HitchHiker Logo Contact

Privacy Policy

Your data, our commitment to transparency and security.

1. Data Controller

HitchHiker GmbH Berner Str. 81, 60437 Frankfurt am Main, Germany Phone: +49 69 50 70 30 Fax: +49 69 50 70 3 111 Email: datenschutz@HitchHiker.net

2. Data Protection Officer

You can contact our Data Protection Officer at: mip Consult GmbH Attorney Asmus Eggert Wilhelm-Kabus-Str. 9, 10829 Berlin Email: datenschutz@HitchHiker.net Web: www.sofortdatenschutz.de

3. Sources and Categories of Personal Data

We process personal data that we receive directly from you (for example, when you contact us), as well as technically required access data when visiting our website. This may include IP address, date/time, requested page, referrer URL, browser type/version, operating system, and submitted content in contact requests.

4. Purposes and Legal Bases of Processing

We process data under the GDPR and BDSG, in particular on the following legal bases: - Art. 6(1)(a) GDPR (consent), where consent has been given. - Art. 6(1)(b) GDPR (pre-contractual/contractual communication), e.g. for concrete inquiries. - Art. 6(1)(f) GDPR (legitimate interests), especially for IT security, stable website delivery, error analysis, and efficient communication.

5. Website Delivery and Server Log Files

When you use the website for informational purposes only, we process only the data your browser transmits to our server. This data is technically necessary to display the website correctly and to ensure stability and security. Legal basis: Art. 6(1)(f) GDPR.

6. Contact Requests (Form, Email, Phone)

When you contact us, we process the data you provide (e.g. name, email, phone number, message) to handle your request. The legal basis is generally Art. 6(1)(b) GDPR (pre-contractual communication) and/or Art. 6(1)(f) GDPR.

7. Chatbot / AI-Supported Communication

A chatbot is integrated on this website. When used, your chat content and a technical user identifier are processed. Browser requests are sent to our backend; from there, a server-side request may be sent to an AI service provider (e.g. OpenAI). Important: There is no direct browser call to the OpenAI API. Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Please do not submit unnecessary sensitive personal data in chat messages.

8. Local Browser Storage (Local Storage)

We use Local Storage for: - theme preference (light/dark), - technical chatbot session ID. Legal basis: Art. 6(1)(f) GDPR. You can delete this data at any time in your browser settings.

9. Third-Party Content and External Services

The website currently includes the following external sources/services: - Locally hosted fonts (no external Google Fonts requests) - Google Maps iframe (contact page) - external logo image sources on the homepage, especially: - commons.wikimedia.org - de.wikipedia.org / en.wikipedia.org / sco.wikipedia.org - cdn.brandfetch.io When such content is loaded, technical connection data (e.g. IP address) may be transmitted to the respective provider. Legal basis: Art. 6(1)(f) GDPR.

10. Recipients of Data

Within our company, only departments that need the data to perform their tasks have access. In addition, service providers used by us (processors under Art. 28 GDPR) may receive data, e.g. in hosting/IT, communication, and support. Data is only shared within the legally permissible framework.

11. Transfers to Third Countries

In individual cases, processing may also take place in countries outside the EU/EEA (e.g. USA), where required for integrated services. Where necessary, appropriate safeguards pursuant to Art. 44 et seq. GDPR are implemented (e.g. EU Standard Contractual Clauses).

12. Storage Period

We store personal data only as long as necessary for the stated purposes or as required by statutory retention obligations. Log file data is stored for a limited period for security purposes. Local storage data can be deleted by you at any time.

13. Your Rights

You have, in particular, the following rights: - access (Art. 15 GDPR) - rectification (Art. 16 GDPR) - erasure (Art. 17 GDPR) - restriction of processing (Art. 18 GDPR) - data portability (Art. 20 GDPR) - objection to processing under Art. 6(1)(e)/(f) GDPR (Art. 21 GDPR) - withdrawal of consent with future effect

14. Right to Lodge a Complaint

Under Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

15. Automated Decision-Making / Profiling

At present, no exclusively automated decision-making within the meaning of Art. 22 GDPR takes place on this website.

16. Cookies, External Content, and Chatbot

We use cookies and similar technologies only where required and - for optional services - based on your consent.

Strictly necessary cookies (always active): This includes information used to store your consent choice. A technical session ID is also used for active chat operation.

Persistent storage of the chatbot session ID (GUID) across browser restarts is only enabled if you opt in to the optional "Chatbot comfort memory".

Legal bases: Storing/reading strictly necessary information is based on Section 25(2) TDDDG. The subsequent processing of personal data is based on Art. 6(1)(b) GDPR (handling your request) and/or Art. 6(1)(f) GDPR (secure and stable operation).

Optional services: External content such as embedded maps is activated only after your consent. Legal basis: Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can change your selection at any time via “Cookie Settings”.

For the chatbot, two separate options are available: (1) "Enable chatbot" (permission to use the chat service) and (2) "Remember chatbot conversation" (persistent storage of the chat session ID/GUID for recognition).

Chatbot notice: When using the chatbot, your input is transmitted to our “Blueshift” service. Blueshift processes requests server-side and calls the AI model from there. There is no direct browser call to the AI provider.

Before forwarding, inputs are automatically checked for typical sensitive patterns (e.g. email, phone number, PNR, file keys, API keys/tokens) and reduced/masked where possible. PNR/file-key data should not be sent to the AI model. Please still avoid entering sensitive data in the chat.

17. Data Security and Updates

We implement technical and organizational security measures to protect data against loss, manipulation, and unauthorized access. We reserve the right to update this privacy policy where legal, technical, or organizational changes make this necessary. Status: March 17, 2026.