Skip to content
NIS2: in force since Dec 2025. What it means

Privacy policy

We process personal data sparingly and only as far as it is necessary to run this website and handle your enquiries. This policy describes what data that is, on which legal basis, and which rights you have. The German version is the legally binding one.

As of July 2026


Controller

The controller for the processing of data on this website within the meaning of Article 4 (7) of the General Data Protection Regulation (GDPR) is:

TODO · before launch

Company and full postal address will be entered before launch, identical to the details in the legal notice. Placeholders stand in until then.

Company
Wachr [TODO: full legal name]
Address
[TODO: street and number], [TODO: postal code and city], Germany

Data protection officer

We continuously review whether we are required to appoint a data protection officer under Article 37 GDPR and § 38 BDSG. [TODO: add the contact details of the data protection officer once appointed.]

Your rights

In relation to your personal data you have the following rights:

  • Access to the data stored about you (Article 15 GDPR).
  • Rectification of inaccurate data (Article 16 GDPR).
  • Erasure of your data, unless statutory retention obligations apply (Article 17 GDPR).
  • Restriction of processing (Article 18 GDPR).
  • Data portability in a common format (Article 20 GDPR).
  • Objection to processing based on a legitimate interest (Article 21 GDPR).
  • Withdrawal of consent with effect for the future (Article 7 (3) GDPR).

An informal message to kontakt@wachr.de is enough to exercise these rights.

You may also lodge a complaint with a data protection supervisory authority (Article 77 GDPR). The competent authority is the one of the federal state in which we are based. [TODO: add the competent state authority once the company seat is fixed.]

Hosting and server log files

When you access this website, the hosting provider automatically collects information that your browser transmits (server log files): browser type and version, operating system, referrer URL, host name of the accessing device, time of the server request, and the IP address. This data is not combined with other data sources.

The legal basis is our legitimate interest in a stable and secure operation of the website (Article 6 (1) (f) GDPR). The data is deleted after a short time unless it is needed to investigate specific misuse.

TODO · before launch

Name the hosting provider, server location (Germany) and log retention period, and conclude a data processing agreement under Article 28 GDPR.

Contact and enquiry forms

When you contact us through one of our forms (founding-partner or demo enquiry), we process the data you provide to handle your request. Depending on the form, we collect name, company, email address, and region or number of employees.

The legal basis is the initiation or performance of a contract (Article 6 (1) (b) GDPR) and our legitimate interest in answering your request (Article 6 (1) (f) GDPR). The data is deleted once it is no longer needed for the purpose, at the latest after statutory retention periods expire.

To deliver the form emails we use an email service provider as a processor.

TODO · before launch

Name the email delivery service used (currently intended: Resend), conclude a data processing agreement under Article 28 GDPR, and document the safeguards under Articles 44 et seq. GDPR if data is transferred to a third country.

Newsletter

If you subscribe to our newsletter, we process your email address to send you the announced content. The legal basis is your consent (Article 6 (1) (a) GDPR).

You can unsubscribe at any time and withdraw your consent with effect for the future, for example via the unsubscribe link in every email or by message to kontakt@wachr.de.

TODO · before launch

Set up a double opt-in procedure before the first send and name the delivery service used here.

Analytics

For analytics we use a data-minimising, cookie-free measurement that builds no cross-device profiles and shares no personal data with third parties. Plausible Analytics is intended. The legal basis is our legitimate interest in a statistical evaluation of usage (Article 6 (1) (f) GDPR).

TODO · before launch

Confirm whether and in which configuration Plausible is active at launch; otherwise remove this section.

Cookies and local storage

This website is designed to run without tracking cookies. We use technically necessary storage only where it is required for operation, for example to remember your language choice. No consent is required for this (§ 25 (2) TDDDG).

TODO · before launch

Check which cookies or storage entries are actually set and refine this section accordingly.

Data security

We take technical and organisational measures to protect your data against loss, manipulation and unauthorised access (Article 32 GDPR). This website is transmitted encrypted over TLS, recognisable by “https” in your browser’s address bar.

Changes to this policy

We adapt this privacy policy whenever the processing changes or new legal requirements make it necessary. The version published on this page applies.