Privacy Policy

Introduction

IdEinstein is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable international privacy laws.

Effective Date: December 28, 2024
Last Updated: February 25, 2026
Review Schedule: Updated quarterly and when privacy practices change

1. Data Controller & Contact

As a solo practice based in Germany, IdEinstein is fully compliant with German and EU data protection laws, including GDPR.

2. Personal Data We Collect

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title
• Project Information: Technical requirements, specifications, project descriptions, engineering challenges
• Communication Records: Messages, consultation requests, support inquiries, meeting notes
• Account Information: User credentials, preferences, dashboard settings (if applicable)
• Payment Information: Billing address, payment method details (processed securely by third parties)

2.2 Information Collected Automatically

• Technical Data: IP address (pseudonymized), browser type, operating system, device information
• Security Data: Basic access logs for security purposes (30-day retention)
• Performance Data: Page load times, error logs, system performance metrics
• Essential Cookies: Session cookies, security cookies, preference cookies ✅ Currently Active
• Analytics Data: Website usage patterns, page views, user behavior (collected with Google Analytics 4 when consent is provided)
• Marketing Tracking: Campaign effectiveness and user engagement metrics (only with explicit consent)

2.3 Special Categories of Data

We do not intentionally collect special categories of personal data (sensitive data) such as health information, political opinions, or biometric data. If such data is inadvertently provided, we will delete it immediately upon discovery.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): To provide engineering services, process consultations, and fulfill project requirements
• Legitimate Interests (Art. 6(1)(f)): To improve our services, conduct business analytics, and ensure website security
• Consent (Art. 6(1)(a)): For marketing communications, non-essential cookies, and optional data processing
• Legal Obligations (Art. 6(1)(c)): To comply with tax, accounting, and other legal requirements
• Vital Interests (Art. 6(1)(d)): In rare cases where processing is necessary to protect someone's life

4. How We Use Your Personal Data

4.1 Service Delivery

• Provide engineering and design services
• Process consultation requests and quotations
• Manage project communications and deliverables
• Provide customer support and technical assistance
• Process payments and manage billing

4.2 Business Operations

• Improve our services and website functionality
• Conduct market research and analytics
• Ensure website security and prevent fraud
• Comply with legal and regulatory requirements
• Maintain business records and documentation

4.3 Marketing Communications (With Consent)

• Send newsletters and service announcements
• Provide information about new services and capabilities
• Share relevant industry insights and technical content
• Invite to webinars, events, or educational content

5. Your Privacy Rights

5.1 GDPR Rights (EU Residents)

• Right of Access (Art. 15): Request copies of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit how we process your data
• Right to Data Portability (Art. 20): Receive your data in a structured format
• Right to Object (Art. 21): Object to processing for marketing or legitimate interests
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time
• Right to Lodge a Complaint: File complaints with supervisory authorities

5.2 How to Exercise Your Rights

6. Data Security Measures

We implement comprehensive technical and organizational measures to protect your data:

6.1 Technical Safeguards

• Encryption: All data transmission uses SSL/TLS encryption (minimum TLS 1.2)
• Data Encryption: Personal data encrypted at rest using AES-256
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Updates: Security patches and system updates

6.2 Organizational Measures

• Privacy by Design: Data protection built into all processes
• Staff Training: Regular privacy and security training
• Data Minimization: Collect only necessary data
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures for data breach notification

7. Contact Information