Privacy Policy

Last updated: 8/18/2025

1. Data Controller

Sandy Smajic

Maxstr. 3, 45127 Essen, Germany

Phone: +49 201 64613379

Email: info@sandysmajic.com

Data Protection Officer (DPO): Sandy Smajic

2. Data We Collect

2.1 Account Information

  • Name and email address (for account creation)
  • Company information (optional)
  • Password (encrypted)

2.2 Assessment Data

  • Cybersecurity assessment responses
  • Security scores and recommendations
  • Assessment completion timestamps

2.3 Payment Information

  • Payment processing is handled by Stripe Inc.
  • We do not store credit card information
  • We receive transaction confirmations and receipt data
  • Billing address for invoice generation

2.4 Technical Data

  • IP address and browser information
  • Usage analytics and performance data
  • Cookies and similar tracking technologies

3. Legal Basis for Processing

  • Contract Performance: Processing necessary for providing our cybersecurity assessment services
  • Legitimate Interest: Improving our services, security, and user experience
  • Consent: Marketing communications and non-essential cookies
  • Legal Obligation: Tax records, payment processing compliance

4. Cookies and Tracking

4.1 Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Basic functionality and preferences

4.2 Analytics Cookies

  • Usage statistics and performance monitoring
  • User behavior analysis for service improvement
  • Requires your consent via our cookie banner

5. Data Sharing

  • Stripe: Payment processing (PCI DSS compliant)
  • Cloud Providers: Secure data hosting within EU/EEA
  • Legal Requirements: When required by law or court order
  • We never sell your personal data to third parties

6. Your GDPR Rights

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Delete your account and data
  • Portability: Export your data in machine-readable format
  • Restriction: Limit processing of your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: For marketing and non-essential cookies

To exercise these rights, contact us at info@sandysmajic.com

7. Data Retention

  • Account Data: Until account deletion + 30 days
  • Assessment Data: 3 years for service improvement
  • Payment Records: 10 years (German tax law requirement)
  • Marketing Data: Until consent withdrawal

8. International Transfers

Your data is primarily processed within the EU/EEA. Any transfers to third countries are protected by:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Appropriate safeguards under GDPR Article 46

9. Contact & Complaints

For privacy concerns, contact our DPO:

Sandy Smajic (Data Protection Officer)

Email: info@sandysmajic.com

Phone: +49 201 64613379

You also have the right to lodge a complaint with your local data protection authority.