Privacy Policy

Last updated: 10/25/2025

Data Controller

Brandenburg Data Consulting is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR).

Brandenburg Data Consulting
Brandenburgische Str. 15366 Hoppegarten, Germany
Email: info@brandenburgdataconsulting.de
Phone: +49 (173) 878-4045
Data Protection Officer: info@brandenburgdataconsulting.de

Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal bases:

  • Consent (Article 6(1)(a)): When you provide explicit consent for marketing communications or newsletter subscriptions
  • Contract Performance (Article 6(1)(b)): When processing is necessary to perform a contract with you or take pre-contractual steps
  • Legitimate Interest (Article 6(1)(f)): For business communications, security measures, and website analytics
  • Legal Obligation (Article 6(1)(c)): When we must comply with legal requirements, such as tax or accounting obligations

Updates and Changes

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Information We Collect

Brandenburg Data Consulting collects information you provide directly to us, such as when you:

  • Contact us through our website or email
  • Request information about our services
  • Subscribe to our newsletter or blog updates
  • Participate in surveys or feedback forms
  • Engage with our social media content
  • Attend webinars or events we host

How and Why We Gather Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Respond to your inquiries and communicate with you
  • Send you technical notices and security alerts
  • Provide customer support and troubleshooting
  • Analyze usage patterns to improve our website and services
  • Personalize your experience with our content
  • Comply with legal obligations and protect our rights

Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies help us:

  • Remember your preferences and settings
  • Understand how you use our website
  • Improve website performance and functionality
  • Provide relevant content and recommendations

You can control cookie settings through your browser preferences. However, disabling cookies may affect the functionality of our website.

Information Sharing and Third-Party Processors

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described below:

  • With service providers who assist us in operating our website and services
  • When required by law or to protect our rights and safety
  • In connection with a business transfer or acquisition
  • With your explicit consent for specific purposes

Data Processing Agreements (DPA)

We maintain formal Data Processing Agreements with all third-party processors to ensure GDPR compliance:

🏥 Google Places API (OralMind AI Dental Service)

Purpose: Real-time dentist location and review data for dental consultations

Data Processed: Location queries, dentist search parameters (no personal health data sent to Google)

Legal Basis: Legitimate interest (Article 6(1)(f)) for providing requested services

Retention: No data stored by us; Google's retention governed by their DPA

Safeguards: Standard Contractual Clauses (SCCs), real-time processing only

DPA Status: ✅ Google Cloud Data Processing Agreement in place

User Rights: Data processed in real-time only; no persistent storage for enhanced privacy

📊 Google Analytics (Website Analytics)

Purpose: Website usage analytics and performance optimization

Data Processed: Anonymized usage data, page views, session duration

Legal Basis: Consent (Article 6(1)(a)) via cookie consent

Retention: 14 months (configured retention period)

Safeguards: IP anonymization enabled, consent-based activation

DPA Status: ✅ Google Analytics Data Processing Agreement active

User Control: Opt-out available via cookie preferences

Your Rights with Third Parties: You can exercise your GDPR rights directly with Google via their privacy controls, or contact us to facilitate the process. We ensure all processors provide adequate protection for your data.

Data Security & Breach Notification

Security Measures

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • End-to-end encryption for data transmission (TLS 1.3)
  • Access controls and authentication systems
  • Regular security audits and vulnerability assessments
  • Secure data storage with encryption at rest
  • Employee training on data protection and security
  • Incident response and monitoring systems

Data Breach Notification Procedure

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Within 72 hours: Notify the relevant supervisory authority (German Federal Commissioner for Data Protection)
  • Without undue delay: Inform affected individuals if the breach poses a high risk to their rights and freedoms
  • Provide clear information about: Nature of the breach, likely consequences, and measures taken to address it
  • Include contact information for our Data Protection Officer for further inquiries
  • Document the breach including facts, effects, and remedial action taken

Contact for security concerns: security@brandenburgdataconsulting.de

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We continuously review and improve our security measures to maintain the highest standards of data protection.

Notifications and Communications

We may send you communications including:

  • Service-related announcements and updates
  • Responses to your inquiries and support requests
  • Marketing communications about our services (with your consent)
  • Security alerts and important account information

You can opt-out of marketing communications at any time by following the unsubscribe link in our emails or contacting us directly.

Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request access to your personal data and information about how we process it
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Article 17): Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing (Article 18): Request limitation of processing in specific situations
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your national data protection authority

🔒 Automated Data Access Portal

For your convenience, we provide a secure online portal where you can exercise your GDPR rights quickly and efficiently:

Access Your Data Portal →

✓ Secure identity verification ✓ Real-time request tracking ✓ Multiple export formats ✓ 30-day response guarantee

Alternatively, you can contact us directly at info@brandenburgdataconsulting.de. We will respond to your request within 30 days as required by GDPR.

Data Retention Periods

We retain different types of personal information for specific periods based on legal requirements and business needs:

Contact Form Data & Inquiries

Retained for 3 years from last contact for business communication purposes and legal compliance.

Newsletter Subscriptions

Retained until you unsubscribe or request deletion. Inactive subscriptions are automatically purged after 2 years.

Website Analytics Data

Google Analytics data is retained for 14 months. We do not control Google's data retention beyond this period.

Cookie Consent Records

Stored locally on your device for 12 months, then automatically renewed or requested again.

Dental Search Data (OralMind AI)

Not retained. All dental and health data is processed in real-time and immediately discarded after display.

Legal & Compliance Records

Tax and accounting records retained for 10 years as required by German law. Contract records retained for 6 years after contract termination.

When retention periods expire, we securely delete or anonymize the data unless legal obligations require longer retention.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

Children's Privacy Protection

Important Notice for Users Under 16

Our services are intended for business and professional use. We do not knowingly collect personal information from children under 16 years of age.

GDPR Article 8 Compliance

  • Age Verification: Users must confirm they are 16 or older to use our services
  • Parental Consent: For users under 16, verifiable parental consent is required before processing any personal data
  • Enhanced Protection: Any data from users under 16 receives additional protection and safeguards
  • Immediate Deletion: If we discover we have collected data from a child under 16 without proper consent, we will delete it immediately

Special Considerations for Dental AI Service

Our OralMind AI dental consultation service involves health-related information and is subject to additional restrictions:

  • Minimum age requirement: 18 years for independent use
  • Users 16-18 require parental supervision and consent
  • No medical advice is provided to minors without parental involvement
  • Health data from minors is processed with extra safeguards

For Parents/Guardians: If you believe your child under 16 has provided personal information without your consent, please contact us immediately at privacy@brandenburgdataconsulting.de for immediate removal.

Security and Contact Information

If you have any questions about this Privacy Policy, concerns about your data, or wish to exercise your rights, please contact us:

Brandenburg Data Consulting
Email: info@brandenburgdataconsulting.de
Phone: +49 (173) 878-4045
Address: Brandenburgische Str. 15366 Hoppegarten

We are committed to addressing your concerns and will respond to your inquiries within 30 days.