We take the protection of your personal data very seriously. This Privacy Policy explains how we collect, process, and use your personal data when you visit our website and use our contact form.

Due to the size of our company, we are not required to appoint a data protection officer. For data protection inquiries, please contact us using the contact details provided above.

We process personal data of our users only to the extent necessary to provide a functional website and our services. The processing of personal data occurs regularly only with your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

We process personal data of our users only to the extent necessary to provide a functional website and our services. The processing of personal data occurs regularly only with your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Article 6(1)(a) GDPR (Consent): Where we obtain consent for processing operations, this serves as the legal basis. Article 6(1)(b) GDPR (Contract Performance): Where processing is necessary for the performance of a contract or pre-contractual measures. Article 6(1)(f) GDPR (Legitimate Interests): Where processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms override those interests. Article 6(1)(c) GDPR (Legal Obligation): Where processing is necessary to comply with a legal obligation.

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored beyond this period if required by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for continued storage of the data for the conclusion or performance of a contract.

Each time our website is accessed, our system automatically collects data and information from the accessing computer's system. The following data is collected: - Browser type and version - Operating system used - Referrer URL (the previously visited page) - Hostname of the accessing computer - IP address - Date and time of access - Files accessed on our website

This data is stored in our system's log files. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files occurs to ensure the functionality of the website. Additionally, the data serves to optimize the website and ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context. Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR also lies in these purposes.

Data is deleted as soon as it is no longer necessary for the purpose for which it was collected. When data is collected to provide the website, this is the case when the respective session has ended. Log files are stored for a maximum of 30 days and then automatically deleted.

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, users have no right to object.

A contact form is available on our website for inquiries about our SovereignPath Tool ("Tool"). If you use this form, the data entered in the input mask will be transmitted to us and stored. The following data is collected when you submit the form: - Full name - Business email address - Role/Position - Use case/Message - Date and time of inquiry - IP address (for security purposes) When the message is sent, your consent to the processing of the data is obtained and reference is made to this Privacy Policy.

The legal basis for processing data transmitted when submitting the contact form is: Article 6(1)(a) GDPR if you have given consent Article 6(1)(b) GDPR if the inquiry relates to the initiation or performance of a contract Article 6(1)(f) GDPR for processing based on our legitimate interest in responding to your inquiry and maintaining business relationships

The personal data collected through the contact form is used exclusively to process your inquiry. This includes: - Responding to your specific inquiry - Providing information about our Tool - Preparing potential contract negotiations - Documentation of business correspondence

Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected: Active inquiries/ongoing business relationship: Up to 3 years after the last contact to enable comprehensive support during the sales cycle and potential contract negotiations Inactive inquiries (no response from inquirer): 12 months, then automatic deletion After contract conclusion: In accordance with statutory retention periods (typically 6-10 years pursuant to German Commercial Code (HGB) and German Fiscal Code (AO)) You may revoke your consent to the storage of your data at any time. In such cases, the conversation cannot be continued. All personal data stored during the course of contact will then be deleted, unless statutory retention obligations require continued storage.

Hosting and CRM System: Our website is hosted and operated by onepage.io (operated by Onepage GmbH, Germany). onepage.io also provides the CRM system that processes contact form submissions. onepage.io acts as our data processor pursuant to Article 28 GDPR. All user data is securely stored in Europe in accordance with GDPR. onepage.io's servers are located in Germany. We have concluded a data processing agreement with onepage.io that ensures processing is carried out exclusively according to our instructions and in compliance with GDPR requirements. Methodological partner: We may share your inquiry data with our methodological partner RCLM GmbH (Stralauer Allee 2a, 10245 Berlin) to provide you with comprehensive technical and methodological support for the Tool. RCLM GmbH acts as our data processor pursuant to Article 28 GDPR and processes data exclusively according to our instructions. A data processing agreement has been concluded with RCLM GmbH. Future CRM system: We reserve the right to process your data in additional CRM systems (e.g. HubSpot) in the future to optimize our customer relationship management. Should we implement such systems, we will ensure GDPR compliance through appropriate data processing agreements. Your data will only be processed within the scope of the purposes described in this Privacy Policy.

Data processing by our service providers takes place primarily within the European Union. Where data is processed in third countries (outside the EU/EEA), we ensure an adequate level of data protection through: - Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR) - Adequacy decisions pursuant to Art. 45 GDPR - Additional technical and organizational measures where necessary We do not sell or otherwise disclose your personal data to third parties for their own purposes.

Our website does not use cookies for tracking or marketing purposes. We use Matomo Analytics in a fully cookieless configuration. No cookies are stored on your device, and no personally identifiable information is collected. Technically necessary cookies may be used to ensure essential website functionality (e.g., security features or session handling). These cookies are based on our legitimate interest pursuant to Article 6(1)(f) GDPR in providing a functional and secure website. We reserve the right to use additional cookies and tracking technologies in the future (e.g., for web analytics or marketing purposes). Should we implement such technologies, we will: - Inform you appropriately through an updated Privacy Policy - Obtain your consent where required by law (e.g., through a cookie consent banner) - Provide you with the ability to manage your cookie preferences You can configure your browser to inform you about the placement of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies in certain cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.

We use Matomo Analytics to analyze the use of our website. Matomo is operated in a fully privacy-friendly configuration without cookies and without any user identifiers. The following measures ensure that no personal data is processed: - The IP address is anonymized by removing the last three bytes before any processing (e.g., 192.168.xxx.xxx). - No cookies, browser fingerprints, device IDs, or unique identifiers are generated. - No user profiles are created, and no data is shared with third parties. - All data is stored exclusively on servers within the EU. The processing of anonymous statistical information is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in analyzing website usage and improving our online offering. Because no personal data is collected, no consent is required. We reserve the right to implement web analytics tools in the future to improve our website and better understand user behavior. Should we use such tools, we will: - Inform you through an updated Privacy Policy - Obtain your consent where required by law - Implement appropriate technical and organizational measures to protect your data (e.g., IP anonymization, data processing agreements) - Provide you with an opt-out option

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

You have the right to obtain confirmation as to whether personal data concerning you is being processed by us. If such processing is taking place, you have the right to access the following information: - The purposes of the processing - The categories of personal data being processed - The recipients or categories of recipients to whom your data has been or will be disclosed - The envisaged period for which your data will be stored - The existence of the right to request rectification, erasure, restriction of processing, or to object to such processing - The right to lodge a complaint with a supervisory authority - Where personal data is not collected from you: All available information about the source of the data - The existence of automated decision-making, including profiling

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed, taking into account the purposes of the processing.

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies: - Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed - You withdraw your consent on which the processing is based and there is no other legal ground for the processing - You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing - Your personal data has been unlawfully processed - Your personal data must be erased to comply with a legal obligation Exceptions: The right to erasure does not apply if the processing is necessary: - To comply with a legal obligation - For the establishment, exercise, or defense of legal claims

You have the right to obtain restriction of processing where one of the following applies: - You contest the accuracy of your personal data - The processing is unlawful and you oppose the erasure of your data - We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims - You have objected to processing pursuant to Article 21(1) GDPR pending verification of whether our legitimate grounds override yours

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller where: - The processing is based on consent or on a contract - The processing is carried out by automated means

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (legitimate interests). We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

To exercise any of these rights, please contact us using the contact details provided above.

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR. All decisions regarding inquiries and potential business relationships are made by our employees.

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Security measures include: - SSL/TLS encryption for data transmission - Secure hosting infrastructure within the EU (Germany) - Access controls and authorization concepts - Regular security updates and monitoring - Data processing agreements with all processors

The provision of personal data for accessing our website is neither legally nor contractually required. However, without providing IP address and basic technical data, the technical delivery of our website would not be possible.

The provision of data via the contact form is voluntary. However, if you wish to receive information about our Tool or enter into business discussions with us, providing your contact details (name, email, role) is necessary to process your inquiry and respond to you. Without this data, we cannot process or respond to your inquiry.

We do not use your data for marketing purposes (e.g. newsletters, promotional emails) without your explicit consent. The contact form serves exclusively to answer your specific inquiry and provide information about our Tool.

Our website may contain links to third-party websites. We have no influence on the content and data protection practices of these external pages. Please review the privacy policies of those websites when visiting them.

We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or legal requirements. The current version is always available on our website. We recommend that you review this Privacy Policy regularly.

If you have questions about the processing of your personal data or wish to exercise your rights, please contact us at hello [at] ausblick.capital

ausblick capital GmbH

Stand / Last updated: 02.12.2025