Privacy Policy

Effective date: 27.12.2025
Last updated: 27.12.2025

1. Introduction

Welcome to dronios.com (the “Website”). We take your privacy seriously and process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the German Federal Data Protection Act (BDSG), the California Consumer Privacy Act / California Privacy Rights Act (“CCPA / CPRA”), and other applicable data protection laws.

2. Data Controller

No data protection officer is appointed because this is not required under Art. 37 GDPR.

3. What Data We Collect

• IP address, approximate location, and time zone
• Device type, operating system, browser type/version
• Referrer URL and pages visited, clicks, scrolls, dwell time
• Search terms and interaction with on-page elements
• Cookie identifiers and online identifiers
• Server log information (date, time, status code, bytes transferred)

4. Purposes and Legal Bases

• Analytics (Google Analytics 4) – to analyse traffic and improve user experience.
  Legal basis: Consent (Art. 6(1)(a) GDPR).
• Advertising (Google Ads / Microsoft Ads) – to display personalised or contextual ads and measure conversions.
  Legal basis: Consent (Art. 6(1)(a) GDPR).
• Essential operation (server logs, security) – to ensure security and integrity of the Website.
  Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
• Legal compliance – to comply with tax, accounting, and other legal obligations.
  Legal basis: Legal obligation (Art. 6(1)(c) GDPR).

5. Cookies & Consent Management

We use the consent management platform CookieYes. When you first visit, a banner asks for your permission to set non-essential cookies (analytics, advertising, embedded media). You can withdraw or change your consent at any time via the “Cookie Settings” link below.

6. Third-Party Recipients

• Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (Analytics, Ads, Tag Manager, YouTube)
• Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft Ads)

We have concluded data processing agreements (Art. 28 GDPR) with these providers.

7. International Data Transfers

Some recipients (e.g. Google LLC, YouTube LLC, Microsoft Corporation) are located in the United States. We rely on Standard Contractual Clauses (SCCs) issued by the European Commission (Art. 46 GDPR) to safeguard such transfers.

8. Data Retention

• Google Analytics data: 14 months (shorter if you revoke consent)
• Advertising conversion data: 90 days
• Server log files: 7–14 days
• Legal-retention documents: 10 years (German Commercial & Tax law)

9. Automated Decision-Making / Profiling

We do not engage in automated decision-making that produces legal effects. For advertising audiences (remarketing) only pseudonymous profiling takes place after consent.

10. Security

We use SSL/TLS encryption, access controls, regular software updates, and server-side firewalls to protect your data.

11. Your Rights (EU/EEA Residents)

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure / “Right to be forgotten” (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Withdraw consent at any time (Art. 7(3) GDPR)

12. Your Rights (California & other U.S. States)

Residents of California, Virginia, Colorado, Connecticut, and Utah may request access, deletion, or correction of their personal information and may opt out of personal-information “sharing” as defined by state law. We do not sell personal information.

13. Exercising Your Rights

Contact us with your request. We will respond within one month (EU) / 45 days (US).

14. Changes to This Policy

We may update this Privacy Policy occasionally. The “Last updated” date at the top will be revised. Please review this page regularly.

15. Contact

If you have questions about this policy or our data practices, contact: