Privacy Policy

General Information

This privacy policy informs you about which personal data we process, how we use it, and what rights you have.

Personal data includes all information that can be used to personally identify you.

Controller

The entity responsible for processing your personal data on this website is:

TOPAS Industriemathematik Innovation gGmbH
Konrad Zuse Straße 6a
28359 Bremen, Germany
Phone: +49 (0) 421 25632500
Email: datenschutz@topas.tech

The controller determines the purposes and means of processing personal data.

Data Protection Officer

We have appointed a Data Protection Officer. You can reach them at:

Email: datenschutz@topas.tech

Collection and Use of Your Data

How do we collect your data?

Directly provided: When you create an account or request a license, you actively provide us with personal data. Mandatory fields are required to process your request or to set up your account.

Automatically collected: When you visit our website, technical data (e.g., browser type, operating system, time of access, IP address) is automatically collected. This data is technically necessary to provide the website and ensure its security.

No analytics or tracking: We do not use cookies, tracking tools, analytics software, or marketing tracking.

What do we use your data for?

• To technically operate and ensure the functionality of our website
• To process your license request
• To enable you to log in to your user account
• Only with your separate consent: To contact you for consultation or follow up purposes (see the section “Consultation & Follow Ups Based on Your Consent”)
• We do not use your data for marketing, analytics, or advertising unless you have explicitly consented to this

Legal Bases

• Art. 6(1)(b) GDPR (contract performance/contract initiation, e.g., license requests, account creation)
• Art. 6(1)(f) GDPR (legitimate interest in operating and securing the website)
• Art. 6(1)(a) GDPR (consent), only if you provide it (e.g., for consultation/follow up contact)

Consultation & Follow Ups Based on Your Consent (Art. 6(1)(a) GDPR)

If you voluntarily choose to give your consent, we may contact you by email and/or telephone to provide advice related to your WORHP request, offer additional information, updates, or suitable solutions.

• Voluntary & Revocable: Your consent is voluntary and not required for submitting a license request. You can withdraw your consent at any time with future effect, e.g., by emailing datenschutz@topas.tech
• Scope Transparency: Your consent applies exclusively to consultation and follow up contact related to WORHP and closely related topics. No additional advertising will be sent without separate consent.
• Documentation: We record the time, content, and contact information (e.g., email address) associated with your consent in order to meet our legal accountability requirements.
• Double Opt In (Email): For email-based consent, we may use a double opt in procedure (confirmation email with verification link) to ensure that you are the owner of the provided email address.
• Retention Period: We store your consent and related metadata until you withdraw your consent or for as long as required to meet legal record keeping obligations (typically up to 3 years after the last contact).

Note: Without your consent, we restrict ourselves to processing your request (Art. 6(1)(b) GDPR) and do not contact you for consultation or marketing purposes.

Hosting and Data Processing Agreement

Hosting

Our website is hosted by an external hosting provider. The host processes, among other things, IP addresses, metadata/communication data, contact details, form submission content, and technical usage data.

Legal bases: Art. 6(1)(b) GDPR (contract initiation/performance), Art. 6(1)(f) GDPR (legitimate interest in a secure and functional website)

Hoster:

Host Europe GmbH
c/o Spaces
Gertrudenstraße 30-36
50667 Köln

Data Processing Agreement

We have concluded a Data Processing Agreement (Art. 28 GDPR) with the hosting provider to ensure that personal data is processed only according to our instructions and in compliance with the GDPR.

Storage Period

We retain personal data only for as long as necessary for the respective purpose or as required by law.

• Server log files: up to 14 days (longer retention only to investigate security incidents)
• License requests: retained for processing and communication; deleted once the purpose ends and no obligations oppose deletion
• Consent for consultation/follow ups: stored until withdrawal or expiration of legal retention periods (typically up to 3 years)
• Business and contract data: up to 10 years (according to § 257 HGB, § 147 AO)
• Newsletter data: currently no newsletter; if introduced, consent will be collected accordingly

Rights of Data Subjects

Under the GDPR, you have the following rights:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time with future effect (Art. 7(3))

To exercise your rights, contact us at: datenschutz@topas.tech

You also have the right to lodge a complaint with the supervisory authority: The State Commissioner for Data Protection and Freedom of Information of Bremen

Right to Object

If your data is processed based on Art. 6(1)(f) GDPR (legitimate interests), you may object at any time. We will then cease processing unless we can demonstrate compelling legitimate grounds or the processing serves the establishment, exercise, or defense of legal claims.

Server Log Files

When visiting our website, the following data is automatically collected: browser type and version, operating system, referrer URL, hostname of the accessing device, time of the server request, IP address. This processing is necessary solely to ensure technical functionality and website security.

Legal basis: Art. 6(1)(f) GDPR.

Contact Form / Email / Telephone

When you contact us through the contact form or via other communication channels, we process your data to respond to your request.

Legal bases:

• Art. 6(1)(b) GDPR (contract related requests)
• Art. 6(1)(f) GDPR (legitimate interest in communication)
• Art. 6(1)(a) GDPR (only if you voluntarily consent to consultation/follow ups)

We delete this data once the purpose has ended and no legal obligations prevent deletion.

Newsletter

We currently do not offer a newsletter. Should we introduce one, we will collect your explicit consent beforehand (Art. 6(1)(a) GDPR; possibly double opt in) and update this privacy policy accordingly.

SSL/TLS Encryption

Our website uses SSL/TLS encryption (“https://”). This ensures that transmitted data is protected from unauthorized access.

Updates to This Privacy Policy

We reserve the right to update this privacy policy. The most current version is always available on our website.