Privacy & Policy

Last updated: 7/9/2025 Effective date: 7/9/2025

1. Company Information

CIS Tech UG (Unternehmergesellschaft)
German Registration: HRB 274794, Berlin
Address: Rosenthaler Straße 72 A, 10119 Berlin
Email: hello@cistechde.eu
Parent Company: CIS Tech Ltd., Bangladesh Data Protection Officer: [Name and Contact]

2. Scope and Applicability

This Privacy Policy applies to all users of our services worldwide, including:

  • Website visitors to cistechde.eu and related domains
  • Clients of our software development, animation, IoT, and robotics services
  • Newsletter subscribers and marketing contacts
  • Job applicants and employees

Regional Compliance:

  • European Union: Full GDPR compliance
  • United States: CCPA compliance where applicable
  • Asia-Pacific: Local data protection laws
  • Middle East: Regional privacy regulations

3. Information We Collect

3.1 Personal Information

  • Contact Details: Name, email, phone number, company name, job title
  • Business Information: Project requirements, technical specifications, budget ranges
  • Communication Records: Emails, chat messages, meeting notes, support tickets
  • Payment Information: Billing addresses, payment methods (processed through secure third-party providers)

3.2 Technical Information

  • Website Analytics: IP address, browser type, device information, pages visited
  • Cookies: Functional, analytical, and marketing cookies (see our Cookie Policy)
  • Project Data: Source code, designs, databases, and technical documentation created during projects

3.3 Special Categories (Sensitive Data)

We do not intentionally collect sensitive personal data unless specifically required for project delivery and with explicit consent.

4. How We Use Your Information

4.1 Service Delivery

  • Project planning, development, and delivery
  • Technical support and maintenance
  • Quality assurance and testing
  • Client communication and reporting

4.2 Business Operations

  • Contract management and invoicing
  • Legal compliance and dispute resolution
  • Business development and marketing (with consent)
  • Internal analytics and service improvement

4.3 Legal Basis (GDPR)

  • Contract Performance: Delivering agreed services
  • Legitimate Interest: Business operations, security, fraud prevention
  • Consent: Marketing communications, non-essential cookies
  • Legal Obligation: Tax reporting, regulatory compliance

5. Information Sharing and Disclosure

5.1 Service Providers

  • Cloud Hosting Providers: AWS, Google Cloud, Microsoft Azure
  • Payment Processors: Stripe, PayPal, bank transfer services
  • Communication Tools: Email services, video conferencing platforms
  • Analytics Providers: Google Analytics (anonymized where possible)

5.2 Legal Requirements

We may disclose information when required by law, including court orders, regulatory investigations, tax and customs authorities, and law enforcement requests.

5.3 Business Transfers

In case of merger, acquisition, or sale, personal data may be transferred to the new entity with equivalent protection measures.

6. International Data Transfers

6.1 Cross-Border Processing

  • Primary Processing: Germany (adequate GDPR protection)
  • Secondary Processing: Bangladesh, USA, and other regions as needed
  • Safeguards: Standard Contractual Clauses, adequacy decisions, or explicit consent

6.2 Data Localization

Where required by local law, we maintain data within specific geographical boundaries, such as EU/EEA or state-level requirements.

7. Your Rights and Choices

7.1 Universal Rights

  • Access: Request information about data we hold
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request removal of personal data (subject to legal obligations)
  • Objection: Opt-out of marketing communications

7.2 GDPR Rights (EU Residents)

  • Data Portability: Receive data in machine-readable format
  • Restriction: Limit processing in certain circumstances
  • Automated Decision-Making: Protection against solely automated decisions
  • Supervisory Authority: Right to lodge complaints with data protection authorities

7.3 CCPA Rights (California Residents)

  • Know: Categories of information collected and shared
  • Delete: Request deletion of personal information
  • Opt-Out: Sale of personal information (we do not sell personal data)
  • Non-Discrimination: Equal service regardless of privacy choices

8. Data Security and Retention

8.1 Security Measures

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Staff Training: Regular privacy and security training for all employees

8.2 Retention Periods

  • Active Projects: Duration of project plus 3 years
  • Client Contracts: 7 years after contract termination (legal requirement)
  • Marketing Data: Until consent withdrawn or 3 years of inactivity
  • Website Analytics: 26 months maximum

9. Children's Privacy

We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information and notify parents/guardians where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

  • Post the updated policy on our website
  • Send notification for material changes
  • Update the "Last updated" date
  • Maintain previous versions for reference

Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Information

Data Protection Inquiries:

Email: hello@cistechde.eu

Address: Rosenthaler Straße 72 A, 10119 Berlin

Response Time: Within 30 days (1 month for GDPR requests)

Supervisory Authorities:

  • Germany: Federal Commissioner for Data Protection and Freedom of Information
  • EU: Your local data protection authority

For questions about our business practices, please see our Terms of Service. For cookie-specific information, please see our Cookie Policy.