legitimate interest in accordance with Article 6 para 1 point (f) GDPR, you have the right, according to Article 21 GDPR, to object to the processing of your personal data, on grounds relating to your particular situation. Subsequently, the controller no longer processes the data, unless the controller can present compelling legitimate reasons for their processing which outweigh your interests, rights and freedoms, or unless the processing serves the purpose of asserting, exercising, or defending legal claims (Article 21 GDPR).

Enforcement of your rights: Data subjects can choose freely through which telecommunications channel they submit their request. If the request is made electronically (e.g. via email), the response will also be provided electronically, usually via E-mail.