Privacy Policy

We appreciate your interest in using our website. The protection of personal data is our highest priority. Below you will find information about the processing of your personal data and your rights when using our website.

1. Controller

The controller for data processing is:

PrivacyPilot GmbH (hereinafter: “we”)

Adenauerallee 136
D-53113 Bonn
Tel.: +49 (0) 228-504 46 270
Fax: +49 (0) 228-504 46 249

Email: info@privacy-pilot.com

2. Your Data Subject Rights
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), provided that their respective legal requirements are met:

Right of Access (Art. 15 GDPR): You have the right to obtain information about the data processed concerning you.
Right to Rectification (Art. 16 GDPR): You can request the rectification of inaccurate data concerning you. Furthermore, you can request the completion of incomplete data.
Right to Erasure (Art. 17 GDPR): In certain cases, you can request the erasure of your personal data.
Right to Restriction of Processing (Art. 18 GDPR): In certain cases, you can request that the processing of your data be restricted.
Right to Data Portability (Art. 20 GDPR): If you have provided data based on a contract or consent and the processing is carried out by automated means, you can request to receive the data you have provided in a structured, commonly used, and machine-readable format or to have it transmitted to another controller.

Right to Object on a Case-by-Case Basis:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Exercising your rights: To exercise all your aforementioned rights, please contact the address provided under section 1 above. Please ensure that we can clearly identify you.

Right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data violates data protection law, you can also lodge a complaint with a supervisory authority, in particular in the EU Member State or federal state of your habitual residence, place of work, or the place of the alleged infringement.

3. Automated individual decision-making, including profiling
Automated decisions in individual cases, including profiling within the meaning of Article 22 of the GDPR, do not take place in connection with the use of our service.

4. Details on integrated services and functionalities

4.1. Website Provision

Personal data processed:	Date and time of access, duration of visit, type of device, operating system used, functions used, amount of data sent, type of event, IP address, domain name
Purpose(s):	Provision of the website
Legal basis(es):	Art. 6(1)(f) GDPR (balancing of interests). We pursue the legitimate interest of providing our website.
Recipients of personal data:	Hosting provider, internal departments, external service provider for technical support
Third country transfer:	No
Storage duration of personal data:	Deletion immediately after delivery by the web server

4.2. Log files

Personal data processed:	Accessed URL, IP address, time and date of access, amount of data transferred, internet page from which the user accessed the requested page (so-called “referrer”), internet page accessed by the user’s system via our website, http status, information about the browser type and version used, user’s operating system, user’s internet service provider
Purpose(s):	Website improvement, system security (e.g., prevention of misuse), error diagnosis
Legal basis(es):	Art. 6(1)(f) GDPR (balancing of interests). We pursue the legitimate interest in improving the website, system security (e.g., prevention of misuse), and error diagnosis. Art. 6(1)(c) GDPR (fulfillment of legal obligation). This includes disclosures to government agencies upon request.
Recipients of personal data:	Hosting provider, internal departments, external service provider for technical support, government agencies upon request
Third country transfer:	No
Storage duration of personal data:	Deletion 9 weeks after creation

4.3. Contact Form

Personal data processed:	Salutation, first and last name of the contact person, phone number, email address, company/authority and position, content of the message
Purpose(s):	Receiving and processing inquiries, complaints, or other feedback
Legal basis(es):	Art. 6(1)(f) GDPR (balancing of interests). We pursue the legitimate interest in receiving and processing inquiries, complaints, or other feedback. Art. 6(1)(c) GDPR (fulfillment of legal obligation). This includes disclosures to government agencies upon request.
Recipients of personal data:	Hosting provider, internal departments, government agencies upon request
Third country transfer:	No
Storage duration of personal data:	Deletion after final processing of the request
Obligation to provide personal data and consequences of non-provision:	Mandatory fields in the contact form are marked with “*”, other information serves to expedite the processing of your request but is not strictly required.

Status: September 2025