Privacy Policy

This version is valid from: May 15, 2021

When does this Privacy Notice apply?

This Privacy Notice describes how we, as a controller, collect, use and share your personal data. It applies to personal data you voluntarily provide to TechGDPR, or is automatically collected by TechGDPR. 

Who we are

The company operating, its associated websites and social media accounts is TechGDPR DPC GmbH, Heinrich-Roller Str. 15, 10405 Berlin, Germany (“TechGDPR”, “we”, “us”, “our”). Any data protection related questions you might have about how we handle your personal data or if you wish to exercise your data subject rights, please contact us by post or at

What data we collect and for what purpose 

TechGDPR collects data voluntarily provided to TechGDPR by clients, website visitors and candidates applying for open job positions. TechGDPR processes Personal Data as described below:

1. Statistical data

TechGDPR collects anonymous statistical data about the use of its website to optimise its online presence and for marketing and sales purposes. No cookies are being stored on your device, and only the first 2 bytes of your IP address are being stored (e.g. 200.100.x.x). The data is collected on servers operated by TechGDPR in the European Union. This data is not governed by the GDPR as it is anonymous. You may further opt-out of tracking by enabling the Do-Not-Track option in your browser. Visit to learn how.

2. Information provided by you through web forms, through voice conversations such as phone, videoconferencing and during in-person meetings.

Through web forms on our contact page and on in-page ‘call to action’ forms, we collect your company name, first name, last name, email address and phone number. We process this information for the purpose of the performance of a contract, or in the preparatory stage of entering into a contract as laid out in Art 6(1)(b) of the GDPR. As you actively request us to contact you for more information about our products and services, we will need to record this data to be able to effectively communicate with you for this purpose. This information is submitted to a server operated by TechGDPR, from which it will be deleted 25 months after the last contact we had with you, unless you become a client and we will need to retain your information for other reasons. This information is not shared outside of our organization, and is stored on servers within the European Union.

3. Engage our services

TechGDPR may collect personal information provided by the clients for the purposes of the performance of a contract, Art 6(1)(b) GDPR. The information we may collect is first name, last name, company name, email address, phone number, picture, position and role and invoicing information such as bank details and VAT number. We also process the feedback you give to help us assess the quality of our service provision and guide our decision making (quality management). We carry out this processing in our legitimate interests as per Art 6(1)(f) GDPR.

We store this information for two years after the end of our DPO and consulting contract. 

4. Keeping you informed about privacy and GDPR in technology.

When filling out a webform or through other methods and communication you also have the choice to sign up for our marketing communication by selecting the appropriate, optional tick box for this purpose. We only add you to our mailing list once you have passed the double-opt in. The processing of your name and email for this particular purpose are based on your consent Art 6(1)(a) GDPR, which you can revoke at any time. We will continue to process your personal data for this purpose until you revoke this consent by either clicking the ‘unsubscribe’ button, or contact us by post or at to revoke your consent  or request we unsubscribe you. However, should another legal base exist for us to process your data, (as outlined above under 2. or 3. for example, should we require your email address in the scope of contract negotiation), we will continue to process your personal data for those purposes.

5. Server administration

Your IP address and your page requests are stored in log files for a duration of maximum 14 days on our servers for the reason of preventing fraud, abuse, and security incidents, as well as monitoring the performance of our servers. After 14 days, these log files will be automatically deleted. We carry out this processing and data retention in our legitimate interest as laid out in Art 6(1)(f) for the GDPR. 

6. Internal communication required to deliver services

Internally, we use Google Workspace for our email service, calendar and internal document management. We also use it to communicate and provide our services to our clients, we then collect the client’s name, title and email address. 

We use Slack to communicate as a team and generally to improve our response time to client needs. Signed clients can also choose to communicate with us through Slack. The data collected in the scope of this communication is legitimised under performance of a contract as laid out under Art (6)(1)(b) of the GDPR. You can learn more about Slack’s ISO 27001 and ISO 27018 certifications, security policies and procedures on their security page.

Data processed on Slack and GSuite is deleted within 25 months after the end of our engagement with you.
More information around data transfers out of the EEA or to non adequate countries can be found below in the section Security and International Data Transfers.

7. Collection of statistical information through surveys

From time to time, we carry out surveys and questionnaires among specific or broad groups of companies which help us better understand the market, the compliance situation of our target industries and their specific concerns. The data collected in these surveys may contain personal or pseudonymous elements which ensure de-duplication and prevent skewed results. This processing is carried under legitimate interest, as laid out in Art 6(1)(f) of the GDPR. We however separate and where possible remove personal elements from these data sets at the earliest convenience and only do our analysis and reporting on anonymized data sets. We never use such results to target you for sales or marketing reasons and do not share these details outside of our organization. We only use the anonymized data sets to derive aggregate insights from anonymous reports. If you elect to leave your contact details in such surveys we will only use them for the specifically-indicated purpose. Any personal data purposefully given is considered consent as in Art 6(1)(a) of the GDPR and can be revoked at any time by contacting us.

8. Application for a job or internship

We collect information via email or through public sources such as LinkedIn from candidates who apply for the vacancies we regularly advertise. This collection serves the purpose of selecting the right candidate for job offers based on education, work experience and skill set. This may include information such as your name, surname, email address, phone number, birth date, identification number, address, CV, picture, cover letter, work history, experience, academic records and references. The application is submitted by emailing us and additional information can be collected depending on the stage of the recruitment process you are in. The legal basis for collecting personal information is the performance of a contract as laid out in Art 6(1)(b) of the GDPR and §26(1) of the German Federal Data Protection Act, the BDSG. The personal data is stored for 6 months under our legitimate interest to defend ourselves against legal claims, as per Art 6(1)(f) of the GDPR. 

Ensuring compliance

TechGDPR is under obligation to comply with all applicable laws and regulations, including, but not limited to those of the European Union, Germany and the state of Berlin. For this reason we may have to collect, process and retain your details for an extended period of time as a legal obligation (Art 6(1)(c) GDPR).

Information required to track your choices and consent regarding the processing (or use) of your Personal Data or reception of marketing materials is stored to ensure compliance with the GDPR. 

Security and international data transfers 

We use third party software across several countries, personal data may therefore be transferred to a country outside the EU/EEA. To protect your personal data, we enter into data protection agreements and maintain both technical and organisational safeguards around the processing of your data. 

The Standard Contractual Clauses we rely on can be provided on request by reaching out to

Why am I required to provide Personal Data?

As a general principle, providing personal information and granting consent for our use of this information is done entirely on a voluntary basis. Choosing not to consent or provide personal data is generally not detrimental. However, there are circumstances in which TechGDPR cannot take action without specific data. This is the case, for instance, when data is required to process your order, fulfil a contact request, or provide you with access to a service or newsletter. 

Who your data is made accessible to

TechGDPR hosts the majority of its services and systems itself on servers within the EU. We use a transactional email provider and a mailing list service, both located in the EU to deal with our mailing needs.

In the case your personal details are visible on an incoming or outgoing invoice, they may also be transmitted to our tax advisor as well as to the financial authorities (German Finanzamt).

Your rights as a data subject

At any time, you can request from TechGDPR to receive information about which personal data TechGDPR processes about you. You can also request the correction or deletion of such personal data. Please note, however, that TechGDPR can delete your personal data only if there is no statutory obligation or prevailing obligation on TechGDPR to retain it.

If TechGDPR uses your personal data based on consent or the performance of a contract, you may also request a copy of the personal data that you have provided to TechGDPR. To do so, please contact us at and specify the information or processing activities to which your request relates. 

Furthermore, you can request that we restrict your personal data from any further processing if:

  • You are contesting the accuracy of the data we hold about your, for as long as we need to verify this claim.
  • If you believe the processing of the data is unlawful, but you oppose the erasure of the data and request restriction of processing instead.
  • If we no longer need your data for the original purpose, but you need them for the establishment, exercise or defense of legal claims.
  • If you have objected to the use of your data, while we evaluate if our legitimate grounds for processing your data override yours, as required by Art 21 of the GDPR.

Please direct any such request to

Your right to lodge a complaint

We encourage you to contact us at if you have any privacy related concern. Should you disapprove of the response we have provide you, you have the right to lodge a complaint with our supervisory authority, or with the data protection authority of the European member state you live or work in. The details of the supervisory authority responsible for Berlin, Germany, are:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219
10969 Berlin
Phone: 030/138 89-0

Use of this website by children

This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.

Links to other websites

This website may contain links to external websites(i.e. non-TechGDPR companies and organisation). TechGDPR is not responsible for the privacy practices or the content of those websites. We therefore recommend that you familiarize yourself with privacy practices of these organizations by reading their privacy notices.

Changes to this Privacy Policy

We may modify this privacy policy at any time to comply with legal requirements as well as developments within our organization. When we do, we will revise the date and version at the top of this page. Each visit or interaction with our Services will be subject to the new privacy policy. We encourage you to regularly review our privacy policy to stay informed about our data protection policy. Unless, we implement profound changes that we proactively notify you about, you acknowledge that it is your responsibility to review our privacy policy to be aware of modifications.