Privacy policy
Last updated: January 13th 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
SciePro Distribution GmbH
Zum Exerzierhaus 15
14469 Potsdam
Germany
Email: support@sciepro.com
We have not appointed a Data Protection Officer, as this is not legally required for our processing activities.
2. Scope and Legal Basis of Processing
This Privacy Policy explains how we process personal data when you visit our website, create an account, purchase licenses, subscribe to our services, or contact us. “Personal data” means any information relating to an identified or identifiable natural person.
We process personal data only where permitted by law. Depending on the context, the legal basis for processing is your consent under Article 6(1)(a) GDPR, the performance of a contract or pre-contractual measures under Article 6(1)(b) GDPR, compliance with a legal obligation under Article 6(1)(c) GDPR, or our legitimate interests under Article 6(1)(f) GDPR, provided that your interests or fundamental rights do not override those interests.
Where we rely on your consent, you may withdraw it at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
3. Website Access, Server Logs, Hosting and Content Delivery
When you access our website, our servers and service providers automatically process technical data transmitted by your browser in order to display the website and ensure its security and stability. This includes your IP address, date and time of access, requested URL, referrer URL, browser type and version, operating system, and similar technical information.
Our website and infrastructure are hosted on DigitalOcean and Amazon Web Services (AWS). We also use Bunny.net as a content delivery network (CDN) to deliver website assets efficiently. These providers process the above technical data on our behalf as processors. We have concluded the necessary data processing agreements and implemented appropriate technical and organisational measures to protect personal data.
This processing is necessary to provide the website, to prevent misuse, to investigate technical issues, and to maintain IT security. The legal basis is Article 6(1)(f) GDPR.
4. Cookies, Similar Technologies and Consent Management (Klaro)
Our website uses cookies and similar technologies to provide essential functions and, where you consent, to measure and analyse usage and manage website tags. Under German law (TTDSG) and EU law, storing information on your device or accessing information from your device generally requires your prior consent unless the cookie is strictly necessary to provide a service you have explicitly requested.
We use Klaro as a consent management tool. Klaro allows you to grant, refuse, and withdraw consent for non-essential cookies and comparable technologies. It also records your choice in order to document consent and to apply your preferences on future visits.
The legal basis for documenting your consent is Article 6(1)(c) GDPR in conjunction with the applicable legal obligations, and otherwise Article 6(1)(f) GDPR, as we have a legitimate interest in operating a compliant and transparent consent system.
You can change your cookie settings at any time via the consent settings on our website.
5. Google Analytics 4 and Google Tag Manager
If you give your consent, we use Google Analytics 4 (GA4) to analyse the use of our website and improve our services. We also use Google Tag Manager (GTM) to manage website tags. GTM itself does not usually create user profiles; it functions as a technical container that loads tools depending on your consent settings. However, the tools deployed through GTM may process personal data.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and where applicable Google LLC, USA. GA4 may process online identifiers such as IP addresses, device and browser information, pages viewed, interactions, approximate location derived from IP, and related analytics data. We use IP anonymisation and consent-based data collection where available.
The legal basis for the use of GA4 and GTM for non-essential purposes is your consent under Article 6(1)(a) GDPR and the applicable cookie laws. If you do not consent, these tools will not be used for analytics or marketing purposes.
Google may process data in the United States. Data transfers may be based on the EU-US Data Privacy Framework where the recipient is certified and or on Standard Contractual Clauses together with supplementary safeguards. You may withdraw your consent at any time via the consent settings with effect for the future.
6. Accounts, Purchases, Subscriptions and Contract Performance
If you create an account, purchase a license, or subscribe to our services, we process the personal data required to provide the requested service and manage the contractual relationship. This includes your name, email address, password hash, billing and company information, VAT ID if applicable, order history, subscription status, and related account data.
The legal basis for this processing is Article 6(1)(b) GDPR. Where we are legally required to retain certain data, for example for tax or commercial law purposes, the legal basis is Article 6(1)(c) GDPR.
7. Payments
Payments are processed by external payment service providers. The provider used for your transaction depends on the payment method you select and will be shown to you during checkout. The provider receives the data necessary to execute the payment, such as your name, billing information, transaction amount, and payment instrument details, and may perform fraud prevention checks.
We do not store full payment card details on our systems. Payment processing is based on Article 6(1)(b) GDPR and, where applicable, Article 6(1)(f) GDPR for fraud prevention and secure transaction handling.
8. Email Communication, Newsletter and Marketing Emails (MailerLite)
We use MailerLite to send transactional emails such as order confirmations, invoices, and account notifications, as well as newsletters and promotional communications if you have subscribed.
Transactional emails are processed on the basis of Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, as we have a legitimate interest in efficient customer communication. Newsletters and marketing emails that require consent are processed on the basis of Article 6(1)(a) GDPR.
You may unsubscribe from marketing emails at any time using the unsubscribe link in the email or by contacting us directly.
MailerLite may process engagement data such as delivery status, opens, clicks, and device information to provide campaign analytics.
9. Contact Requests and Customer Support
If you contact us via a form, email, or support channel, we process the data you provide, including your contact details and message content, in order to handle your request and communicate with you.
The legal basis is Article 6(1)(b) GDPR if your request relates to a contract or pre-contractual measures, and otherwise Article 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.
10. Fonts (Google Fonts)
We use fonts to ensure consistent typography and a professional presentation. If fonts are served from Google servers, Google may receive technical data such as your IP address in order to deliver the font files. Where feasible, we prefer serving fonts locally to minimise data transfers.
11. Data Recipients and International Transfers
We share personal data only to the extent necessary with hosting providers, CDN providers, analytics and tag management providers, email service providers, and payment processors. Where these recipients act as processors, we use GDPR-compliant contractual safeguards.
If personal data is transferred outside the European Economic Area, we ensure an appropriate level of protection through adequacy decisions, certifications, Standard Contractual Clauses, and additional safeguards where necessary.
12. Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Contract and billing data may be retained for statutory retention periods under German law. Log data is retained for security and troubleshooting for limited periods unless longer retention is required to investigate incidents.
13. Your Rights
You have the right to access your personal data, to request rectification, erasure, restriction of processing, and data portability, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw your consent at any time with effect for the future.
To exercise your rights, please contact support@sciepro.com. We may request information to verify your identity.
14. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. For Brandenburg, Germany, the competent authority is the State Commissioner for Data Protection and the Right to Inspect Files (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg).
15. Security
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. This includes transport encryption and access controls. No system is completely secure, but we continuously improve our safeguards.
16. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our processing activities, legal requirements, or technical developments. The current version is published on our website and identified by the “Last updated” date above.