Roles
For visitors of this site we are usually the controller. For data processed on behalf of a client on a client website, we may be processor or sub-processor depending on the agreed scope, access and client instructions.
Instructions and confidentiality
When acting as processor, we process data only under documented client instructions unless law requires otherwise. Access is limited to persons who need it for delivery, support, security or maintenance.
Safeguards
We use access controls, role-based permissions, CSRF protection, password hashing, email verification, security headers, backups, audit logs, restricted admin updater, segmented admin functions, anti-spam and reasonable data minimization.
Sub-processors
Hosting, email, domains, DNS, card payments, banks, accounting, analytics, anti-spam, backup, monitoring and AI integrations may use sub-processors. The client should notify us if it has restrictions for specific vendors or processing countries.
Transfers and documentation
Where international transfer exists, contractual, technical and organizational measures required by applicable laws apply, including standard contractual clauses or another valid mechanism where needed.
Assistance with user requests
When acting as processor, we assist the client within a reasonable scope with data subject requests, incidents, risk assessments, data export, deletion and restriction, according to the agreement and technical possibilities.
Incidents
In case of a security incident we assess risk, limit impact, preserve relevant logs and notify the client or relevant parties where required by law or agreement.
Deletion and return
After service termination we return, export, delete or keep data according to the agreement, legal obligations, backup cycles and legitimate need to evidence delivered service or protect the system.
This document is an operational site policy and is not a substitute for individual legal advice. It should be periodically legally reviewed for specific jurisdictions, payment processors, hosting, domains, AI integrations and actual business processes.