Privacy Policy
Information pursuant to Art. 13 and Art. 14 GDPR and § 25 TDDDG.
The legally binding version is the German original (Datenschutzerklärung).
This English version is provided for convenience only.
1. Controller
Controller pursuant to Art. 4 No. 7 GDPR is:
HAIZOP GmbH
Tschaikowskistraße 21
04105 Leipzig
Germany
Managing Director: Christian Machens
Phone: +49 (0) 151 24 155 887
E-mail: info@haizop.com
2. Data protection officer
HAIZOP GmbH has not appointed a data protection officer because the thresholds of § 38 of the German Federal Data Protection Act (BDSG) are not met and no core processing activity pursuant to Art. 37(1) GDPR is carried out. Please direct privacy questions to datenschutz@haizop.com.
3. General information on processing
We only process personal data to the extent necessary to provide a functional website and our content and services. The legal bases are in particular Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract / pre-contract), Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest).
4. Server log files
- anonymised IP address (last octet stripped)
- date and time of access
- requested URL
- HTTP status code and volume of data transferred
- referrer URL
- browser and operating system (user agent)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in site security and operation). Retention: 14 days, then automatic deletion.
5. SSL/TLS encryption
This website uses SSL/TLS encryption for security and to protect the transmission of confidential content, recognisable by the "https://" prefix and the padlock in your browser.
6. Cookies and local storage
This website only uses strictly necessary cookies within the meaning of § 25(2)(2) TDDDG. No consent is required. We do not use analytics or marketing cookies.
| Name | Purpose | Lifetime | Category |
|---|---|---|---|
session_id | Session identifier, CSRF protection | 7 days (HttpOnly) | strictly necessary |
frontend_lang | Stores the chosen UI language | 12 months | strictly necessary |
7. Contact by e-mail
If you contact us by e-mail, your data will be stored for the purpose of handling the inquiry and for follow-ups. Legal basis: Art. 6(1)(b) or (f) GDPR. Retention: until the inquiry is resolved plus 12 months, subject to statutory retention obligations.
8. Contact form
Data submitted via the contact form (name, e-mail, optional company, phone and message) is stored as a lead in our internal CRM to process your request. Legal basis: Art. 6(1)(b) / (f) GDPR. Retention: see section 7.
9. Web fonts
Font icons on this site are served locally (Font Awesome). No external font files are
fetched. The HTML head contains a preconnect hint to fonts.gstatic.com
as a browser optimisation; it does not by itself trigger a data transfer.
10. AI-assisted processing
Our authenticated product (not this marketing website) uses an external AI API provider to support HAZOP analyses. The specific provider, location and safeguards are disclosed to business customers under the data-processing agreement.
11. Processors and recipients
| Recipient category | Purpose | Location | Legal basis |
|---|---|---|---|
| Hosting provider (IaaS) | Website infrastructure | EU (Germany) | Art. 6(1)(f) GDPR |
| External AI API provider (product only, not this site) | HAZOP analysis support | Disclosed in DPA | Art. 6(1)(b)/(f), Art. 28 GDPR |
| Internal CRM operator | Lead handling from contact form | EU (Germany) | Art. 6(1)(b)/(f) GDPR |
12. Data-processing agreement
Business customers using HAIZOP in production enter into a data-processing agreement pursuant to Art. 28 GDPR covering scope, duration, purpose, categories of data and technical/organisational measures.
13. International transfers
Transfers of personal data to third countries outside the EU/EEA, if any, occur only in the authenticated product (not on this website) and rely on Art. 44 ff. GDPR safeguards: adequacy decisions (e.g. EU-US Data Privacy Framework), Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914, and additional technical/organisational measures.
14. Retention and deletion
- Server logs: 14 days
- Inquiries and leads: until resolved + 12 months
- Customer accounts: until end of contract + 90 days
- Records subject to commercial/tax retention law: up to 10 years (§§ 147 AO, 257 HGB)
15. Your rights
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent with future effect (Art. 7(3) GDPR)
- Complaint to a supervisory authority (Art. 77 GDPR)
Contact: datenschutz@haizop.com.
16. Right to object
Where processing is based on Art. 6(1)(f) GDPR you may object at any time for reasons arising from your particular situation. We will then stop processing unless we can demonstrate compelling legitimate grounds overriding your interests.
17. Right to lodge a complaint
The competent supervisory authority for HAIZOP GmbH (seated in Leipzig) is:
Der Sächsische Datenschutzbeauftragte
Devrientstraße 1, 01067 Dresden, Germany
Phone: +49 (0) 351 85471-101
E-mail: saechsdsb@slt.sachsen.de
Web: www.saechsdsb.de
18. No automated decision-making on this website
This website does not carry out automated decision-making within the meaning of Art. 22 GDPR, including profiling.
19. Data security
We use state-of-the-art technical and organisational measures to protect personal data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties, and improve them continuously.
20. Changes to this privacy policy
We reserve the right to amend this privacy policy with future effect to reflect legal or service changes. Your next visit is governed by the then-current version.