Data Protection

Privacy Policy

Information pursuant to Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

1. Data Controller

The entity responsible for the processing of personal data on this website (the "controller" within the meaning of Art. 4 No. 7 GDPR) is:

Siegert Consulting s.r.o.

Roháčova 145/14, Žižkov

130 00 Praha 3

Czech Republic

Email: info@siegert-consulting.de

Managing Director: Marc Siegert

For all questions relating to the processing of your personal data, you may contact us at any time using the contact details above. We do not have a designated data protection officer, as we are not required to appoint one under Art. 37 GDPR.

2. Overview of Data Processing

The following table provides an overview of the categories of personal data processed on this website, the purposes of processing, and the applicable legal bases under Art. 6 GDPR.

Processing Activity Data Category Legal Basis
Hosting / server logs IP address, browser data, timestamps Art. 6(1)(f) GDPR
External CDN resources IP address, browser data Art. 6(1)(f) GDPR
Email contact Name, email address, message content Art. 6(1)(b) / (f) GDPR
Contact form Name, email address (client-side only) Art. 6(1)(b) GDPR
Analytics / tracking See Section 8 To be completed

3. Web Hosting

Action required: Insert your hosting provider's name, address, and a reference to their data processing agreement (Art. 28 GDPR) or privacy policy here.

This website is hosted by [HOSTING PROVIDER NAME, ADDRESS]. When you visit this website, your browser automatically transmits data to the hosting server, including your IP address, the type and version of your browser, the operating system you are using, the referring URL, the pages you access, and the date and time of access.

This data is processed on the legal basis of Art. 6(1)(f) GDPR. Our legitimate interest is to ensure the technical operation, availability, and security of the website. The data is deleted as soon as it is no longer required for the purpose for which it was collected.

We have concluded a data processing agreement (Auftragsverarbeitungsvertrag, AVV) with our hosting provider pursuant to Art. 28 GDPR.

4. External Resources (Content Delivery Network)

This website loads the Tailwind CSS styling framework from the external content delivery network (CDN) operated by Tailwind Labs Inc. (USA) at cdn.tailwindcss.com. When your browser loads this resource, it automatically transmits your IP address and browser information to the CDN provider's servers.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest is the efficient delivery and correct rendering of the website.

Transfer to third countries: Tailwind Labs Inc. is based in the United States. Data transfers to the USA are carried out on the basis of the EU–US Data Privacy Framework (DPF) or on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. We recommend verifying the current transfer mechanism in Tailwind Labs' privacy policy. To avoid this third-party transfer entirely, we recommend serving Tailwind CSS as a local file in production.

5. Server Log Files

The web server automatically records access data in server log files each time the website is visited. This data includes:

  • IP address of the requesting device
  • Date and time of the request
  • URL of the requested resource
  • HTTP status code and volume of data transferred
  • Browser type, version, and operating system
  • Referring URL (the page from which the request originated)

Purpose: Ensuring the technical operation, availability, and security of the website; detecting and investigating misuse or attacks.

Legal basis: Art. 6(1)(f) GDPR. The legitimate interest lies in the secure and stable operation of the website.

Retention period: Server log files are generally retained for a period of up to 30 days and are then deleted, unless a longer retention period is required for the investigation of a specific security incident.

Note: IP addresses are personal data to the extent that they permit identification of a natural person. This website does not merge IP address data from log files with any other data sources.

6. Contact by Email

If you contact us by email (e.g. at info@siegert-consulting.de), we will process the personal data contained in or attached to your message — in particular your name and email address — for the purpose of processing and responding to your enquiry.

Legal basis: If your message relates to a pre-contractual or contractual matter, Art. 6(1)(b) GDPR applies. In all other cases, the legal basis is Art. 6(1)(f) GDPR — our legitimate interest in answering enquiries addressed to us.

Retention period: Your email correspondence will be retained for as long as necessary to process your enquiry and to fulfil any follow-up obligations. Where commercial or tax law requires longer retention, the statutory periods apply (typically 6–10 years under applicable law).

Objection: You may object to the processing at any time insofar as the processing is based on Art. 6(1)(f) GDPR and your specific situation justifies an objection. Please note that this may prevent us from further processing your enquiry.

7. Contact Form

The website features a consultation request form with input fields for your name and email address. This form does not submit data directly to a server. When you click the "Request Executive Briefing" button, your email client is opened with a pre-composed subject line; the data you entered in the form fields is not automatically transmitted to us and is not stored on any server.

Any personal data you subsequently transmit via your email client is processed in accordance with Section 6 (Contact by Email) above.

8. Analytics & Tracking

Action required — complete this section before publishing. You indicated that the website uses one or more third-party analytics or tracking tools. For each tool, add a sub-section covering:

  1. Name and provider of the tool
  2. Purpose and data collected (e.g. page views, session duration, IP address)
  3. Legal basis — if consent-based (Art. 6(1)(a) GDPR), add a cookie banner / consent management platform
  4. Retention period and anonymisation / pseudonymisation measures
  5. Opt-out mechanism or link to provider's privacy policy
  6. Transfer to third countries (if applicable)
  7. Reference to data processing agreement (Art. 28 GDPR)

Common tools and their privacy policy URLs for reference: Google Analytics 4 – policies.google.com/privacy | Matomo (self-hosted) – matomo.org/privacy-policy | Plausible Analytics – plausible.io/privacy

9. Your Rights as a Data Subject

Pursuant to the GDPR and the German Federal Data Protection Act (BDSG), you have the following rights with respect to your personal data. To exercise any of these rights, please contact us using the details in Section 1.

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we are processing personal data about you and, if so, to receive a copy of that data along with information on the purposes of processing, the categories of data, the recipients, the retention periods, and the existence of automated decision-making.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data concerning you without undue delay.

Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, where you have objected and there are no overriding legitimate grounds for processing, or where the data has been unlawfully processed.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your data where you contest its accuracy, where processing is unlawful but you oppose erasure, where we no longer need the data but you require it for legal claims, or where you have objected to processing pending verification of whether our legitimate grounds override yours.

Right to Data Portability (Art. 20 GDPR)

Where processing is based on your consent (Art. 6(1)(a) GDPR) or on a contract (Art. 6(1)(b) GDPR) and carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Object (Art. 21 GDPR)

Where processing is based on Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. We will then cease to process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time. Following your objection, your data will no longer be used for this purpose.

Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Rights in Relation to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This website does not carry out automated individual decision-making or profiling.

Response time: We will respond to requests to exercise the above rights without undue delay and in any event within one month of receipt, as required by Art. 12(3) GDPR. This period may be extended by a further two months where necessary due to the complexity or number of requests; we will notify you of any such extension within one month of receipt of the request.

10. Right to Lodge a Complaint

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

Lead Supervisory Authority (Hauptaufsichtsbehörde)

As Siegert Consulting s.r.o. is established in the Czech Republic, the lead supervisory authority under the GDPR's one-stop-shop mechanism (Art. 56 GDPR) is:

Úřad pro ochranu osobních údajů (ÚOOÚ)

Czech Data Protection Authority

Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

Web: www.uoou.cz

Email: posta@uoou.cz

German Supervisory Authorities

Data subjects in Germany may also lodge a complaint with the supervisory authority competent for their place of residence or place of work. A list of all German data protection supervisory authorities is available at:

www.bfdi.bund.de

11. Data Security

This website uses TLS (Transport Layer Security) encryption for all data transmissions (recognisable by the https:// prefix and the padlock icon in your browser). This ensures that data you transmit to this website — such as email addresses entered in the contact form — cannot be read by third parties in transit.

We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

12. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in the law, regulatory guidance, or our data processing practices. The current version is always available on this page. We recommend that you review this Privacy Policy periodically. Material changes will be communicated via a notice on the website homepage.

Last updated: June 2026