We are pleased that you are visiting our website and interested in DETECH Engineering Solutions & Services. The protection of your Personal Data is of the highest importance to our management and entire organisation. As a rule, you can browse our websites without disclosing any Personal Data to us. However, if you wish to use specific services via our websites, applications, or other digital channels, we may need to process your Personal Data. Where no other legal basis applies, we will always request your explicit Consent before doing so, for example via a cookie consent banner or a dedicated consent form.

We process your Personal Data strictly in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and all other relevant international data protection regulations. This Privacy Policy explains in detail what Personal Data we collect, how and why we use it, how long we retain it, and what rights you have as a Data Subject.

This Privacy Policy is designed not only to fulfill our obligations under the GDPR and the national laws of EU/EEA Member States, but also to comply with additional international data protection frameworks, including but not limited to: UK data protection laws (UK-GDPR), the Swiss Federal Data Protection Act and Data Protection Ordinance (DSG, DSV), the California Consumer Privacy Act (CCPA/CPRA), China’s Personal Information Protection Law (PIPL), and other applicable global data protection regulations. The Privacy Policy shall be interpreted for each applicable jurisdiction in a manner that corresponds to the terms and legal bases used in that jurisdiction.

We have implemented extensive technical and organisational measures to protect your Personal Data in the most effective and comprehensive manner possible. Nevertheless, no internet transmission can be guaranteed to be completely secure. For this reason, you are also welcome to transmit sensitive information to us via other channels, such as by telephone or in person, if you prefer.

1. Definitions

In this Privacy Policy, we use specific terms drawn from various data protection laws. To ensure clarity and ease of understanding, we define these key terms below. These definitions shall be interpreted in accordance with applicable case law, including decisions of the European Court of Justice (ECJ), the General Court of the European Union (EGC), and national data protection authorities.

a) Personal Data

Personal Data means any information relating to an identified or identifiable natural person (referred to as the ‘Data Subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject

A Data Subject is any identified or identifiable natural person whose Personal Data is processed by the Controller, a Processor, an international organisation, or any other data recipient. This includes all individuals who interact with DETECH Engineering Solutions & Services through our websites, services, or business operations.

c) Processing

Processing refers to any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of Personal Data.

d) Restriction of Processing

Restriction of Processing means the marking of stored Personal Data with the aim of limiting its Processing in the future. This right allows Data Subjects to request that their data be temporarily suspended from active use while disputes or verification processes are ongoing.

e) Profiling

Profiling means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

f) Pseudonymisation

Pseudonymisation is the Processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.

g) Controller

The Controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. DETECH Engineering Solutions & Services acts as the Controller for all Personal Data processed through its website, services, and business operations.

h) Processor

A Processor is a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller. Processors are bound by contractual agreements and legal obligations to handle Personal Data only as instructed by the Controller.

i) Recipient

A Recipient is a natural or legal person, public authority, agency, or another body to which Personal Data is disclosed, whether a Third Party or not. Public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients for the purposes of this definition.

j) Third Party

A Third Party is a natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.

k) Consent

Consent of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her. Consent must be withdrawable at any time without detriment to the Data Subject.

2. Name and Address of the Controller

The Controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

DETECH Engineering Solutions & Services

[Street & House Number]

[Postal Code] [City]

Germany

Phone: +49 [Your Number]

Email: info@detech-engineering.com

Website: www.detech-engineering.com

Represented by: [Full Name of Managing Director]

Trade Register: Gewerbeamt [City], Registration No.: [Number]

VAT Identification Number (pursuant to §27a UStG): DE [Number]

3. Collection of General Data and Information

When our website is accessed by a Data Subject or an automated system, a range of general data and information is collected automatically. This data is stored in the server log files of our hosting provider. The following categories of data may be recorded:

• Browser types and versions used by the accessing system
• The operating system used by the accessing system
• The website from which an accessing system reaches our website (so-called referrer URL)
• The sub-pages and resources accessed via our website
• The date and time of access to the website
• The Internet Protocol (IP) address of the accessing device
• The Internet service provider of the accessing system
• Other similar technical data used for security purposes in the event of attacks on our information technology systems

This general data and information is not used to draw conclusions about the identity of the Data Subject. Rather, it is required to ensure the correct and efficient delivery of our website content, to optimise website performance, to ensure the long-term security and functionality of our information technology infrastructure, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack or other criminal activity.

The legal basis for this Processing is Art. 6 (1) (f) GDPR — our legitimate interest in maintaining the security and functionality of our website and IT systems. Server log files are stored separately from all Personal Data provided voluntarily by Data Subjects and are deleted after their purpose has been fulfilled, typically within 30 days.

4. Contact Possibilities and Data Transmission

Our website contains information that enables quick electronic contact with our organisation, including an email address, telephone number, and a contact form. If a Data Subject contacts us by any of these means, the Personal Data transmitted will be stored automatically for the purpose of processing the inquiry and maintaining communication.

By transmitting your Personal Data via our contact form or email, you voluntarily consent to the Processing of the data you have provided for the purposes of handling your inquiry, in accordance with Art. 6 (1) (a) GDPR. You also provide your explicit consent pursuant to Art. 49 (1) (1) (a) GDPR for any necessary data transfers to third countries, where applicable, as described in this Privacy Policy.

You may withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of Processing that occurred prior to the withdrawal. This Personal Data will not be shared with third parties without your explicit consent, except where required by law or as described in this Privacy Policy.

5. Legal Basis for the Processing of Personal Data

DETECH Engineering Solutions & Services processes Personal Data on the following legal bases, as applicable:

Art. 6 (1) (a) GDPR — Consent

Where we ask for and receive your explicit consent for specific Processing activities, such as subscribing to our newsletter, accepting cookies, or requesting to be contacted for marketing purposes, we rely on this legal basis. You have the right to withdraw your consent at any time.

Art. 6 (1) (b) GDPR — Performance of a Contract

Where Processing of your Personal Data is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, we rely on this legal basis. This includes Processing necessary for the provision of our engineering services and project management support.

Art. 6 (1) (c) GDPR — Legal Obligation

Where Processing of your Personal Data is necessary for compliance with a legal obligation to which we are subject, such as tax obligations, accounting requirements, or statutory retention periods, we rely on this legal basis.

Art. 6 (1) (f) GDPR — Legitimate Interests

Where Processing of your Personal Data is necessary for the purposes of our legitimate interests or those of a third party, and such interests are not overridden by your interests or fundamental rights and freedoms, we rely on this legal basis. Our legitimate interests include, but are not limited to: the security and improvement of our website and IT systems, the prevention of fraud, the administration of our business operations, and direct marketing to existing clients.

6. Data Retention and Deletion

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The criteria used to determine our retention periods include:

• The nature and purpose of the data collected
• Applicable statutory retention periods under German and EU law (e.g., commercial and tax records are retained for up to 10 years pursuant to §§ 238, 257 HGB and § 147 AO)
• The existence of a contractual relationship with you
• Applicable limitation periods for legal claims

Once the applicable retention period has expired, and provided that no legal obligation requires further retention, your Personal Data will be securely and permanently deleted or anonymised in accordance with our data deletion procedures.

7. Your Rights as a Data Subject

Under the GDPR and applicable national data protection law, you have the following rights with respect to your Personal Data. To exercise any of these rights, please contact us at info@detech-engineering.com. We will respond to your request within one month of receipt, as required by Art. 12 GDPR.

a) Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether Personal Data concerning you is being processed, and, where that is the case, access to the Personal Data and detailed information about the Processing, including the purposes, categories of data, recipients, and retention periods.

b) Right to Rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the Processing, you also have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

c) Right to Erasure — Right to be Forgotten (Art. 17 GDPR)

You have the right to obtain from us the erasure of Personal Data concerning you without undue delay where one of the following grounds applies: the data is no longer necessary for the purposes for which it was collected; you withdraw your consent and no other legal basis exists; you object to the Processing and there are no overriding legitimate grounds; the data has been processed unlawfully; or erasure is required to comply with a legal obligation.

d) Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain from us restriction of Processing where: the accuracy of the data is contested; the Processing is unlawful and you oppose erasure; we no longer need the data but you require it for legal claims; or you have objected to Processing pending verification of our legitimate grounds.

e) Right to Data Portability (Art. 20 GDPR)

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another Controller, where the Processing is based on consent or contract and is carried out by automated means.

f) Right to Object (Art. 21 GDPR)

You have the right to object at any time to the Processing of your Personal Data on grounds relating to your particular situation, where Processing is based on Art. 6 (1) (e) or (f) GDPR. We will cease Processing unless we can demonstrate compelling legitimate grounds that override your interests, or the Processing is necessary for legal claims. Where Processing is for direct marketing purposes, you have an unconditional right to object at any time.

g) Right to Withdraw Consent (Art. 7 (3) GDPR)

Where Processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal. Withdrawal can be made by contacting us at info@detech-engineering.com.

h) Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the Processing of your Personal Data infringes the GDPR. The competent supervisory authority for DETECH Engineering Solutions & Services in Germany is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153, 53117 Bonn, Germany

Website: www.bfdi.bund.de | Email: poststelle@bfdi.bund.de

8. Third-Party Services and Data Processors

We use a number of third-party services and tools in connection with the operation of our website and business activities. Where these services involve the Processing of your Personal Data, we have entered into Data Processing Agreements (DPAs) with the relevant providers as required by Art. 28 GDPR. The following provides detailed information about our key third-party providers:

8.1 Microsoft Teams

We use Microsoft Teams as our primary internal and external communication and collaboration platform. When using Microsoft Teams, Personal Data such as names, email addresses, telephone numbers, meeting content (video/audio streams, chat transcripts, shared files), and usage data may be processed.

Operator: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

EU/EEA Representative (Art. 27 GDPR): Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Legal Basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interests in efficient communication).

Third Country Transfer: Data may be transferred to the USA on the basis of Standard Contractual Clauses or the EU-US Data Privacy Framework.

Further information: https://privacy.microsoft.com

8.2 Zoom

We use Zoom for video conferencing with clients and project partners. When using Zoom, Personal Data such as names, email addresses, telephone numbers, profile pictures, device information, video and audio streams, chat transcripts, and shared content may be processed.

Operator: Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

EU/EEA Representative (Art. 27 GDPR): Lionheart Squared (Europe) Limited, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Ireland.

Legal Basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

Third Country Transfer: Transfers to the USA are carried out on the basis of Standard Contractual Clauses.

Further information: https://zoom.us/privacy

8.3 LinkedIn

We maintain a LinkedIn company profile for professional networking, marketing, and business development purposes. When interacting with our LinkedIn presence, Personal Data such as names, professional titles, email addresses, and usage data may be processed by LinkedIn.

Operator: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Legal Basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract), and Art. 6 (1) (f) GDPR (legitimate interests in marketing and networking).

Third Country Transfer: Transfers to the USA are carried out on the basis of Standard Contractual Clauses or the EU-US Data Privacy Framework.

Further information: https://www.linkedin.com/legal/privacy-policy

8.4 WordPress & Elementor

Our website is built using WordPress, the world’s leading content management system, in combination with the Elementor page builder plugin. These tools process technical data such as IP addresses and browser information as part of normal website operation and optimisation.

WordPress is developed by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Elementor is developed by Elementor Ltd., PO-Box 657, 44 Shlomo ha-Melekh St., Ramat Gan 5252165, Israel (a country recognised by the European Commission as providing an adequate level of data protection).

Legal Basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR (legitimate interests in providing and optimising our website).

Further information: https://elementor.com/privacy-policy/

8.5 Cookie Notice & Consent Management

We use a cookie consent management plugin on our WordPress website to ensure compliance with GDPR and ePrivacy requirements. This tool enables us to inform users about our use of cookies and to obtain, document, and manage user consents in a legally compliant manner.

The plugin processes data such as user consent preferences, timestamps, and technical identifiers, which are stored locally or in our systems to document compliance.

Legal Basis: Art. 6 (1) (c) GDPR — compliance with legal obligations relating to consent documentation.

8.6 Google Fonts

Our website may use Google Fonts, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for typography purposes. When Google Fonts are loaded, your IP address may be transmitted to Google servers in the USA.

To protect your privacy, we have configured our website to load Google Fonts locally where possible, thereby avoiding unnecessary data transmission to Google servers.

Further information: https://policies.google.com/privacy

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and provide certain functionalities. Cookies are small text files that are stored on your device when you visit a website.

9.1 Types of Cookies We Use

Essential Cookies

These cookies are strictly necessary for the website to function and cannot be switched off in our systems. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. Legal basis: Art. 6 (1) (f) GDPR (legitimate interests in providing a functioning website).

Performance and Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. All information these cookies collect is aggregated and therefore anonymous. Legal basis: Art. 6 (1) (a) GDPR (your consent).

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. Legal basis: Art. 6 (1) (a) GDPR (your consent).

9.2 Managing Your Cookie Preferences

You can set or amend your cookie preferences at any time through our cookie consent banner or through your browser settings. Please note that if you choose to disable certain cookies, some parts of our website may not function correctly. You may also delete cookies that have already been stored on your device through your browser settings.

10. Data Transfers to Third Countries

Some of our service providers are located outside the European Union or the European Economic Area (EU/EEA), particularly in the United States of America. Where we transfer Personal Data to third countries, we ensure that appropriate safeguards are in place to protect your data, in accordance with Art. 44 et seq. GDPR.

Appropriate safeguards for third-country transfers include:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46 (2) (c) GDPR
• Adequacy decisions by the European Commission pursuant to Art. 45 GDPR
• Membership in approved data privacy frameworks, such as the EU-US Data Privacy Framework
• Binding Corporate Rules (BCRs) where applicable

You may request a copy of the applicable safeguards by contacting us at info@detech-engineering.com. Copies of EU Standard Contractual Clauses are also available in the Official Journal of the European Union.

11. Automated Decision-Making and Profiling

As a responsible and ethically-minded engineering company, DETECH Engineering Solutions & Services does not engage in automated decision-making, including profiling, that produces legal effects or similarly significantly affects Data Subjects, as referred to in Art. 22 GDPR.

Should we ever introduce automated decision-making processes in the future, we will inform affected Data Subjects separately, provide meaningful information about the logic involved, and ensure that appropriate safeguards are in place, including the right to human intervention, the right to express your point of view, and the right to contest the decision.

12. Data Security

DETECH Engineering Solutions & Services has implemented a comprehensive range of technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• SSL/TLS encryption for all data transmitted via our website (recognisable by the ‘https://’ prefix and the padlock icon in your browser)
• Access controls and user authentication systems limiting access to Personal Data to authorised personnel only
• Regular security assessments, vulnerability scans, and penetration testing of our IT infrastructure
• Data minimisation practices ensuring that only the minimum amount of Personal Data necessary is collected and processed
• Employee training on data protection and information security best practices
• Incident response procedures for detecting, reporting, and addressing Personal Data breaches in accordance with Art. 33 and 34 GDPR

In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where required, inform you directly.

13. Direct Marketing Communications

We may send you direct marketing communications about our engineering services, products, and industry updates where we have a legitimate basis to do so. Where required by law, we will obtain your prior consent before sending such communications.

You have the right to object to the processing of your Personal Data for direct marketing purposes at any time, free of charge and without providing any reasons. To unsubscribe from our marketing communications, please contact us at info@detech-engineering.com. We will action your request promptly and without any detriment to you.

The legal basis for direct marketing to existing clients is Art. 6 (1) (f) GDPR (legitimate interests in promoting our services to clients who have previously engaged with us). For all other recipients, the legal basis is Art. 6 (1) (a) GDPR (your consent).

14. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority if you consider that the Processing of your Personal Data by DETECH Engineering Solutions & Services infringes applicable data protection law. We respectfully request that you first contact us directly so that we may address your concerns promptly.

The competent supervisory authority for DETECH Engineering Solutions & Services is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Graurheindorfer Str. 153

53117 Bonn, Germany

Phone: +49 (0)228 997799-0

Email: poststelle@bfdi.bund.de

Website: www.bfdi.bund.de

15. Changes to This Privacy Policy

We reserve the right to update and amend this Privacy Policy at any time to reflect changes in legal requirements, regulatory guidance, court decisions, or our internal data processing practices. We will notify you of any material changes by posting the updated Privacy Policy on our website with a revised ‘Last Updated’ date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Data.

Your continued use of our website following the posting of changes constitutes your acknowledgement of the updated Privacy Policy. Where changes are material and require your consent, we will take appropriate steps to obtain such consent.

DETECH Engineering Solutions & Services

[Street & House Number] | [Postal Code] [City] | Germany

Email: info@detech-engineering.com | Website: www.detech-engineering.com