Skip to content

Privacy Notice

This page summarises, in plain English, how personal data is processed on der-ki-auditor.de (Art. 13/14 GDPR).

This is a courtesy summary. The German Datenschutzerklärung is the legally binding version.

Controller

FERNAU Präzisionstechnik GmbH (operating the brand "Der KI-Auditor" / The AI Auditor)
Merianstraße 5a, 64291 Darmstadt, Germany
Managing directors: Clara Fernau · Theodor Fernau · Lars Zimmermann
E-mail: [email protected] · Phone: +49 6150 184973-0

A data protection officer is not legally required and has not been appointed. For any privacy matter, contact us at [email protected].

What we process, and why

  • Website & hosting. The site is served via Cloudflare Pages. Technical server logs (IP address, time, requested file, browser type, referrer) are processed by Cloudflare for security and delivery and deleted automatically after a short period, usually a few days (legitimate interest, Art. 6(1)(f) GDPR; a data processing agreement is in place, and Cloudflare is certified under the EU-US Data Privacy Framework).
  • Booking a first call. Bookings run on our own booking page through our own backend (Supabase Edge Function, EU region Frankfurt); there is no redirect to an external booking service. To confirm your slot, we create the meeting as a Microsoft Teams meeting in our own Microsoft 365 calendar and send you the calendar invite; Microsoft processes the necessary meeting data as our processor within the EU Data Boundary. The booking is also stored in our internal lead system (Art. 6(1)(b) GDPR). Meeting data is deleted once the purpose has lapsed, unless statutory retention duties apply.
  • Contact & lead forms. Details you submit (name, e-mail, company, message, etc.) are stored in our Supabase backend (EU region Frankfurt) and trigger an internal e-mail notification to us via the e-mail service Resend. Your IP address and browser user agent are kept solely for spam protection and deleted within 90 days; inquiry data is generally deleted no later than 6 months after the matter is closed (Art. 6(1)(b) and (f) GDPR). No automated decision-making or profiling takes place.
  • Training bookings (PECB courses). If a binding course booking is made, the participant data required for course and exam registration (name, e-mail) is transferred to PECB Group Inc. in Canada (Art. 6(1)(b) GDPR; EU adequacy decision for Canada plus EU standard contractual clauses).

Cookies & analytics

This site uses no marketing or tracking cookies and embeds no ad networks, which is why there is no cookie banner. Only functional browser storage is used: your light/dark theme choice, a login token in the protected admin area, session-only UTM campaign parameters, and a technical service-worker cache for static files.

For reach and performance measurement we use Cloudflare Web Analytics. It is cookieless: no identifiers are placed in your browser, no fingerprinting, no cross-site profiles. Only aggregated usage and performance data is collected, so individual visitors cannot be identified (Art. 6(1)(f) GDPR).

Your GDPR rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR), and you may withdraw any consent at any time with effect for the future (Art. 7(3) GDPR). The fastest way is an e-mail to [email protected]; we respond within 30 days (Art. 12(3) GDPR). You also have the right to lodge a complaint with a data protection supervisory authority; the authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information (datenschutz.hessen.de).

For the full details, including encryption, locally hosted fonts, social media links, LinkedIn Lead Gen Forms and template downloads, please refer to the binding German version: Datenschutzerklärung.

Last updated: June 2026