1. Controller
The controller responsible for the processing of personal data on this website within the meaning of Article 4 (7) GDPR is:
Andreas Dube, Bad Homburg vor der Höhe, Germany. Email (plain text only — please use the contact form for messages): ai4grc@dube.eu.
Full provider details: see Imprint.
A data protection officer is not designated, as the controller is not required to appoint one under Art. 37 GDPR or §38 BDSG.
2. Overview of processing
We process personal data only where this is necessary to provide a functional website, deliver our content, and respond to enquiries — and only on a documented lawful basis:
- Art. 6 (1) (a) GDPR — consent, for the demo request form and the privacy request form (each gated by a consent checkbox).
- Art. 6 (1) (b) GDPR — pre-contractual measures, where you contact us to evaluate a contract.
- Art. 6 (1) (f) GDPR — legitimate interests, for the secure and stable operation of the website (server logs).
- Art. 6 (1) (c) GDPR — legal obligation, where retention is required by law (e.g. tax records).
3. Website hosting & server logs
This website is hosted by an infrastructure provider with data centres in the European Union.
When you access this website, our hosting provider automatically collects technical access data in server log files: anonymised or shortened IP address, date and time of access, requested URL, HTTP status code, referring URL, user-agent string. These logs are processed solely to ensure operational security and detect abuse, on the basis of our legitimate interests under Art. 6 (1) (f) GDPR. Logs are retained for a maximum of 14 days and then deleted.
4. Fonts
Web fonts (Inter Tight, JetBrains Mono) are served locally from our own infrastructure. No font data is transmitted to Google Fonts, Adobe Fonts, or any other third-party provider when you visit this site.
5. Demo request form
When you submit the demo request form on the home page, the following data is processed: name, work email address, company, optional message, the explicit consent flag, and a timestamp.
The form is operated through Formspree, Inc. (Boston, MA, USA) as our processor. Form submissions are transmitted to Formspree, which then forwards them to our internal mailbox. A data processing agreement under Art. 28 GDPR is in place. The transfer to the USA is safeguarded by EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR).
Lawful basis: your consent under Art. 6 (1) (a) GDPR, and — where the request concerns the evaluation of a contract — Art. 6 (1) (b) GDPR. Retention: request data is retained for up to 12 months after the request is closed, then deleted, unless a contract is initiated. You may withdraw your consent at any time via the privacy request form; withdrawal does not affect the lawfulness of prior processing.
6. Privacy request form
The privacy request form at the end of this page lets you exercise your rights under Arts. 15–22 GDPR. It collects: the request category, your name, your email, your message, the consent flag, and a timestamp.
Processing path is the same as for the demo form: Formspree, Inc. (USA) as processor, SCCs in place, retention limited to what is necessary to handle the request and to meet our accountability obligations under Art. 5 (2) GDPR. We may ask for proof of identity before processing your request, per Art. 12 (6) GDPR.
7. Categories of data, lawful bases, and retention
| Purpose | Data | Basis | Retention |
|---|---|---|---|
| Website operation & security | IP (shortened), user-agent, timestamps, requested URL | Art. 6 (1) (f) | ≤ 14 days |
| Demo request handling | Name, work email, company, message, consent flag | Art. 6 (1) (a) / (b) | ≤ 12 months after closure |
| Privacy request handling | Subject, name, email, message, consent flag | Art. 6 (1) (a), (c) | 3 years (accountability) |
8. Recipients & processors
We do not sell personal data. We share data only with processors who act on our documented instructions under Art. 28 GDPR:
- EU-based hosting provider — website hosting & log infrastructure (data centres in the EU).
- Formspree, Inc., Boston, MA, USA — form submission processing (demo & privacy request forms). SCCs in place.
- EU-based email provider — receipt and storage of submitted enquiries.
9. Third-country transfers
Data submitted via the demo or privacy request form is transferred to the United States, where our form processor (Formspree, Inc.) is established. Transfers are safeguarded under EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR. We have assessed the legal regime of the recipient country (Schrems II transfer impact assessment) and apply supplementary measures as appropriate (TLS in transit, access controls at the recipient).
You acknowledge — by ticking the consent checkbox — that this third-country transfer takes place.
10. Retention periods
We retain personal data only for as long as necessary for the purposes set out in §7, or for as long as required by law (in particular German commercial and tax retention obligations, generally 6 to 10 years for accounting records). After the retention period expires, data is deleted or — where applicable — restricted from further processing.
11. Cookies & tracking
This website does not set any cookies, does not use browser localStorage or sessionStorage for personal data, and does not run any third-party analytics, advertising, or tracking. There is no consent banner because there is nothing to consent to beyond what is strictly necessary to deliver the page you requested.
12. Your rights
Under the GDPR you have the following rights regarding your personal data:
- Right of access (Art. 15) — confirmation as to whether personal data concerning you is processed, and a copy of that data.
- Right to rectification (Art. 16) — correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) — deletion of your data where one of the grounds in Art. 17 (1) applies.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interests, on grounds relating to your particular situation.
- Right to withdraw consent (Art. 7 (3)) — at any time, with effect for the future.
- Right to lodge a complaint with a supervisory authority (Art. 77) — see §13.
To exercise any of these rights, please use the privacy request form below. We respond without undue delay and in any event within one month of receipt (Art. 12 (3) GDPR).
13. Supervisory authority
The competent supervisory authority for the controller is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Phone: +49 611 1408-0
Web: datenschutz.hessen.de
14. Automated decision-making
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our processing or in applicable law. The "Last updated" date at the top of this page indicates the current version. Material changes will be flagged where they affect existing data subjects.
16. Submit a privacy request
Use this form to exercise any of your rights under §12, to withdraw consent, or to ask a privacy-related question. All submissions are routed through Formspree (see §6) and reach our designated privacy mailbox.