LEGAL DOCUMENTATION

Privacy Policy

Last Updated: May 27, 2026. This policy outlines our commitment to data protection standards and the transparency of our data operations under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Privacy Policy Banner
01

Data Controller

DatenStrom-3AG Solutions UG (haftungsbeschränkt) is the controller responsible for collecting, processing, and protecting your personal data on this website.

DATA CONTROLLER DETAILS
DatenStrom-3AG Solutions UG (haftungsbeschränkt)
Kolonnenstraße 8
10827 Berlin
Germany

Managing Director (Geschäftsführer): Arjhun Mohanarangam
Email: info@datenstrom-3ag.com
Company Registration: HRB 262179 B
02

General Info

General frameworks and rules governing our storage retention schedules, scope, and legal compliance.

2.1 Scope of Processing
We process personal data of our users only to the extent necessary to provide a functional website, our content, and services. Personal data is processed only with your consent or when permitted by law.
2.2 Legal Basis (Art. 6(1) GDPR)
  • Consent (a): Explicit agreement for specific purposes.
  • Contract Performance (b): Required to fulfill contract terms or take pre-contractual steps.
  • Legal Obligation (c): Required to comply with statutory legal requirements.
  • Legitimate Interests (f): Required for our legitimate business interests.
2.3 Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Specific retention periods are outlined in the respective sections below.
2.4 Data Deletion
Personal data will be deleted or anonymized when no longer needed, unless legal retention obligations require continued storage (e.g., 10-year retention requirement for accounting documents under German commercial and tax law).
03

Website Data

We capture necessary telemetry, logs, contact forms, and analytical statistics to keep our digital platforms running securely.

3.1 Access Logs and Technical Data
When visiting our site, our web server collects: IP address (anonymized after session), date and time of access, browser type and version, operating system, referrer URL, requested pages and files, HTTP status code, and data volume transferred.

Purpose: System security, technical administration, and error analysis.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Retention Period: Log files are automatically deleted after 7 days, except where required for active security investigations.
3.2 Cookies and Cookie Banner
We use CookieHub to manage preferences. A banner appears allowing you to accept or decline optional cookies.

Types We Use:
  • Strictly Necessary: Session management, security, and cookie settings consent preferences (Legitimate interests, Art. 6(1)(f) GDPR).
  • Analytics: Google Analytics 4 (Your consent, Art. 6(1)(a) GDPR via CookieHub).
3.3 Google Analytics 4
With your consent via CookieHub, we use GA4 to analyze traffic.

Data: Pages visited, Country/region of origin, Session duration, Device/browser data, Anonymized IP addresses.
Legal Basis: Consent (Art. 6(1)(a) GDPR). GA4 is blocked until consent is given.
Recipient: Google LLC (USA) and Google Ireland Limited (Ireland). You can withdraw consent via cookie settings.
3.4 Contact Form
When submitting our contact form, we collect: Name, Email address, Company name, Message content, and Date/time.

Purpose: To respond to your inquiries.
Legal Basis: Pre-contractual measures (Art. 6(1)(b) GDPR) or consent.
Retention Period: Duration of inquiry/business relationship + 3 years.
04

Client & Contract

Processing essential customer accounts and communication details to deliver design and engineering services.

4.1 Client Account and Communication Data
When you become a client, we process company details, contact person info, tax info, and project requirements.

Purpose: Contract execution, project delivery, and compliance.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR) and Legal obligations (Art. 6(1)(c) GDPR).
Retention Period: Duration of relationship + 10 years (statutory).
4.2 Project Communication
We process communications via email, phone, or video conferencing involving content, attachments, and meeting notes.

Purpose: Project execution and documentation.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR).
Retention Period: Duration of project + 3 years.
05

Invoicing & Payments

Financial invoicing records are processed to execute contracts and secure project transactions.

5.1 Zoho Books (Invoicing)
We use Zoho Books to generate invoices. Data processed includes company name, contact details, and invoice amounts.

Legal Basis: Contract performance (Art. 6(1)(b) GDPR), Legal obligations (Art. 6(1)(c) GDPR).
5.2 Payment Methods
  • Stripe: Payment card data is processed directly by Stripe. See Stripe's Privacy Policy.
  • PayPal: Payment data is processed directly by PayPal. See PayPal's Privacy Policy.
  • Bank Transfer: Transactions are processed by the respective corporate and commercial banks.
06

Third-Party

To operate our website and services, we transfer certain data to third-party sub-processors under strict safety guidelines.

6.1 Web Hosting (Hostinger)
Our website is hosted with Hostinger on servers located in India. Data transfers are safeguarded by EU Standard Contractual Clauses (SCCs). A data processing agreement pursuant to Art. 28 GDPR has been concluded.
6.2 Email Services (Google Workspace)
We use Google Workspace for email communications. Mail routing is hosted globally and safeguarded by EU SCCs.
6.3 Sub-Processors
Hostinger utilizes reliable infrastructure vendors including Amazon Web Services (AWS), Google Cloud, and Cloudflare to guarantee performance and security.
07

Data Security

Ensuring data integrity and preventing unauthorized modification or interception of visitor metrics.

We implement technical and organizational measures such as SSL/TLS encryption, role-based access controls, regular platform updates, employee training, and encrypted storage.

In case of a personal data breach, we will notify the competent supervisory authorities within 72 hours in compliance with legal requirements.
08

Your Rights

You hold the sovereign right to inspect, edit, delete, or withdraw consent for any personal records stored on our servers.

8.1 Right of Access (Art. 15 GDPR): Inspect and request copies of your stored personal records.
8.2 Right to Rectification (Art. 16 GDPR): Correct incorrect or incomplete personal details.
8.3 Right to Erasure (Art. 17 GDPR): Request complete deletion of your personal records.
8.4 Right to Restriction of Processing (Art. 18 GDPR): Ask us to limit processing operations.
8.5 Right to Data Portability (Art. 20 GDPR): Export data in a structured, machine-readable format.
8.6 Right to Object (Art. 21 GDPR): Oppose processing based on legitimate business interests.
8.7 Right to Withdraw Consent (Art. 7(3) GDPR): Revoke consent for data operations at any time.
8.8 Right to Lodge a Complaint (Art. 77 GDPR): Contact the Berlin Supervisory Authority.
09

Exercising Rights

Submit inquiries regarding your rights or company details directly to our point of contact.

To exercise any of your rights, please contact us at: info@datenstrom-3ag.com or via post at:
DatenStrom-3AG Solutions UG (haftungsbeschränkt), Kolonnenstraße 8, 10827 Berlin, Germany.
10

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

11

Policy Changes

We may update this Privacy Policy. The "Last Updated" date indicates the most recent revision. Material changes will be communicated via email or website notice.

Data Privacy Questions?

Reach out to us at any time for inquiries regarding your personal information.

Contact DPO