1. Controller

GS Private Equity GmbH
Baumschulenallee 20–22, 30625 Hannover, Germany
Phone: +49 (0) 511 94 27 41 33
Email: info@gs-private-equity.de

(If a Data Protection Officer has been appointed, they can be reached at the postal address above, adding “Data Protection”, or via the email address provided.)

2. Scope

This notice explains how we process personal data on our website and, separately, the principles applicable when customers use our SaaS platform/modules (e.g., CRM/CMS, Affiliate, Academy, KYC/AML integrations).

• Website: GS Private Equity GmbH acts as the controller (Art. 4(7) GDPR).

• SaaS/Modules: We usually act as a processor on behalf of our business clients (Art. 28 GDPR). In certain integration scenarios, joint controllership may apply. Appropriate agreements (DPA/JCA) are in place.

3. Purposes & Legal Bases

We process personal data under the GDPR:

• Art. 6(1)(a) consent: e.g., cookies/marketing, newsletter.

• Art. 6(1)(b) contract/performance: e.g., handling contact requests, demos.

• Art. 6(1)(c) legal obligation: e.g., statutory retention.

• Art. 6(1)(f) legitimate interests: e.g., IT security, privacy-friendly analytics, abuse prevention.

4. Website provision / server logs

When you access our site, the following may be processed automatically: IP address (truncated where possible), date/time, requested content, referrer URL, user agent, error codes.
Purpose: deliver the website, ensure stability and security (Art. 6(1)(f) GDPR).
Retention: log files are typically deleted within 14–30 days unless required for security reasons.

5. Cookies, consent & local storage

We use strictly necessary cookies/storage for technical operation and — only with consent — optional categories (e.g., statistics/marketing).
Consent is managed via a Consent Management Platform (Art. 6(1)(a) GDPR) and can be withdrawn at any time with future effect.

6. Contact forms, email & booking

If you contact us, we process your details (name, email, message, subject of interest, etc.) to respond to your request (Art. 6(1)(b) or (f) GDPR).
Retention: queries are deleted once resolved, or after 12 months at the latest, unless legal retention applies.

7. Newsletter (if used)

We operate a double-opt-in process. Only your email address is required; other fields are optional. Legal basis is consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time (link in each email).

8. Analytics & reach measurement

We employ privacy-friendly analytics (e.g., PostHog, EU cloud or self-hosted), preferably cookieless with IP anonymization/pseudonymization.
Purpose: statistics, debugging, product improvement (Art. 6(1)(f) GDPR or (a) with consent).
Opt-out: via our consent tool or your browser settings.

9. Integrated services / processors

To provide our services, we may engage:

• Hosting/Cloud & CDN (EU/EEA preferred),

• Analytics (e.g., PostHog),

• Identity/KYC providers (e.g., iDenfy) for platform workflows,

• CRM/CMS/Support systems (e.g., Odoo, Sanity),

• Communication (email providers, conferencing).
  We have Data Processing Agreements in place with all processors (Art. 28 GDPR). Names and locations are available upon request or in our Records of Processing.

10. International transfers

If data is transferred to a third country (outside the EU/EEA), this happens only where:

• an EU adequacy decision exists, or

• EU Standard Contractual Clauses (SCCs) plus transfer risk assessments and supplementary safeguards are implemented.
  Details are available on request.

11. Data security

We implement technical and organizational measures (access controls, encryption, role-based access, logging, data minimization) to protect your data against loss, misuse, and unauthorized access.

12. Retention

We retain personal data only as long as necessary for the respective purposes or as required by law. Afterwards, data is deleted or anonymized.

13. Your rights

You have the following rights under the GDPR:

• Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18),

• data portability (Art. 20), objection (Art. 21),

• withdrawal of consent (Art. 7(3)) with future effect.
  You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in your habitual residence, place of work, or place of the alleged infringement.

14. Children

Our online services are not intended for children under the age of 16.

15. Changes to this policy

We may update this policy due to legal or technical changes. The current version is always available on this website.

Privacy contact:
GS Private Equity GmbH, Baumschulenallee 20–22, 30625 Hannover, Germany
Email: info@gs-private-equity.de