Privacy Policy

Protecting your data with EU-GDPR, German BDSG, and Dutch AVG compliance

Data Protection Commitment

As a Berlin-based agency working with sensitive client data across Germany and the Netherlands, we adhere to the strictest privacy standards under EU GDPR (2016/679), German Bundesdatenschutzgesetz (BDSG-neu), and Dutch Algemene Verordening Gegevensbescherming (AVG).

Effective Date: April 2025 | Version: 3.2

This Privacy Policy explains how Web Cuisine Agency ("we", "us", or "our") collects, uses, discloses, and protects information when you:

  • Use our website (webcuisine-agency.com)
  • Engage our services under contract
  • Interact with our client portal
  • Communicate with our team

Data We Collect

Transparent overview of collected information

Client Business Information
  • Company registration details (Handelsregister)
  • VAT identification numbers
  • Authorized signatory information including:
    • Full name
    • Business email
    • Business phone number
    • Position/title
  • Contract documents and communications
  • Billing and payment information
Collected under contractual necessity per Art. 6(1)(b) GDPR. Retained for 10 years per German §257 HGB and Dutch fiscal requirements. Personal data is limited to what's strictly necessary for contract execution.

Protected Information

In certain projects, we may process:

  • Employee data (when providing HR systems)
  • Health-related information (for medical clients)
  • Financial records (for banking/fintech projects)
Such processing always occurs under:
  • Explicit consent (Art. 9(2)(a) GDPR)
  • Data Processing Agreements (Art. 28 GDPR)
  • Additional technical safeguards (encryption at rest)

Automated Collection
  • IP addresses (anonymized)
  • Browser/device characteristics
  • Usage patterns (via cookie consent)
  • System logs (30 day retention)
Authentication Data
  • Encrypted session tokens
  • Two-factor authentication records
  • Access timestamps
  • Failed login attempts

How We Process Data

Data Flow Overview

Client data never leaves the EU/EEA without additional safeguards

Collection

Via secure forms and contracts

Storage

Encrypted German servers

Processing

Under strict DPAs

Retention

As required by law

Processing Activity Legal Basis Relevant Law
Contract execution Art. 6(1)(b) GDPR §26 BDSG, Art. 6 AVG
Client communications Legitimate interest (Art. 6(1)(f)) §15 TMG, Art. 6 AVG
Compliance documentation Legal obligation (Art. 6(1)(c)) §257 HGB, Art. 52 Wetboek van Strafrecht
Security monitoring Legitimate interest §24 BDSG, Art. 6 AVG

Limited Information Sharing

When working with trusted freelancers to deliver services, we:

  • Only share project-specific technical requirements
  • Never disclose client personal data or confidential business information
  • Use anonymized task descriptions where possible
  • Require freelancers to sign strict NDAs and DPAs
What We Share
  • Technical specifications
  • Anonymous use cases
  • General project timelines
What We Protect
  • Client identities
  • Business strategies
  • Internal documents
  • User data
All freelancers are contractually bound under Art. 28 GDPR processor agreements with strict confidentiality clauses per §203 StGB (German Criminal Code) and Dutch trade secret protections.

Within EU/EEA
  • Payment Processors: SEPA-compliant providers only
  • Cloud Services: German-based with EU-only routing
  • Subprocessors: Under strict Data Processing Agreements
International Transfers
We only transfer data outside EU/EEA when:
  • To countries with adequacy decisions (Art. 45 GDPR)
  • Using Standard Contractual Clauses (Art. 46 GDPR)
  • With additional technical safeguards (encryption in transit)

Your Data Rights

Access & Portability

Request a copy of your data in machine-readable format (Art. 15, 20 GDPR).

Submit Request

Rectification & Erasure

Correct inaccurate data or request deletion where applicable (Art. 16, 17 GDPR).

Request Action

Restriction & Objection

Limit processing or object to certain uses (Art. 18, 21 GDPR).

Exercise Rights

Automated Decisions

Opt-out of purely automated processing (Art. 22 GDPR).

Opt Out
We respond to all requests within 30 days as required by Art. 12 GDPR. Identity verification required.

Contact & Complaints

Data Protection Officer

Email: [email protected]

Telefoon: +49 15568 206560

Postal: Neumeisterstr. 16, 13585 Berlin

Regulatory Authorities

Berlin: Berliner Beauftragte für Datenschutz

Netherlands: Autoriteit Persoonsgegevens

EU: European Data Protection Board

We implement security measures per Art. 32 GDPR, §64 BDSG, and Art. 29 AVG, regularly reviewed and updated.
You have the right to lodge a complaint with a supervisory authority per Art. 77 GDPR.
This website uses cookies · Deze website gebruikt cookies · Diese Website verwendet Cookies
EN · We only use essential cookies to ensure the basic functionality of our website.
We do not track you or store any personal information.
NL · Wij gebruiken alleen essentiële cookies voor de basisfunctionaliteit van onze website.
We volgen je niet en slaan geen persoonlijke gegevens op.
DE · Wir verwenden nur essentielle Cookies, um die Grundfunktionen unserer Website sicherzustellen.
Wir verfolgen Sie nicht und speichern keine persönlichen Daten.
Cookie Policy