Privacy Policy

1. Controller (Art. 4 No. 7 GDPR)

Digital Now Technologies UG (haftungsbeschränkt)
Reudnitzer Straße 1
04103 Leipzig
Germany
E-mail: info@digitalnow.online

2. Hosting, Infrastructure & Server Logs

When visiting our website, technically necessary connection data are processed (e.g., truncated IP address, date/time, requested URL, referrer, user agent, status codes). Purposes: website delivery, stability, security (e.g., DDoS mitigation) and abuse detection.

• Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
• Retention: logs are generally kept for a short period (typically 7–30 days); longer if needed to investigate incidents.
• Processors/third countries: we conclude data processing agreements (Art. 28 GDPR) with our hosting/CDN providers. Where transfers to third countries (e.g., US) occur, we rely on appropriate safeguards (notably EU Standard Contractual Clauses) and—where available—certifications (e.g., EU-US Data Privacy Framework) and additional measures.

3. Language Detection (Accept-Language)

To improve usability, we derive the preferred language from your browser’s Accept-Language header and display the corresponding version. We do not set cookies for this and do not use IP-based geolocation.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

4. Contact Form & E-mail

If you contact us via the form or by e-mail, we process the data you voluntarily provide (e.g., name, e-mail, message) to handle your request.

• Legal bases: Art. 6(1)(b) GDPR (pre-/contractual communications) and Art. 6(1)(f) GDPR (general inquiries).
• Retention: until your request is completed; for business relations according to statutory retention (generally up to 10 years).
• Necessity: without minimum data (contact, request), we may be unable to process your inquiry.

5. External Links & Bookings

Where we link to external services (e.g., booking or calendar tools), their privacy policies apply once you open those sites. We only receive information necessary to coordinate the appointment.

Legal bases: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

6. No Cookies, No External Tracking

We do not use analytics cookies or third-party tracking (e.g., Google Analytics). We do not carry out marketing profiling.

7. Applications

We process application data (e.g., contact details, CV, certificates) for recruitment purposes.

• Legal basis: Sec. 26(1) BDSG (Germany) and Art. 6(1)(b) GDPR.
• Retention: generally 6 months after the process ends, unless you consent to longer storage or legal obligations require longer retention.

8. Processing on Behalf of Clients (B2B)

Where our services involve processing personal data on behalf of clients (e.g., data pipelines, chatbots, computer vision), we conclude a data processing agreement under Art. 28 GDPR. We process data strictly for the agreed purposes, with appropriate technical and organizational measures (TOMs), documented instructions, sub-processor controls, and—if needed—appropriate third-country safeguards (SCC/DPF).

9. EU AI Act: Transparency & Compliance

We build and integrate AI solutions (e.g., chatbots, OCR, computer vision). On this website, we do not deploy AI systems that constitute prohibited practices (e.g., manipulative or opaque biometric categorization). We meet transparency/labelling duties (e.g., user notices for AI interactions, synthetic content labelling) where public AI features are offered. For high-risk use cases, we implement risk management, data/model governance, logging, human oversight, robustness/accuracy, and documentation. Where required by law, the deployer conducts a fundamental-rights impact assessment (FRIA) before use.

10. Security (Art. 32 GDPR)

The site is served via TLS (HTTPS). We apply appropriate technical and organizational measures, including role-based access with least privilege, logging, at-rest encryption offered by our providers, regular updates, and backups.

11. Retention

We retain personal data only as long as necessary for the respective purposes or as required by law (e.g., commercial/tax laws up to 10 years). Thereafter, data are deleted or anonymized.

12. Obligation to Provide Data

Providing personal data is generally voluntary. For certain purposes (e.g., appointments, offers, contracts), minimum data are required; without them, we may be unable to process your request or conclude a contract.

13. No Automated Decision-Making

We do not perform solely automated decision-making within the meaning of Art. 22 GDPR producing legal effects concerning you or similarly significant impacts.

14. Categories of Recipients

IT/hosting providers, e-mail/communications providers, accounting/tax advisors if needed, legal counsel, project sub-contractors (only under DPA/SCC where required). We do not disclose data to third parties for advertising without a valid legal basis.

15. Third-Country Transfers

Where services in third countries are involved, we safeguard transfers in accordance with Arts. 44 ff. GDPR (notably SCC, appropriate supplementary measures and—where available—DPF certifications).

16. Your Rights (Arts. 15–21, 77 GDPR)

• Access, rectification, erasure, restriction, data portability, and objection (Art. 21).
• Withdrawal of consent with effect for the future.

Right to lodge a complaint: You may contact any supervisory authority. For Saxony (Germany): Sächsische Datenschutz- und Transparenzbeauftragte (SDTB), P.O. Box 11 01 32, 01330 Dresden, phone +49 351 85471 101, e-mail: post@sdtb.sachsen.de, website: www.datenschutz.sachsen.de.

17. Updates to this Notice

We update this notice when laws, services, or processes change. The current version is always available on this page. Last updated: September 12, 2025