Below you will find comprehensive information on how we process your personal data within our company or on our website.

I. Controller of the Data Processing

The controller pursuant to Article 4(7) of the General Data Protection Regulation (GDPR) is:

DataTrust Consulting UG (haftungsbeschränkt)
Curiestraße 2
70563 Stuttgart
Germany
Telephone: +49 174 7346673
Email: info@datatrust-consulting.de
Imprint: https://datatrust-consulting.de/imprint/

II. Data Processing on the Website

1. Collection of Personal Data When Visiting Our Website

When the website is used purely for informational purposes, the browser used on your end device automatically sends certain information, such as your IP address, to our website’s server for technical reasons.

Type of Data
We process the following data:

• The IP address of the device used to access the website
• The date and time of access
• The name and URL of the requested file
• The website or application from which the access originated (referrer URL)
• The browser used and, where applicable, the operating system of your device, as well as the name of your access provider
• Your settings selected in the consent manager

Purpose of Processing
We process the data of users of our website for the following purposes:

• Providing the website content requested by the user
• Ensuring the security of the IT infrastructure used to provide the website
• Providing cookie consent management for the website
• Maintaining the user’s status for all page requests
• Storing the user’s preferred language

Legal Basis
The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper display of the website and in ensuring its stability, security, and technical operation, such as error analysis, misuse detection, and load balancing.
Insofar as strictly necessary access to information stored in the user’s terminal equipment takes place, the legal basis is also § 25(2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG).

Duration of Data Storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With the exception of your personal settings, the personal data mentioned above are stored for a period of 30 days and then automatically deleted. Your personal settings generally remain stored so that they can also be applied during a subsequent visit.

Information on the Provision Obligations of the Data Subject
You are not legally or contractually obligated to provide information when using our website. However, if you do not provide the data, you may not be able to use our website properly.

2. Use of Cookies

On our website and in connection with offers provided on the website, we use cookies and comparable technologies, such as HTML Local Storage and Session Storage. In doing so, we may utilize processing and storage functions of your device’s browser and collect information from your device’s storage. The use of cookies and comparable technologies, as well as the collection of information, is based on § 25 TDDDG. In the following, cookies and comparable technologies are collectively referred to as “cookies.”

General Information About Cookies
Cookies are small files containing information that can be placed on your device via your browser when you visit a website. When you revisit that website with the same device, the cookie and the information it contains can be retrieved.

Types of Cookies

• Technically necessary cookies: These are strictly necessary for the operation of the website, for example, for navigation or access to secure areas.
• Functional cookies: These make it possible to provide certain convenience functions, such as saving settings or automatically filling in forms.
• Analytics and statistics cookies: These collect information about the use of our website in order to improve its performance and content.
• Marketing and tracking cookies: These are used to tailor content and advertising to your interests.

A distinction is also made between:

• –Session cookies: These are stored only for the duration of your visit and are deleted when you close your browser.
• Persistent cookies: These remain stored beyond the session and are automatically deleted after a defined period.
• First-party cookies: These are set directly by us.
• Third-party cookies: These are set by third-party companies, for example, by analytics tools or advertising network.

The processing of personal data by means of cookies is generally based on:

• For technically necessary cookies: Art. 6(1)(f) GDPR and § 25(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG), based on our legitimate interest in the operation, security, and optimization of the website.
• For all other cookies: Art. 6(1)(a) GDPR and § 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG), based on your consent.

You can adjust or withdraw your cookie settings at any time via our consent management tool. You can also delete or block cookies via your browser settings. Please note that if cookies are disabled, certain functions of the website may be limited or unavailable.

Cookies Used on This Website
This website uses the following types of cookies, the scope and functionality of which are explained below:

3. Contact via Email or Contact Form

Personal data is collected by us when you provide it to us voluntarily, for example, when you contact us. We will, of course, use the personal data transmitted to us in this way exclusively for the purpose for which you provide it to us when contacting us.
Providing this information is voluntary and initiated by you in these cases. Insofar as this involves information on communication channels (e.g., email address, telephone number), we will use these channels to contact you in accordance with your request.

Purposes of Processing
The purpose of processing your data is to process and respond to your request.

Legal Basis
The legal basis for processing the data you transmit to us in the course of contacting us is Art. 6(1)(f) GDPR. If your request is aimed at concluding a contract, the legal basis is Art. 6(1)(b) GDPR.

Duration of Data Storage
We will delete your data received in the context of contacting us as soon as they are no longer required to achieve the purpose of their collection, i.e., when your request has been fully processed and no further communication with you is necessary or desired by you.
Right to Object, Data Deletion
You can contact us at any time regarding the deletion of the data related to your request. However, we may then not be able to fully process your request.

III. Data Processing of Business Partners

Data Processed
If you contact us, have us prepare an offer, or conclude a contract with us, we process your personal data. In addition, we also process your personal data to comply with legal obligations, to protect a legitimate interest, or on the basis of your consent. We only process personal data that we receive from you.
Depending on the legal basis and the contractual relationship with us, these are the following categories of personal data:

• First name, last name
• Company
• Business address
• Official communication data (telephone, email address)
• Account information, especially registration and logins

Legal Basis
Based on your consent (Article 6(1)(a) GDPR)
If you have given us your consent to the processing of certain personal data, then this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of consent given by you:

• Sending information about our products, services or news.

For the performance of a contract (Article 6(1)(b) GDPR)
We use your personal data for the execution of the contract and for pre-contractual communication.

For the fulfillment of legal obligations (Article 6(1)(c) GDPR)
As a company, we are subject to various legal obligations. In order to comply with these obligations, the processing of personal data may be necessary:

• Prevention/defense of punitive acts (only on an occasion-related basis).
• Retention and storage obligations (§ 257 HGB; § 147 AO).
• Obligations to process customer data (e.g., due to obligations under tax law).

Based on a legitimate interest (Article 6(1)(f) GDPR)
In certain cases, we process your data to protect our legitimate interests:

• Communication with contact persons at the business partners.
• Direct advertising for similar products within the scope of our business relationship.
• Ensuring IT security and IT operations.
• Occasional comparison of first and last names of business contacts with the lists of the EU anti-terror regulations (Regulation (EC) No 881/2002, Regulation (EC) No 2580/2001, so-called anti-terror lists) due to the prohibition of provision according to the EU anti-terror regulation.

How Long Will Your Data Be Stored?
We store your personal data to the extent necessary to fulfill our legal and contractual obligations, including:

• Fulfillment of, e.g., commercial and tax retention obligations. These include, among others, retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
• Preservation of evidence within the framework of the statutory limitation provisions. According to the statutes of limitation of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is 3 years.

Is There an Obligation to Provide Your Personal Data?
In order to enter into a business relationship, you must provide us with the personal data that is required for the implementation of the contractual relationship. If you do not provide us with this data, it will not be possible for us to carry out and process the contractual relationship.

IV. Data Transfers and Recipients

As a rule, your data will not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the performance of a contractual relationship, or you have expressly consented to the transfer of your data in advance.

External service providers and partner companies receive data only to the extent strictly necessary for the respective service. Where service providers process personal data on our behalf and in accordance with our instructions, we conclude data processing agreements with them pursuant to Art. 28 GDPR and require them to implement appropriate technical and organizational measures to protect your data.

Please also note the privacy notices of the respective providers. Where services are provided under the provider’s own responsibility, the respective provider is responsible for its own content and purposes. We review the use of such services, within reasonable limits, for compatibility with the applicable legal requirements. We do not assume any guarantee for the availability, content, or lawfulness of such third-party services or their data processing, insofar as such processing is carried out under the provider’s own responsibility.

V. Data Transfers to Third Countries / International Organizations

We primarily process your personal data within the EU/EEA. If, in individual cases, a transfer to recipients outside the EU/EEA is necessary, for example, to service providers used by us, we ensure in advance that all legal requirements under Art. 44 et seq. GDPR are complied with.

Where no adequacy decision by the European Commission exists pursuant to Art. 45 GDPR, this is generally ensured by concluding EU Standard Contractual Clauses. In individual cases, a transfer may be based on the derogations set out in Art. 49 GDPR, for example, your explicit consent or the necessity of the transfer for the performance of a contract. We will inform you separately in such cases.

Information on specific recipients and countries, as well as copies of the relevant safeguards, will be provided to you upon request. Further details can also be found in the relevant sections of this privacy policy, for example, in relation to individual services.

VI. Your Rights

You have the following rights with regard to the personal data concerning you. To exercise your rights, you may contact us at any time using the contact details provided in this privacy policy, for example, by email or by post.

• Right of access (Art. 15 GDPR): You may obtain information, among other things, about the purposes of processing, categories of personal data, recipients, storage period, source of the data, and your rights.
• Right to rectification (Art. 16 GDPR): Inaccurate or incomplete data will be corrected.
• Right to erasure (Art. 17 GDPR): Data will be erased unless statutory retention obligations or other overriding reasons prevent erasure.
• Right to restriction of processing (Art. 18 GDPR): For example, for the duration of a review period.
• Right to data portability (Art. 20 GDPR): You may receive the data you have provided to us in a structured, commonly used, and machine-readable format and, where technically feasible, have those data transmitted to another controller.
• Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent you have given at any time with effect for the future, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Objection to Processing Based on Art. 6(1)(e) or Art. 6(1)(f) GDPR
Pursuant to Art. 21(1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1)(e) GDPR (task carried out in the public interest) or Art. 6(1)(f) GDPR (legitimate interests); this also applies to profiling based on those provisions.
We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

Objection to Direct Marketing
Where we process personal data for direct marketing purposes, you have the right pursuant to Art. 21(2) GDPR to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
If you object, your data will no longer be processed for direct marketing purposes.

Right Not to Be Subject to a Decision Based Solely on Automated Processing
You have the rights set out in Art. 22 GDPR with regard to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.

Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

VII. Existence of Automated Decision-Making Including Profiling

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place.

VIII. Data Security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

IX. Links to Websites of Other Providers

Our websites may contain links to websites of other providers to which this data protection policy does not extend. Insofar as the collection, processing, or use of personal data is associated with the use of the websites of other providers, please observe the data protection information of the respective providers.

X. Changes to the Privacy Policy

We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations. This Data Protection Information was last modified in May 2026