← Back to home

Privacy Policy

Last updated: 16 April 2026

1. Controller

For questions about the processing of your personal data on this website, contact us at [email protected].

2. What data we collect

When you use the audit-request form on this website, we collect:

• Name — to address you personally.
• Email address — to respond to your request.
• Business type — to scope the audit.
• Optional message — to understand your situation.
• Consent record — timestamp and choice.

We also automatically collect technical data (IP address, browser type, referrer, pages visited) when you accept analytics cookies.

3. Why we process your data (legal basis)

• Form submissions — based on your consent (Art. 6(1)(a) GDPR) and pre-contractual measures at your request (Art. 6(1)(b) GDPR).
• Analytics & advertising cookies — based on your consent given via the cookie banner (Art. 6(1)(a) GDPR, §25(1) TTDSG where applicable).
• Essential cookies — based on our legitimate interest in operating the site (Art. 6(1)(f) GDPR).

4. Cookies and tracking

This site uses Google Tag Manager to load Google Analytics 4 and Google Ads conversion tracking. These tools are loaded only after you accept analytics/advertising cookies via the consent banner. Until you accept, Google Consent Mode v2 keeps these signals denied.

You can change your choice at any time by clearing your browser storage for this site.

Third-party services we use

• Google Tag Manager, Google Analytics 4, Google Ads — Google Ireland Ltd. (data may be transferred to the US under Google's Data Privacy Framework certification).
• Google Fonts — fonts are loaded from Google's servers when you visit the site.

5. Sharing your data

We do not sell your personal data. We share it only with:

• Our email/SMTP provider (to deliver the audit request to our inbox).
• Google services listed above (only after you grant consent).
• Authorities, where legally required.

6. How long we keep your data

• Form submissions: up to 24 months after our last contact, then deleted.
• Analytics data: as configured in GA4 (default 14 months).
• Consent records: kept for the duration required to demonstrate compliance.

7. Your rights

Under the GDPR you have the right to:

• Access your personal data and obtain a copy.
• Request rectification of inaccurate data.
• Request erasure ("right to be forgotten").
• Restrict or object to processing.
• Receive your data in a portable format.
• Withdraw consent at any time (without affecting processing prior to withdrawal).
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected].

8. Data security

We use HTTPS, restricted email access, and reputable third-party providers. No method is 100% secure, but we apply reasonable technical and organisational measures.

9. International transfers

Some processors (e.g., Google) may process data outside the EU/EEA. Such transfers rely on Standard Contractual Clauses or adequacy decisions where applicable.

10. Changes to this policy

We may update this policy. Material changes will be reflected by updating the "Last updated" date at the top of this page.

11. Contact

Questions about this policy: [email protected]