Last updated: April 2026

Privacy Policy

1. Data Controller and Contact Information

Baltasaar Services GmbH ("Vector Defense") is the data controller responsible for the processing of personal data on this website. Our contact details are:

Baltasaar Services GmbH
Gensingerstr. 14
55457 Horrweiler
Germany
Email: [email protected]
Contact: [email protected] (AI chat support coming soon)
Managing Director: Christian Heinz
Commercial Register: HRB 38168, Amtsgericht Augsburg
Tax Number: 06/660/12978 (Finanzamt Bingen-Alzey)
VAT ID: DE346169366

For questions regarding data protection and privacy, you may contact our Data Protection Officer at [email protected].

2. Legal Basis for Data Processing

We process personal data on the basis of the following legal grounds under Article 6 GDPR:

• Article 6(1)(a) GDPR — Consent: Where you have explicitly consented to the processing of your data (e.g., for marketing communications, analytics cookies).
• Article 6(1)(b) GDPR — Contract Performance: Where processing is necessary to perform a contract or take pre-contractual steps (e.g., processing orders, handling inquiries).
• Article 6(1)(f) GDPR — Legitimate Interest: Where we have a legitimate business interest that does not override your rights and freedoms (e.g., website security, fraud prevention, general administrative purposes).

3. Categories of Data Collected

3.1 Contact Forms

When you submit a contact form on our website, we collect the following information:

• Full name
• Email address
• Company name
• Phone number
• Message content

This data is processed to respond to your inquiry, provide information about our services, and establish potential business relationships.

3.2 Calculator Submissions

Our online calculators (Storage Calculator, Personnel Calculator, Protection Calculator, Cyber Calculator) collect the above personal data plus calculator-specific information such as:

• Project scope and requirements
• Estimated timelines
• Budget parameters
• Technical specifications
• Calculated results and recommendations

This data enables us to provide accurate service estimates and tailor our offerings to your specific needs.

3.3 Shop Purchases

When making purchases through our shop, we additionally collect:

• Billing address and delivery address
• Payment method information (processed securely by payment processors)
• Order history and product preferences
• Invoice and transaction records

3.4 Automatically Collected Data

When you visit our website, we automatically collect:

• IP address
• Browser type and version
• Operating system
• Referring website
• Pages visited and time spent on each page
• Cookie identifiers

This data is collected to analyze website performance, improve user experience, and ensure security.

4. Purposes of Data Processing

We process personal data for the following purposes:

• Responding to customer inquiries and providing support
• Processing and fulfilling orders and contracts
• Sending service-related communications (order confirmations, invoices, delivery updates)
• Calculating personalized service estimates and recommendations
• Improving website functionality and user experience
• Analyzing usage patterns and optimizing content
• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations and regulatory requirements
• Maintaining business records and financial documentation (where applicable and permitted)

5. Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined above:

• Contact Inquiries: 24 months from submission date, unless a contract is established (see below)
• Customer Account Data: For the duration of our business relationship plus 10 years (required for tax and legal documentation under German law)
• Order and Transaction Data: 10 years (required under German Commercial Code § 257)
• Analytics Data: 26 months from collection date
• Website Logs: 30 days (for security purposes)

After the retention period expires, data is securely deleted or anonymized unless we are legally required to retain it longer.

6. Third-Party Data Processors

We may transfer personal data to the following third parties who act as data processors or data controllers:

6.1 Hosting Provider

Render (render.com) provides cloud hosting services for our website. Your data is processed on servers within the European Union. Render complies with GDPR and has signed a Data Processing Agreement with us.

6.2 Analytics Services

Google Analytics is used to analyze website traffic and user behavior. Google processes data on our behalf. Analytics processing requires your prior consent via the cookie banner. You can opt out by selecting "Necessary Only" when you first visit the site. Google's data processing is governed by Google's privacy policy and the Data Processing Amendment executed between Google and us.

6.3 Web Fonts

Google Fonts (fonts.googleapis.com) provides typefaces used on our website. Loading fonts may transmit your IP address to Google. This is processed on the basis of legitimate interest in website design and functionality. Google has committed to GDPR compliance under its Data Processing Amendment.

6.4 Payment Processors

For shop transactions, payment information is processed by PCI-DSS compliant payment processors. We do not store full payment card details. Payment data is transferred directly from your browser to the payment processor's secure servers.

6.5 Email Service Providers

Transactional emails (order confirmations, password resets) may be sent through email service providers that comply with GDPR and have executed Data Processing Agreements with us.

7. International Data Transfers

Personal data is primarily processed within the European Union and European Economic Area, where GDPR applies directly. To the extent data is transferred to countries outside the EEA, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions (e.g., for Switzerland under the adequacy decision effective September 2023)
• Your explicit consent where required

8. Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15 GDPR)

You have the right to request confirmation of whether we process your data and to obtain a copy of that data in a structured, commonly used, machine-readable format.

8.2 Right of Rectification (Article 16 GDPR)

You may request correction of inaccurate or incomplete personal data without undue delay.

8.3 Right to Erasure (Article 17 GDPR)

You have the right to request deletion of your data where there is no longer a lawful basis for processing, with certain exceptions (e.g., for legal compliance or contract performance).

8.4 Right to Restriction (Article 18 GDPR)

You may request that we limit processing of your data where you contest its accuracy, processing is unlawful, or we no longer need it but you require it for legal claims.

8.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your data in a structured, commonly used format and to transmit it to another controller without hindrance, where processing is based on consent or contract.

8.6 Right to Object (Article 21 GDPR)

You may object to processing based on legitimate interest or for direct marketing purposes at any time, free of charge.

8.7 Right to Withdraw Consent (Article 7 GDPR)

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at [email protected] with your request and sufficient identification information. We will respond within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection authority if you believe we have violated your rights under GDPR. The relevant supervisory authority for our location is:

Landesbeauftragter für den Datenschutz Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
Germany
Contact: [email protected]
Email: [email protected]

10. Data Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized processing, loss, or damage, including encryption in transit (TLS/SSL), secure hosting environments, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Changes will be posted on this page with an updated "Last updated" date. Continued use of our website constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns regarding our privacy practices, please contact us at:

Baltasaar Services GmbH
Email: [email protected]
[email protected]
Contact: [email protected] (AI chat support coming soon)