Data Privacy Declaration

Transparent, Sovereign, Trustworthy.

The protection of your personal data is a core component of cyber-sovereignty. The following declaration explains what information we collect when you interact with our web presence, how we process it, and which rights you have – in clear, concise language.

1. General Information

“Personal data” means any information that can identify you personally (e.g. name, e-mail, IP address). Detailed legal references can be found in the respective sub-sections below.

2. Data Collection on this Website

Responsible Body

CypSec – contact details in §4 – decides the purposes and means of all processing.

What we collect

Forms (name, e-mail, message) + technical logs (IP, browser, time) – no marketing trackers.

Why we collect

To deliver the site, answer requests, improve security & comply with legal duties.

3. Your Rights (GDPR in a Nutshell)

  • Information & access free of charge
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability (machine-readable)
  • Object at any time (incl. direct marketing)
  • Revoke consent with future effect
  • Lodge complaint with supervisory authority

Exercise Your Rights or Ask Us

We answer every privacy-related request within 30 days – no automated bureaucracy.

privacy@cypsec.de

4. Storage Duration & Security

Duration: We keep data only as long as necessary for the stated purpose or as required by law (e.g. 10 y for tax records, 7 d for short-lived server logs).

Security: TLS-1.3 encryption in transit, AES-256 at rest, strict access control, regular penetration tests, no external ad-networks, no CDN that profiles visitors.

5. Legal Bases we rely on

Art. 6 (1) b GDPR – processing necessary for contractual services or pre-contractual steps.

Art. 6 (1) c GDPR – compliance with legal obligations (commercial, tax, security reporting).

Art. 6 (1) f GDPR – legitimate interests (network security, abuse prevention, bug-fixing).

Art. 6 (1) a & 9 (2) a GDPR – where you gave explicit consent (newsletter, research participation).

6. Server Log Files

Our servers store: browser type/version, OS, referrer-URL, host name, time stamp, IP. Data remains isolated, is never merged with other sources, and is automatically deleted after 7 days. Legal basis: Art. 6 (1) f GDPR – network security & error diagnosis.

7. Changes to this Declaration

We publish the effective date below and notify active members by e-mail for substantial changes. Last updated: 12 December 2025.