Website Privacy Policy

In this privacy policy, we, hotsplots GmbH, inform you about the processing of your personal data and the storage of information on your device in connection with the use of our website.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, such as your name, telephone number, address, or email address. However, certain identifiers such as your IP address or the device ID of the device you are using also constitute personal data.

We always process personal data in accordance with the General Data Protection Regulation (GDPR). Personal data is always transmitted using SSL encryption (including user names and passwords, as well as all other data traffic to the customer area and product enquiries on www.hotsplots.de and hotsplots.com).

You can print or save this privacy policy using the usual functionality of your browser. You can also download and archive this privacy policy as a PDF file by clicking here [PDF].

If you are interested in the data processing of our products rather than our website, you will find information on data protection and data security, e.g., for data collection when using (Wi-Fi) hotspots and data collection for VPN routing, in our privacy policy for hotspot use.

HOTSPLOTS has also been registered with the Federal Network Agency since 2005 for its provision of commercial telecommunications services to the public. Where required by law, HOTSPLOTS is also registered in other countries in which it operates.

1. Responsible party and contact person

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR) is

hotsplots GmbH
Köpenicker Str. 154 A
10997 Berlin

Telephone: +49 (0)30 – 29 77 348-0

Fax: +49 (0)30 – 29 77 348-99

E-Mail: datenschutz@hotsplots.de

2. Data Protection Officer

If you have any questions about data protection, you can contact our data protection officer at any time: They can be reached at the email address provided above and at the postal address (keyword: “Attn: Data Protection Officer HOTSPLOTS”). We expressly point out that when using this email address, the contents will not be seen exclusively by our data protection officer. If you wish to exchange confidential information, please first request direct contact via this email address.
direct contact.

3. General use of the website

In principle, you can visit our website without telling us who you are. You can then use the website to find out about our company and our products. We only collect personal data if this is necessary for technical reasons for the use of our website. When you visit our website, our web server automatically stores some connection data that your browser transmits to us in so-called log files. This includes, for example, browser type and version, operating system, URL of the last page visited (referrer URL), and time. The information stored in the log files does not allow any direct conclusions to be drawn about your person. IP addresses are recorded in the internal log of the web server and deleted after a maximum of 24 hours. This connection data is processed for the purpose of enabling the use of the website, system security, technical administration of the network infrastructure, and optimization of our Internet offering. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

This data is not merged with other data sources. The log files are stored for 100 days and then automatically deleted.

4. Use of contact forms

We offer you the option of sending us messages directly via a contact form. When you use our contact forms, we collect the category of your request, your first and last name, your email address, and the actual message. Further details are optional. The legal basis for this is Art. 6 (1) (b) GDPR. We will only use the data collected via our contact forms to process inquiries; it will then be deleted within six months.

If you would like to become an installation partner of HOTSPLOTS, you can contact us via our website. Since the accounts in the customer area (see below) and the accounts of installation partners are linked, we require the HOTSPLOTS username as a mandatory field. All other data, such as contact person or company name, is optional.

5. Registration

To operate hotspots yourself, become an installation partner, or top up credit for using hotspots, you must register for the protected customer area. During registration, a username and password are collected, which the user chooses freely. The password is not stored in plain text, but only in encrypted form as a so-called hash value. Furthermore, your name and address, which are necessary for creating correct invoices, as well as your email address, which is particularly necessary for HOTSPLOTS to be able to provide customers with the required information in the event of changes to the terms and conditions and for customers to be able to use the “Forgot password” function, will be collected. You can optionally provide a telephone number for telephone support. Other optional information such as fax number, URL of your own website, and VAT ID number are only relevant for location owners/hotspot operators. The legal basis for processing is Art. 6 (1) (b) GDPR.

Our website features a selection of products for installing and operating Wi-Fi hotspots. When you request product information, we collect the mandatory information required to prepare a quote (first and last name, email address, and postal address). Information such as company name, VAT ID number, telephone number, and title is optional.

As a matter of principle, we only store the data collected in the customer area and for product inquiries for as long as is necessary to fulfill the contractual or legal obligations for which we collected the data. We then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations.

6. Newsletter

Customers and hotspot operators can receive regular updates about our products and services via our newsletter. Your email address will be processed in our systems for the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time. To unsubscribe from our newsletters for customers and hotspot operators, please use the link provided at the end of each newsletter.

You can also deselect the corresponding button in the customer area. Of course, a message sent to the contact details provided above or in the newsletter (e.g., by email or letter) is also sufficient for this purpose. The legal basis for data processing in the context of the newsletter is Art. 6 (1) (a) GDPR. We use standard technologies in our newsletters to measure interactions with the newsletters (e.g., opening the email, clicking on links). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletters (so-called pixels). The data is collected exclusively in pseudonymized form and is not linked to your other personal data. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. Access to the information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TTDSG. If you do not want your usage behavior to be analyzed, you can unsubscribe from the newsletter or disable graphics in your email program by default. We want to share content that is as relevant as possible to our customers via our newsletter and better understand what readers are actually interested in. The data on interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymized.

7. Advertising to existing customers via email

When you register with us or make a purchase from us, we also use your contact details to send you further information about our products and services that may be relevant to you (“existing customer advertising”). This may include, in particular, news, promotions, and offers, as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 (1) lit. f GDPR in conjunction with § 7 (3) UWG (German Unfair Competition Act), according to which data processing is permissible for the pursuit of legitimate interests, insofar as this concerns the storage and further use of the data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by notifying us using the contact details above (e.g., by email or letter), without incurring any costs other than the transmission costs according to the basic rates.

8. Use of tools on the website

8.1 Technologies used and browser settings

In order to improve the presentation of content on our website, we use cookies and similar technologies (e.g., local storage, fingerprints, pixels, web beacons) to collect and analyze statistical data on general usage behavior based on access data. In addition, we use services from external service providers that process the access data generated when using our website in order to enable the display of interest-based advertising, for example in the context of search queries.

8.2 Legal basis and revocation

8.2.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 (1) lit. b GDPR. In these cases, access to and storage of information on the end device is absolutely necessary and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (2) TDDDG.

We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the EU Member States’ ePrivacy Directive, in Germany pursuant to Section 25 (1) TDDDG. Data processing using these tools only takes place if we have obtained your prior consent.

If personal data is transferred to third countries, we refer you to section 10 (“Data transfer to third countries”), also with regard to the risks that may be associated with this. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other safeguards have been agreed for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will transfer the data processed when using the tools (also) on the basis of this consent in accordance with Art. 49 (1) (a) GDPR to third countries.

8.2.2 Obtaining your consent

We use the Usercentrics CMP V3 tool by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and manage your consent. This tool generates a banner that informs you about data processing on our website and gives you the option to consent to all, individual, or no data processing using optional tools. This banner appears when you first visit our website and when you revisit your settings to change them or withdraw your consent. The banner also appears on subsequent visits to our website if you have disabled the storage of cookies or if the cookies or information in local storage have been deleted or have expired.

When you visit the website, your consent or revocation, your IP address, information about your browser, your device, and the time of your visit are transmitted to Usercentrics. In addition, necessary information is stored on your device to document your consent and revocation (“standard cookie”: “CookieConsent,” storage period 12 months).

Data processing is necessary in order to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 (1) lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information on the end device is absolutely necessary in these cases and is based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (2) TDDDG.

8.2.3 Withdrawing your consent or changing your selection

You can revoke your consent for certain tools, i.e., for the storage and access to information on your device, the processing of your personal data, and the transfer of your data to third countries, at any time with future effect. To do so, click on the following link: Cookie settings

There you can also change the selection of tools you wish to consent to using and find additional information about the tools used. Alternatively, you can revoke your consent for specific tools directly with the provider.

8.3 Necessary tools

We use certain tools to enable the basic functions of our website (“necessary tools”). These include, for example, tools for preparing and displaying website content, for managing and integrating tools, for providing payment processing services, for fraud detection and prevention, and for ensuring the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.

The legal basis for the necessary tools is the requirement to fulfill our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in providing the respective basic functions and operating our website. In cases where the provision of the respective website functions is necessary for the performance of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 (1) lit. b GDPR. In these cases, access to and storage of information on the end device is absolutely necessary and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (2) TDDDG.

In the event that personal data is transferred to third countries, we refer you to section 10 (“Data transfer to third countries”) in addition to the information provided below.

8.3.1 Google Consent Mode

Our website uses Google Consent Mode, which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).

Google Consent Mode is used to manage consent and control Google tools. Google Consent Mode is also used to perform limited aggregated reach measurement and basic conversion measurement and modeling (known as extended mode). Only aggregated usage information is processed and clicks on advertisements are recorded.

We have configured Google Consent Mode to be privacy-friendly. This means that no analysis or marketing cookies are stored or read without consent via Google Consent Mode (“ad_storage” and “analytics_storage” are deactivated). Processing for advertising purposes and personalized advertising is prevented without consent (“ad_user_data” and “ad_personalization” deactivated). In addition, conversion information in the URL is not passed on across multiple pages without consent and is not transmitted to Google Ads (‘ads_data_redaction’ activated and “URL_passtrough” deactivated).

Depending on the consent decision, Google Consent Mode may process the following data:

• Consent status;
• If applicable, parameters in the URL for clicked advertisements (information about the time the page with the advertisement was accessed, the domain of the advertising page, the advertising network, the keywords, the source page, the advertising medium, and the advertising campaign);
• IP address;
• HTTP headers, including the URL accessed, access time, and referrer URL;
• User agent, including information about the browser, operating system, and device.

The IP address is deleted immediately after transmission as part of normal network communication.

The legal basis is Art. 6 (1) (f) GDPR, based on our legitimate interest in using Google tools in accordance with the consent decision, modeling aggregated conversions, collecting basic usage information, and improving our conversion measurement.

We have entered into a data processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that in this case the transfer is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) (c) GDPR.

Further information on the processing of personal data at Google can be found at: https://business.safety.google/privacy/.

8.4 Analysis tools

In order to improve our website, we use optional tools to recognize visitors and to collect and analyze statistical data on general usage behavior based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is aggregated and allows us to understand the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more enjoyable.

The legal basis for the analysis tools is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TDDDG. To revoke your consent, see 8.2.3: “Revoking your consent or changing your selection.”

In the event that personal data is transferred to third countries, we refer you to section 10 (“Data transfer to third countries”) in addition to the information provided below.

8.4.1 Matomo

This website uses Matomo, an open-source analysis software for statistical evaluation of visitor traffic. Matomo is operated on our web space (on-premise) and no data is passed on to third parties. JavaScript and cookies are used.

We have made the following privacy settings in Matomo:

• Automatic deletion of old logs / limitation of storage duration;

The following data could be stored in the user log together with a pseudonymized user ID:

• Anonymized IP address;
• Referrer URL (previously visited page);
• Pages accessed (date, time, URL, title, duration of visit);
• Downloaded files;
• Links clicked to other websites;
• Achievement of specific goals (conversions), if applicable;
• Technical information: Operating system; browser type, version, and language; device type, brand, model, and resolution;
• Approximate location (country and, if applicable, city, based on anonymized IP address).

When using Matomo, the following cookies are set for the specified purpose with the respective storage period:

• „_pk_id“ (13 months): Storage of the user ID;
• „_pk_ref“ (6 months): Storage of which websites the visitor came from;
• „_pk_ses“, „_pk_cvar“, „_pk_hsr“ (30 minutes): short-term storage of usage data;
• ggf. „mtm_consent“ : Reminder of consent.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.

Further information can also be found in Matomo’s privacy policy: https://matomo.org/privacy/.

8.5 Marketing-Tools

We also use optional tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used to create usage profiles that store, in particular, your usage behavior, the advertisements you have viewed or clicked on, and, based on this, your classification into advertising categories, interests, and preferences. By analyzing and evaluating this access data, we are able to display personalized advertising on our website and on the websites and services of other providers, i.e., advertising that corresponds to your actual interests and needs. In doing so, we also analyze your usage behavior in order to recognize you on other sites and address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads).

The legal basis for the marketing tools is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TDDDG. For information on revoking your consent, see 8.2.3: “Revoking your consent or changing your selection.”

In the event that personal data is transferred to third countries, we refer you to section 10 (“Data transfer to third countries”) in addition to the information provided below.

8.5.1 Google Ads conversion tracking and Ads remarketing (formerly AdWords)

Our websites use the “Google Ads” service, which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively “Google”).

Google Ads uses “Google Ads Conversion Tracking” to record and analyze customer actions defined by us (such as clicking on an ad, page views, downloads). We use Google Ads Remarketing to display personalized advertising messages for our products on Google partner websites. Both services use cookies, JavaScript, pixels, and other technologies for this purpose. Google also processes the data to improve and further develop its own products and services, for aggregated statistical evaluation of conversions, and to improve the quality and accuracy of conversions.

The following cookies are set and read by Google:

• „_gcl_au“ (90 days): Conversion tracking, storage of ad clicks;
• „_gcl_aw“ (90 days): Conversion tracking, storage of ad clicks;
• „FPAU“ (90 days), „FPGSID“ (90 days): Usage analysis, recording of interaction with advertising, and reporting;
• „IDE“ (390 days): Recognition and differentiation of visitors by means of a user ID, recording of interaction with advertising, display of personalized advertising.

The following elements are stored and read by Google in local storage:

• „_gcl_ls“: Storage of timestamps for conversion tracking for clicks on ads.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.

Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which means that in this case the transfer is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

If you use a Google account, Google may link your web and app browsing history to your Google account and use information from your Google account to personalize ads, depending on the settings stored in your Google account. If you do not want this association with your Google account, you must log out of Google before visiting our website.

If you have not consented to the use of Google Ads, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to revoking your consent, you also have the option of disabling personalized advertising in Google’s advertising settings:https://adssettings.google.com/notarget..

Further information on the processing of personal data at Google can be found at: https://business.safety.google/privacy/.

Disclosure and recipients

Any use of your personal data will only be for the purposes stated and to the extent necessary to achieve these purposes. We will not pass on your personal data to our service providers or third parties unless this is necessary for the purpose of contract processing or you have expressly consented to this.

In order to provide our services, some business processes require the transfer of personal data to selected external service providers:

1. For goods shipments, the shipping company responsible for delivery (usually DHL Paket GmbH).
2. For hotspot provision contracts, the supplier of the preliminary service, DSL/SIM card provider, etc.
3. For hotspot installations by installation partners on site.
4. In the event of late payment, we will engage external debt collection agencies and, if necessary, lawyers.

If we pass on data to service providers, they may only use the data to fulfill their tasks. All service providers are carefully selected and commissioned by us. They are contractually bound to our instructions, committed to confidentiality, and are regularly monitored by us. In all cases, the scope of the data transmitted is limited to the minimum necessary.

Personal data will only be transferred to government institutions and authorities within the framework of mandatory national legislation or if disclosure is necessary for legal and criminal prosecution in the event of attacks on our network infrastructure.

10. Data transfer to third countries

Where necessary, we use services whose providers are based in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data to such countries, i.e. countries whose level of data protection does not correspond to that of the European Union.

If an adequacy decision by the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.

If no adequacy decision has been issued for the country in question, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include, among other things, the standard contractual clauses of the European Union or binding internal data protection regulations (Art. 46 GDPR).

Wo dies nicht möglich ist, stützen wir die Datenübermittlung auf Ausnahmen des Art. 49 DSGVO, insbesondere Ihre ausdrückliche Einwilligung oder die Erforderlichkeit der Übermittlung zur Vertragserfüllung oder zur Durchführung vorvertraglicher Maßnahmen.

If a transfer to a third country is planned and there is no adequacy decision or suitable safeguards in place, it is possible and there is a risk that authorities in the respective third country (e.g., secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your rights as a data subject cannot be guaranteed. If your express consent is obtained, you will also be informed of this.

11. Storage period

As a matter of principle, we only store personal data for as long as is necessary to fulfill the purposes for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims, due to statutory retention obligations, or if there is another legal basis under data protection law for the continued processing of your data in a specific individual case.

For evidentiary purposes, we must retain contract data in particular for three years from the end of the year in which our business relationship with you ends. Any claims shall become time-barred at the earliest at this point in time in accordance with the statutory limitation period.

Even after that, we may still need to store some of your data for accounting reasons. We are obliged to do so due to legal documentation requirements, which may arise, for example, from the Commercial Code and the Tax Code. The periods specified there for the retention of documents are two to ten years.

12. Data protection rights

12.1 Overview of your rights

You are entitled to the rights of data subjects set out in Art. 7 (3) and Art. 15–22 GDPR at any time, provided that the relevant legal requirements are met:

• Right to withdraw your consent (Art. 7(3) GDPR)
• Right to object to the processing of your personal data (Art. 21 GDPR);
• Right to rectification of your personal data stored by us that is inaccurate (Art. 16 GDPR);
• Right to erasure of your personal data (Art. 17 GDPR);
• Right to restriction of processing of your personal data (Art. 18 GDPR);
• Right to data portability of your personal data (Art. 20 GDPR);
• Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including, where applicable, the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).

To exercise your rights as described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to prove an adequate level of data protection. Provided that the relevant legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for up to three years and, in individual cases where there is reason to assert, exercise, or defend legal claims, for longer than this. The legal basis for this is Art. 6 (1) (f) GDPR, based on our interest in defending ourselves against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR, and fulfilling our accountability obligations under Art. 5 (2) GDPR.

12.2 Right of revocation and objection

12.3 Right of appeal

Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can exercise this right, for example, with a supervisory authority in the Member State of your residence, your place of work, or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

13. Obligation to provide your data

There is no obligation to provide your data.

Insofar as the provision of your data is necessary for the conclusion of a contract (e.g. to register an account or order goods or services), to fulfill legal obligations (e.g. for registration forms), to establish contact, or to use other services and functions (e.g. to subscribe to the newsletter), the corresponding input fields are marked as mandatory (usually with an asterisk (*)). . In this case, without this data, a contract cannot be concluded, the specific service cannot be provided, or the function cannot be used.

Other information not marked as mandatory fields is voluntary. The entry of such data is not necessary for the conclusion of a contract, the provision of the service, or the use of the function and has no influence on the execution of the contract.

14. Automated decision-making

Automated decision-making, including profiling pursuant to Art. 22 GDPR, with legal or similarly significant adverse effects does not take place.

15. Changes to the privacy policy

We occasionally update this privacy policy, for example when we modify our website or when legal or regulatory requirements change.

Version: 1.0 / Stand: December 2025