Last updated: January 2026

1 Who we are

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

1SP Agency Holding GmbH
Hamburger Straße 11
22083 Hamburg
Germany
Email: hello@1sp.agency

Website: https://www.1sp.agency

2 Contact details of the Data Protection Officer

The Data Protection Officer of the controller is:

DataCo GmbH
Sandstr. 33
80335 Munich
Germany
Phone: +49 89 7400 45840
Website: www.dataguard.de

On this page, we inform you about the processing of your personal data on our website and about your rights in connection with this processing.

3 Your rights

Deletion of data

The personal data processed by us will be deleted in accordance with statutory requirements as soon as the consent given for processing is withdrawn or other legal bases cease to apply (e.g. if the purpose of processing no longer applies or the data is no longer required for that purpose).

Further information on the retention and deletion of personal data can be found in the respective sections of this Privacy Notice relating to specific processing activities.

Your rights as a data subject

As a data subject, you are entitled to the following rights under Articles 15 to 21 GDPR. To exercise any of these rights, please contact us using the contact details provided above or contact our Data Protection Officer.

Right to object

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes, including profiling related to such direct marketing.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right of access

You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, access to that personal data and further information in accordance with legal requirements.

Right to rectification

You have the right to request the rectification of inaccurate personal data concerning you or the completion of incomplete personal data.

Right to erasure and restriction of processing

You have the right to request the erasure of your personal data without undue delay where one of the legal grounds applies and insofar as the processing or storage is not required.

You also have the right to request restriction of processing where the statutory requirements are met.

Right to data portability

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format or to request transmission of those data to another controller.

Right to withdraw consent

You have the right to withdraw your consent at any time.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

4 Data sharing and international data transfers

As explained in this Privacy Notice, we use various service providers to support the provision of our services and the security of your data. This may require the transfer of your personal data to such service providers.

We have concluded data processing agreements with all service providers who process personal data on our behalf, obliging them to protect your data.

If personal data is transferred outside the EU/EEA, we ensure an equivalent level of data protection, either because the recipient country has been recognised by the European Commission as providing an adequate level of protection, or by implementing appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs).

Where we use US-based service providers, we rely either on SCCs or the EU–US Data Privacy Framework, depending on the provider. You may request a copy of the SCCs by contacting us via the email address provided in this Privacy Notice.

5 Provision of the website and log files

5.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing device, including:

• Browser type and version
• Operating system
• Internet service provider
• IP address
• Date and time of access
• Websites from which the user accessed our website
• Websites accessed via our website

These data are stored in system log files. The data are not stored together with other personal data.

5.2 Purpose of processing

Temporary storage of the IP address is necessary to deliver the website to the user’s device. Storage in log files ensures the functionality, security and optimisation of the website. No analysis for marketing purposes takes place.

5.3 Legal basis

The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the technical provision of the website, the ensuring of its functionality and stability, the maintenance of IT security, and the detection, prevention and analysis of technical errors and security incidents. The processing of log file data is necessary to ensure the reliable and secure operation of the website.

5.4 Storage duration

Data are deleted as soon as they are no longer necessary. Log files are deleted after a maximum of seven days. Extended storage may occur in anonymised form.

6 Hosting via Vercel

6.1 Description and scope of data processing

This website is hosted by Vercel, Inc. When you access our website, data is automatically transmitted to and processed by the hosting provider. This includes, in particular, the IP address, date and time of access, resources accessed, browser type and browser version.

6.2 Purpose of data processing

Provision of website hosting, ensuring technical availability and performance, and safeguarding IT security.

6.3 Legal basis

The processing is carried out on the basis of Article 6(1)(f) GDPR (legitimate interest in the stable provision and security of the website).

1. 6.4.Storage duration

Data is stored for as long as necessary for hosting operations and to comply with statutory retention obligations.

1. Further information: https://vercel.com/legal/privacy-policy

7 Content Delivery Network and media hosting

7.1 Description and scope of data processing
This website uses Cloudinary, Inc. to enable fast loading of images and media content. When media content is loaded, Cloudinary may process, among other things, the IP address, referrer information, browser details and technical metadata.

7.2 Purpose of data processing
Optimisation of loading times as well as the delivery and temporary storage (caching) of images and media content.

7.3 Legal basis
Article 6(1)(f) GDPR (legitimate interest in the performance and efficient provision of the website).

7.4 Storage duration
Cloudinary stores data in accordance with its own policies for as long as necessary to provide the services.

7.5 Further information: https://cloudinary.com/privacy

8 Content Management System

8.1 Description and scope of data processing
This website uses Sanity.io to manage and provide editorial content. In this context, personal data may be processed in connection with content management, editor authentication and technical log files.

8.2 Purpose of data processing
Editorial maintenance and the provision of text and media content on the website.

8.3 Legal basis
Article 6(1)(f) GDPR (legitimate interest in the functional operation of the content management system).

8.4 Storage duration
Sanity stores data for as long as necessary for the content maintenance and delivery process.

8.5 Further information: https://www.sanity.io/legal/privacy

9 Use of cookies

9.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in your internet browser or by your internet browser on your end device. When a user accesses a website, a cookie may be stored that enables the browser to be recognised when the website is accessed again.

We use:

• Essential cookies that are strictly necessary for the operation of the website.
• Analytics cookies (e.g. Google Analytics) to statistically analyse user behaviour.
• Marketing cookies (e.g. Meta Pixel, Google Ads) to display interest-based advertising.

9.2 Purpose of data processing

• Essential cookies are used to ensure the operation of the website (e.g. language selection, consent status).
• Analytics and marketing cookies help us to understand user behaviour, measure the success of campaigns and optimise our offerings.

9.3 Legal basis

• The use of essential cookies is based on Section 25(2) No. 2 TDDDG in conjunction with Article 6(1)(f) GDPR.
• The use of all other cookies is based on your consent pursuant to Section 25(1) TDDDG in conjunction with Article 6(1)(a) GDPR.

9.4 Change cookie settings
[Insert link to consent manager / cookie banner here]

Tracking and analytics

10 Use of Google Analytics

10.1 Description and scope of data processing

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website.

The IP address is shortened by Google within the EU (IP anonymisation enabled). Only in exceptional cases is the full IP address transmitted to a server in the United States and shortened there.

10.2 Purpose of data processing

Analysis of user behaviour for the purpose of optimising the website and improving the user experience.

10.3 Legal basis

Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (consent obtained via the cookie banner).

10.4 Storage duration

The data are stored for up to 14 months and are then automatically deleted.

10.5 Right of withdrawal

You may withdraw your consent at any time, for example via our cookie consent banner. Alternatively, you may use the browser add-on to disable Google Analytics:
https://tools.google.com/dlpage/gaoptout

11 10.6 Third-country transfer

Data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may take place. The data transfer is based on the EU–US Data Privacy Framework.

Use of Google Ads / remarketing

11.1 Description and scope of data processing

This website uses Google Ads Remarketing functions to display personalised advertisements to visitors on other websites. The service provider is Google Ireland Limited. The cookies used enable recognition of visitors when they visit websites within the Google advertising network.

11.2 Purpose of data processing

Personalisation and targeted delivery of advertising (remarketing).

11.3 Legal basis

Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (consent obtained via the cookie banner).

11.4 Storage duration

Information on the maximum storage period: up to 18 months according to Google.

11.5 Right of withdrawal

You may disable personalised advertising at:
https://adssettings.google.com/authenticated
or via our cookie settings.

11.6 Third-country transfer

Data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may take place. The data transfer is based on the EU–US Data Privacy Framework.

12 Use of Meta Pixel (Facebook Pixel)

12.1 Description and scope of data processing

This website uses the Meta Pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This tool enables the tracking of user behaviour after users have viewed or clicked on a Facebook advertisement (conversion tracking). Cookies are used for this purpose.

12.2 Purpose of data processing

Evaluation of the effectiveness of Facebook advertising and targeted delivery of advertising (retargeting).

12.3 Legal basis

Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG (consent).

12.4 Storage duration

The data are deleted after up to 24 months, unless a different storage period is configured.

12.5 Right of withdrawal

You may prevent the collection of data by the Meta Pixel by withdrawing your consent via our cookie banner or by adjusting your advertising settings on Facebook:
https://www.facebook.com/adpreferences/ad_settings/

12.5 Third-country transfer

Meta Platforms Inc., USA: appropriate safeguards are ensured through the EU–US Data Privacy Framework.

13 Contact by email

13.1 Description and scope of data processing

You may contact us via the email address provided on our website. In this case, the personal data transmitted with the email will be stored.

The data are used exclusively for the purpose of processing the correspondence.

13.2 Purpose of data processing

We process the personal data provided to handle your enquiry.

13.3 Legal basis for data processing

The legal basis for processing the data transmitted while sending an email is Article 6(1)(f) GDPR.

Where the email contact is aimed at the conclusion of a contract, the additional legal basis is Article 6(1)(b) GDPR.

13.4 Storage duration

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data transmitted by email, this is the case once the relevant correspondence with the user has ended.

Personal data additionally collected during the sending process are deleted no later than seven days after transmission.