Data Protection

Privacy Policy

Your privacy is important to us. Here you can learn how we protect and use your data.

Privacy Policy

1. Controller

The responsible entity for data processing is:

gh0stservice GmbH
Else-Lang-Str. 10
50858 Cologne, Germany

Phone: +49 152 59647188
Email: datenschutz@gh0stservice.com

2. Processing of Personal Data

gh0stservice GmbH processes personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

3. Purposes of Processing

Personal data is processed for the following purposes:

  • Fulfillment of contractual obligations and business transactions
  • Communication with business partners and customers
  • Compliance with legal obligations (e.g., tax and accounting requirements)
  • Legitimate interests, including the assertion and defense of legal claims

4. Categories of Personal Data

We process the following categories of personal data:

  • Basic data (e.g., name, address, contact details)
  • Contract data (e.g., service details, invoices, payment history)
  • Communication data (e.g., emails, phone calls, correspondence)
  • Banking and payment data (e.g., account details, transactions)

5. Legal Bases

Personal data is processed based on the following legal bases:

  • Article 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Article 6(1)(c) GDPR – Compliance with legal obligations
  • Article 6(1)(f) GDPR – Legitimate interests

6. Data Transfers to Third Parties

Personal data is only transferred to third parties if:

  • It is necessary for the performance of a contract (e.g., tax advisors, banks, IT service providers)
  • There is a legal obligation
  • Legitimate interests exist, provided no overriding interests of the data subject prevail

Transfers to third countries outside the EU only occur under the conditions of Articles 44–49 GDPR, particularly in cases where an adequacy decision exists or appropriate safeguards are in place.

7. Data Retention

Personal data is retained only as long as necessary for the stated purposes or as required by legal retention obligations:

  • 6 years under § 257 HGB (commercial correspondence, invoices)
  • 10 years under § 147 AO (accounting records, tax documents)

8. Rights of Data Subjects

Under the GDPR, data subjects have the following rights:

  • Right of access (Art. 15 GDPR) – Information about the processing of their data
  • Right to rectification (Art. 16 GDPR) – Correction of inaccurate or incomplete data
  • Right to erasure (Art. 17 GDPR) – Deletion of data, unless legal obligations prevent it
  • Right to restriction of processing (Art. 18 GDPR) – Restriction of data processing
  • Right to object (Art. 21 GDPR) – Objection to processing for specific reasons
  • Right to data portability (Art. 20 GDPR) – Receiving their data in a commonly used, machine-readable format

Requests can be directed to the contact details provided above.

9. Data Security

gh0stservice GmbH implements technical and organizational measures to ensure data security.
However, it should be noted that data transmission over the internet (e.g., via email) may have security vulnerabilities.
A complete protection against access by third parties is not possible.

10. Right to Lodge a Complaint

Data subjects have the right to file a complaint with the competent data protection authority if they believe that the processing of their personal data violates the GDPR.

Competent authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
www.ldi.nrw.de

11. Changes to This Privacy Policy

This privacy policy is updated as necessary to reflect legal or operational changes.

Last updated: February 24, 2025