Privacy Policy

Last updated: December 2024

ddrowsily GmbH is committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

Data Controller

ddrowsily GmbH is the data controller responsible for your personal data. You can contact us regarding any data protection matters using the contact information provided below.

ddrowsily GmbH
Hauptstraße 108
04263 Leipzig, Germany
Phone: +49 696632828
Email: [email protected]

Data Collection

The data we collect includes personal information such as your name, email address, phone number, company details, and any information you provide when contacting us or using our services. We collect this information when you:

  • Submit enquiries through our contact form
  • Request information about our fund administration services
  • Engage with us as a client or potential client
  • Visit our website and interact with our online services
  • Subscribe to our communications or updates

We also automatically collect certain technical information when you visit our website, including your IP address, browser type, device information, and website usage patterns through cookies and similar technologies.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for specific processing activities
  • Contract Performance: To provide fund administration services and fulfil contractual obligations
  • Legitimate Interests: For business operations, client communication, and service improvement
  • Legal Obligation: To comply with regulatory requirements and legal obligations in the financial services sector

How We Use Your Information

We explain how we use your information to provide our fund administration services and maintain our business relationship with you. The use of your data includes:

  • Responding to your enquiries and providing requested information
  • Delivering fund administration services and client support
  • Processing transactions and maintaining accurate records
  • Ensuring regulatory compliance and meeting legal obligations
  • Improving our services and developing new offerings
  • Sending relevant business communications and updates
  • Protecting against fraud and maintaining security

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

Data Sharing and Disclosure

We may share your personal data with trusted third parties in the following circumstances:

  • Service providers who assist in delivering our fund administration services
  • Professional advisors including legal, accounting, and audit firms
  • Regulatory authorities when required by law or regulation
  • Technology providers who support our IT infrastructure and security
  • Other parties with your explicit consent or as directed by you

All third parties are bound by appropriate data protection agreements and are required to protect your personal data in accordance with applicable laws.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and maintain accurate business records. Specific retention periods include:

  • Client Records: Maintained for the duration of our business relationship plus 7 years for regulatory compliance
  • Contact Enquiries: Retained for 3 years unless you request earlier deletion
  • Website Analytics: Aggregated data retained for 2 years
  • Marketing Communications: Until you unsubscribe or withdraw consent

When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention policy.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another organisation
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and user authentication
  • Staff training on data protection and security
  • Incident response and breach notification procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protection measures.

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules for multinational organisations
  • Certification schemes and codes of conduct

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website traffic. For detailed information about our cookie usage, please refer to our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner displayed when you first visit our website.

Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying prominent notices on our website

The "Last updated" date at the top of this policy indicates when it was most recently revised.

Contact Information

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us using the following contact information:

Data Protection Officer
ddrowsily GmbH
Hauptstraße 108
04263 Leipzig, Germany

Email: [email protected]
Phone: +49 696632828

Business Hours: Monday - Friday, 9:30 AM - 5:30 PM

You also have the right to lodge a complaint with the relevant data protection authority if you believe we have not handled your personal data appropriately. In Germany, you can contact your local data protection authority or the Federal Commissioner for Data Protection and Freedom of Information (BfDI).