Privacy Policy & Data Protection Information

2. Scope, Purposes, and Legal Basis of Processing
We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other relevant legal frameworks. The specific categories, purpose, and legal bases depend on your operational interaction with us:

a) Website Provision, Logfiles, and International Hosting
When visiting our web presence for information purposes, your browser automatically transmits technical metadata. This includes your IP address, browser type/version, operating system, referrer URL, and the precise timestamp of the request.
Purpose:
Ensuring system security, network stability, technical optimization, and seamless website presentation.
Legal Basis:
Art. 6(1)(f) GDPR (Legitimate interests in maintaining an error-free, secure web infrastructure).

b) Contractual and Pre-Contractual Consulting Services
We process corporate contact information, administrative metadata, master data, and project-specific consultation info of our clients, prospects, suppliers, and institutional partners globally.
Purpose:
Managing B2B client accounts, delivering consulting services across industries (including industrial systems, infrastructure, agriculture, and medical technology), drafting quotes, processing invoices, and performing quality assurance.
Legal Basis:
Art. 6(1)(b) GDPR (Performance of a contract or execution of pre-contractual measures).

c) Contact Requests, Global Communications, and Inquiries
When you reach out via email, contact forms, or international communications infrastructure, we store your identity details (name, corporate affiliation, contact channels) and the scope of your inquiry.
Purpose:
Efficient processing, coordination, and fulfillment of your international professional inquiries.
Legal Basis:
Art. 6(1)(b) GDPR (for contractual inquiries) or Art. 6(1)(f) GDPR (Legitimate interest in responsive professional communication).

3. Special Provisions for High-Sensitivity and Technical Industries
Given ECONOTECH Consulting’s specific expertise, special categories of data might occasionally interface with
our infrastructure under strict boundaries:
Medical Technology (RIS/PACS / Healthcare infrastructure):
In the context of medical imaging system rollouts or consulting on healthcare networks, ECONOTECH Consulting acts strictly as a professional IT/infrastructure consultant. We generally operate on anonymized test environments or synthesized metadata.
Should direct contact with personal health data (Art. 9 GDPR) be technically required during system go-lives, this occurs strictly under an explicit Data Processing Agreement (DPA / Auftragsverarbeitungsvertrag) pursuant to Art. 28 GDPR, governed by rigorous encryption standards and mandatory professional
confidentiality.
Industrial, Infrastructure, and Agricultural Automation (Drones, GIS, Smart Farming):
Any telemetry, spatial location coordinates, or automated sensor logs processed during infrastructure mapping, drone operations, or agricultural consulting are processed strictly to fulfill specific contractual parameters under Art. 6(1)(b) GDPR or based on clear authorization structures.

4. Recipients of Data and International Transfers
As a globally active firm, data may be accessed within our secure corporate network or transferred to selected third parties, adhering strictly to legally approved mechanisms.Internal and External Recipients Your data is only transferred to: internal specialists handling your project, cloud providers and IT service
infrastructure hosts, tax consultants/auditors, and specialized sub-contractors directly bound by confidentiality agreements. International Third-Country Transfers (Outside the EEA) If data is processed in countries outside the European Economic Area (EEA) (e.g., international branches, overseas project locations, global cloud nodes), we guarantee a high level of European data protection before any transfer occurs. This is ensured via: An official Adequacy Decision by the EU Commission (Art. 45 GDPR). The incorporation of the official EU Standard Contractual Clauses (SCCs) in contracts with recipients, supplemented by technical safeguards (e.g., end-to-end encryption) where appropriate (Art. 46(2)(c) GDPR).

5. Retention Period and Data Erasure
We retain personal data only as long as necessary to fulfill the intended processing purposes, or as mandated by statutory retention periods. Criteria include:
Commercial and fiscal laws (e.g., German Commercial Code/HGB, Fiscal Code/AO) prescribe retention periods of 6 to 10 years for contracts, invoices, business correspondence, and financial logs. Data processed based on legitimate interest is deleted once the interest expires or a valid objection is made,
provided no overriding legal requirements exist.

6. Your Data Subject Rights under the GDPR
You have the following legal rights regarding your personal data under the terms of European law. You may
exercise these at any time by contacting us using the details in Section 1:

RIGHT TO OBJECT (Art. 21 GDPR)
If your personal data is processed based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation. If you object, we will cease processing your data unless we can demonstrate compelling legitimate grounds that override your
interests, rights, and freedoms, or if processing serves the establishment, exercise, or defense of legal claims.

7. Data Security
To shield all processed data against manipulation, loss, destruction, or unauthorized access, ECONOTECH Consulting implements advanced technical and organizational security measures (TOMs). This includes state-of-the-art TLS/SSL transport layer encryption for website interfaces, centralized credential management, access controls, segregated networks, and robust backup protocols.

8. Validity and Updates
Due to the continuous evolution of international legal parameters or changes in our operational services (e.g.,expanding cloud systems, technological rollouts), it may become necessary to amend this Privacy Policy. Thecurrent valid version can always be accessed on our corporate website.