Legal

Privacy Policy

Last Updated: January 24, 2026

This Privacy Policy applies to the website https://www.datenstrom-3ag.com/ and describes how we collect, use, process, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

1. Data Controller

DatenStrom-3AG Solutions UG (haftungsbeschränkt)
Kolonnenstraße 8
10827 Berlin
Germany

Managing Director (Geschäftsführer): Arjhun Mohanarangam
Email: info@datenstrom-3ag.com
Company Registration: HRB 262179 B

2. General Information on Data Processing

2.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website, our content, and services. Personal data is processed only with your consent or when permitted by law.

2.2 Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR): You have given explicit consent for specific purposes
  • Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary to fulfill our contractual obligations or take pre-contractual steps
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing is required to comply with legal requirements
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for our legitimate business interests

2.3 Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Specific retention periods are outlined in the respective sections below.

2.4 Data Deletion

Personal data will be deleted or anonymized when no longer needed for the purposes collected, unless legal retention obligations require continued storage (e.g., 10-year retention requirement for accounting documents under German commercial and tax law).

3. Website Data Collection

3.1 Access Logs and Technical Data

When you visit our website, our web server automatically collects and stores the following information:

  • IP address (anonymized after session)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Requested pages and files
  • HTTP status code
  • Data volume transferred

Purpose: System security, technical administration, and error analysis.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) for maintaining the security and functionality of our website.
Retention Period: Log files are automatically deleted after 7 days, except where required for security investigations.

3.2 Cookies and Cookie Banner

Our website uses CookieHub to manage your cookie preferences. When you first visit our website, a cookie banner appears allowing you to accept or decline optional cookies.

Types of Cookies We Use:

  • Strictly Necessary Cookies: Essential for website operation (e.g., session management, security, cookie preferences)
  • Analytics Cookies (Google Analytics 4): Help us understand website usage and visitor behavior (only activated with your consent)

Cookie Management: You can change your cookie preferences at any time through the cookie settings available on our website or by configuring your browser to refuse cookies. However, some website features may not function properly without necessary cookies.

Legal Basis:
Necessary cookies: Legitimate interests (Art. 6(1)(f) GDPR)
Analytics cookies: Your consent (Art. 6(1)(a) GDPR) via CookieHub

3.3 Google Analytics 4

With your consent obtained through our CookieHub banner, we use Google Analytics 4 (GA4) to analyze how visitors use our website.

Data Collected: Pages visited, Country/region of origin, Session duration, Device/browser data, Anonymized IP addresses.

Purpose: Understanding website usage patterns to improve our services and user experience.
Legal Basis: Consent (Art. 6(1)(a) GDPR). GA4 is blocked until you provide consent through CookieHub.
Data Recipient: Google LLC (USA) and Google Ireland Limited (Ireland).
Opt-Out: You can withdraw consent at any time through our cookie settings or by adjusting your browser settings.

3.4 Contact Form

When you submit the contact form on our website, we collect Name, Email address, Company name, Message content, Date/time.

Purpose: To respond to your inquiries.
Legal Basis: Pre-contractual measures (Art. 6(1)(b) GDPR) or consent.
Retention Period: Duration of inquiry/business relationship + 3 years.

4. Client and Contract Data Processing

4.1 Client Account and Communication Data

When you become a client, we process company details, contact person info, tax info, and project requirements.

Purpose: Contract execution, project delivery, compliance.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR), Legal obligations (Art. 6(1)(c) GDPR).
Retention Period: Duration of relationship + 10 years (statutory).

4.2 Project Communication

We process communications via email, phone, video conferencing involving content, attachments, and meeting notes.

Purpose: Project execution and documentation.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR).
Retention Period: Duration of project + 3 years.

5. Invoicing and Payment Processing

5.1 Zoho Books (Invoicing)

We use Zoho Books to generate invoices. Data processed includes company name, contact details, invoice amounts.
Legal Basis: Contract performance, Legal obligations.

5.2 Payment Methods

  • Stripe: Payment card data processed directly by Stripe. Privacy Policy
  • PayPal: Payment data processed directly by PayPal. Privacy Policy
  • Bank Transfer: Processed by respective banks.

6. Third-Party Services and Data Transfers

6.1 Web Hosting (Hostinger): Hosted in India. Data transfer safeguarded by EU Standard Contractual Clauses (SCCs). Agreement pursuant to Art. 28 GDPR concluded.

6.2 Email Services (Google Workspace): Hosted globally. Safeguarded by EU SCCs.

6.3 Sub-Processors: Hostinger uses AWS, Google Cloud, Cloudflare.

7. Data Security

We implement SSL/TLS encryption, access controls, regular updates, employee training, and encrypted storage. In case of a breach, we notify supervisory authorities within 72 hours.

8. Your Rights Under GDPR

  • 8.1 Right of Access (Art. 15 GDPR)
  • 8.2 Right to Rectification (Art. 16 GDPR)
  • 8.3 Right to Erasure (Art. 17 GDPR)
  • 8.4 Right to Restriction of Processing (Art. 18 GDPR)
  • 8.5 Right to Data Portability (Art. 20 GDPR)
  • 8.6 Right to Object (Art. 21 GDPR)
  • 8.7 Right to Withdraw Consent (Art. 7(3) GDPR)
  • 8.8 Right to Lodge a Complaint (Art. 77 GDPR) - Berlin Supervisory Authority

9. Exercising Your Rights

To exercise any of your rights, please contact us at: info@datenstrom-3ag.com or via post at Kolonnenstraße 8, 10827 Berlin, Germany.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy. The "Last Updated" date indicates the most recent revision. Material changes will be communicated via email or website notice.