Privacy Policy

Data privacy statement

Any collection, processing and use (hereinafter "use") of data is solely for the purpose of providing our services. Our services have been designed to use as little personal information as possible. For that matter, "personal data" is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called "affected person"). The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.

1 General information on data processing

1.1 Person Responsible (Controller)

Responsible within the meaning of the EU General Data Protection Regulation (GDPR) is: WS Datenschutz GmbH Address: Dircksenstraße 51, 10178 Berlin, GERMANY Phone: 030 88720788 Email: info@privaicy.eu Website: www.privaicy.eu

1.2 Protection of your data

We have taken technical and organizational measures to ensure that the requirements of the EU General Data Protection Regulation (GDPR) are met by us, as well as, by external service providers working for us. If we work with other companies to provide our services, such as email and server providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (data processing agreement) will only be concluded if the third party complies with the requirements of Art. 28 GDPR. Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL.

1.3 Erasure of personal data

We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

2 Hosting

2.1 Description and scope of data processing

Our website uses the services of the hosting provider Host Europe. Data processing is carried out by: Host Europe GmbH, c/o WeWork Wallarkaden, Pilgrimstraße 6, 50674 Cologne, Germany.

You can find more information on the data protection of the hosting provider here: https://www.hosteurope.de/download/2019-07-24_MUSTER_AV_KUNDEN_Host%20Europe%20V3.2.pdf

When visiting our website, our web servers temporarily store every access in a log file. The following data is collected and stored until automated erasure:

2.2 Legal basis for processing personal data

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interest is to make our website accessible for you.

2.3 Purpose of data processing

The processing of this data serves: the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure, as well as to optimize the website. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our internet provider.

2.4 Duration of storage

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) and deleted as soon as the purpose of data processing is achieved and no legal retention periods oppose a deletion. As a rule, this is the case after 14 days. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

2.5 Right of objection and erasure

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object. If you have any questions in this regard, please feel free to contact our data protection officer.

3 Mailing List

3.1 Description and scope of data processing

You can join our mailing list. When joining our mailing list, you will be asked to provide your email address for processing. This data is necessary to send the mailings to their recipients. The mailings will be sent via email only after the sign-up process is completed. In order to meet the requirements of the GDPR, we use DOI (Double Opt.-In). If you sign up for our mailing list, we will send a confirmation email to the address you provided us with. This email contains a confirmation link that you must click to complete the sign-up process. Following this procedure, the IP address, date and time of login are stored. This is done to prevent abuses. We won’t transfer the data to third parties.

3.2 Legal basis for data processing

This processing is legally based on Art. 6 para. 1 s.1 lit. a) GDPR, thus your consent.

3.3 Purpose of data processing

The mailing list has the functions of informing the affected parties about offers and news at a regular basis.

3.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

3.5 Right to objection and erasure

The consent to joining the mailing list and thus receiving emails can be withdraw by you at any time. For this purpose, you can click the integrated link in each email to unsubscribe. It is also possible to inform us about the withdrawal of the consent in any other way, e.g. via mail or email.

3.6 Mailing Provider Brevo

3.6.1 Description and scope of data processing

To send our emails we are using the service Brevo of Sendinblue. The data processing is performed by: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue operates its servers in Germany and has a TÜV Rheinland certificate for data protection. Further information on data protection at Sendinblue can be found here: Datenschutzrichtlinie - Schutz der personenbezogenen Daten - Sendinblue

3.6.2 Legal basis of data processing

Data processing is based on your consent in accordance with Art. 6 para. 1 s. 1 lit. a) GDPR.

3.6.3 Purpose of data processing

We use Sendinblue as our mailing service provider to ensure effective consent management and to stay in touch with you via the newsletter.

3.6.4 Duration of storage

Sendinblue deletes personal data as soon as the purpose of data processing has been achieved and there are no legal, contractual or regulatory provisions preventing deletion. This is the case no later than two years after the termination of the contract between us and Sendinblue.

3.6.5 Right to objection and erasure

You may withdraw your consent at any time. To do so, please contact our data protection officer. You may also use the ‘opt-out’ link at the end of each email at any time, which will result in us deleting your email address from our address file, meaning that the service provider will no longer process your personal data. If you have any questions about data protection at Sendinblue, you can contact the service's data protection officer at the following address: datenschutz@sendinblue.com.

4 Social media links

We have integrated social media platforms through into our services, which may result in the social media provider receiving data from you. If you click on the social media link, the website of the respective social media provider is loaded. By loading the website of the respective social media provider via our services, the respective reference data is transmitted to the respective social media provider. The social media provider thereby receives the information that you have visited us.

Further information on data processing by the social media providers can be found here: LinkedIn: https://www.linkedin.com/legal/privacy-policy X: https://x.com/en/privacy

5 Service providers from third countries

In order to provide our services, we use the support of service providers both from the European area and from third countries. To ensure the protection of your personal data even in the case of data transmission to a third country, we conclude special data processing agreements with each of the carefully selected service providers. All the service providers we use have sufficient evidence that data security is ensured by means of appropriate technical and organisational measures. Our service providers in third countries meet at least one of the following criteria:

Adequate level of protection

The provider comes from a country whose level of data protection has been recognized by the EU Commission. For more information, see: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

EU standard contract clauses

Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, see: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules

Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.

Consent

In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 sec. 1 lit. a) GDPR for this purpose.

6 Your rights

With regard to your data processing, you have the following rights:

6.1 Right to withdraw a given consent (Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a withdrawal influences the permissibility of the processing of your personal data for the future, after you have expressed it to us. It can be done via the Consent Banner, orally or in writing by post or e-mail.

6.2 Right of access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:

In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.

6.3 Right to rectification and erasure (Art. 16, 17 GDPR)

You have the right to request that we, as the data controller, correct and/or complete any personal data concerning you that is incorrect or incomplete. We will carry out the correction without delay. You may also request the erasure of your personal data if any of the following applies to you:

Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

These rights shall not apply to the extent that processing is necessary:

6.4 Right to restriction of processing (Art. 18 GDPR)

You shall have the right to obtain from us restriction of processing where one of the following applies:

Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.

6.5 Right to information (Art. 19 GDPR)

If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort. You also have the right to know which recipients have received your personal data.

6.6 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data from us in a commonly used, machine-readable format, provided that

In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.

6.7 Right to object (Art. 21 GDPR)

Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e). In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.

6.8 How to exercise these rights

To exercise these rights, please contact our data protection officer.

6.9 Right to lodge a complaint with supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR. The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

7 Subject to change

We reserve the right to change this privacy policy in compliance with legal requirements. September 2025

← Back to landing page