Privacy Policy

The data controller within the meaning of the GDPR is Vardell (hereinafter referred to as "we" or "us"). Contact details can be found in the imprint of this website.

For questions regarding data protection or to exercise your data subject rights, you may contact us at any time via email.

This website serves to present our consulting services in the field of risk and security advisory. We process personal data only to the extent necessary and in accordance with applicable data protection laws, in particular the GDPR.

We do not process special categories of personal data (Article 9 GDPR) through this website and do not engage in automated profiling.

This website is hosted on the platform of Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Each time you access our website, the hosting provider automatically collects technical access data necessary for the proper operation of the website.

This access data includes: IP address (anonymized), date and time of access, pages and resources accessed, amount of data transferred, browser type and version, operating system, referrer URL, and the requesting provider.

Processing is based on our legitimate interest in securely and efficiently providing our website (Article 6(1)(f) GDPR). Vercel is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection. More information: vercel.com/legal/privacy-policy and vercel.com/legal/dpa.

Server log files are processed by Vercel to ensure system security and stability. This data is not merged with other data sources and is automatically deleted after a maximum of 30 days.

We collect personal data only when you voluntarily provide it to us, for example when contacting us via email or through our contact form.

The following data may be processed:

This data is processed to handle your inquiry and, where applicable, to initiate or perform a contractual relationship (Article 6(1)(b) GDPR) or based on your consent (Article 6(1)(a) GDPR).

• Name and contact details (email address, phone number if applicable)
• Content of your message or inquiry
• Company or organization (if provided)
• Communication history in connection with an inquiry or engagement

We process your personal data on the following legal bases under the GDPR:

• Consent (Article 6(1)(a) GDPR): When you have given us your explicit consent to process your data.
• Contract Performance (Article 6(1)(b) GDPR): When processing is necessary for the performance of a contract or for pre-contractual measures.
• Legitimate Interest (Article 6(1)(f) GDPR): When processing is necessary for the purposes of our legitimate interests and your interests or fundamental rights do not override. Our legitimate interests include providing and optimizing our website and communicating with prospects and clients.
• Legal Obligation (Article 6(1)(c) GDPR): When processing is necessary to comply with a legal obligation to which we are subject.

Your personal data will only be disclosed to third parties if this is necessary for contract performance, you have given your express consent, or we are legally obligated to do so.

We use the following categories of processors:

We have concluded contracts with our processors in accordance with Article 28 GDPR to ensure the protection of your data. We do not sell your data to third parties and do not use it for advertising purposes.

• Hosting Provider: Vercel Inc. (USA) – for the technical provision of the website
• Email Services: For communication with clients and prospects

Through the use of Vercel as our hosting provider, data is transferred to the USA. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF), which has been recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision of July 10, 2023).

Additionally, Vercel has integrated Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR into its Data Processing Agreement (DPA) to ensure the protection of personal data when transferred to third countries.

For more information on Vercel's DPF certification, visit: dataprivacyframework.gov/list

This website does not use marketing or tracking cookies. No third-party analytics tools such as Google Analytics are employed.

Technically necessary cookies may be used that are required for the basic functionality of the website. These serve exclusively for technical provision and do not store personal data for tracking purposes.

Technically necessary cookies are set based on our legitimate interest (Article 6(1)(f) GDPR) in a functional website. You can configure your browser to be notified when cookies are set.

Under the GDPR, you have the following rights regarding your personal data:

To exercise your rights, you may contact us at any time. We will process your request promptly, and no later than within one month.

Right to Lodge a Complaint with a Supervisory Authority: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

• Right of Access (Article 15 GDPR): You may request information about the personal data we process about you.
• Right to Rectification (Article 16 GDPR): You may request the correction of inaccurate data or the completion of incomplete data.
• Right to Erasure (Article 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
• Right to Restriction of Processing (Article 18 GDPR): You may request the restriction of processing of your data.
• Right to Data Portability (Article 20 GDPR): You may request that we provide you with your data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21 GDPR): You may object at any time to the processing of your data based on Article 6(1)(f) GDPR.
• Right to Withdraw Consent (Article 7(3) GDPR): You may withdraw any consent you have given at any time with effect for the future.

We store your personal data only for as long as necessary for the respective processing purposes or as required by statutory retention obligations.

Data from contact inquiries is deleted after completion of processing and expiry of any warranty periods, unless statutory retention obligations apply. Engagement-related documents are generally subject to a retention period of 6 to 10 years in accordance with commercial and tax regulations.

Server log files are automatically deleted after a maximum of 30 days.

We employ appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or alteration.

These measures include: encrypted data transmission via TLS/HTTPS, encryption of data at rest (AES-256), access controls and authentication, and regular security reviews.

Our hosting provider Vercel holds SOC 2 Type 2 and ISO 27001:2022 certifications and supports GDPR compliance. More information: vercel.com/docs/security/compliance

We reserve the right to update this Privacy Policy as necessary to reflect changes in legal requirements or modifications to our services or data processing practices. The current version is always available on this website.

In case of material changes, we will inform you in an appropriate manner. The date of the last update can be found at the beginning of this Privacy Policy.

For questions regarding data protection, the processing of your personal data, or to exercise your data subject rights, you may contact us at any time.

We will carefully review your request and process it as quickly as possible.