Data Privacy Policy

Last Updated: September 1, 2024

NEYD GmbH ("NEYD", "we", "us") is committed to protecting the confidentiality and security of your personal data. This policy outlines our data processing practices in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The entity responsible for data processing on this website is:

NEYD GmbH
Rennbahnstraße 46
60528 Frankfurt am Main
Germany
Email: [email protected]

2. Scope of Data Collection

We collect and process personal data only to the extent necessary to provide a functional website and our services. This includes:

  • Professional Information: When you submit a project inquiry or job application, we collect names, corporate email addresses, phone numbers, and job titles.
  • Technical Telemetry: IP addresses, browser types, operating systems, and timestamp data required for network security and load balancing.
  • Communication Logs: Records of correspondence for project management and legal documentation purposes.

3. Legal Basis for Processing (Art. 6 GDPR)

We process your data based on the following legal grounds:

  • Contractual Performance (Art. 6(1)(b)): Processing necessary for the performance of a contract or preliminary steps (e.g., staffing requests).
  • Legitimate Interest (Art. 6(1)(f)): Ensuring network security, fraud prevention, and direct B2B marketing.
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax and commercial law retention periods.

4. International Data Transfers

NEYD operates globally with hubs in Frankfurt (EEA) and Tbilisi (Non-EEA). Data transfers to our Georgian operations center or third-party processors in third countries are protected by:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission.
  • Adequacy Decisions: Where applicable.

5. Data Security

We employ enterprise-grade technical and organizational measures (TOMs) to protect your data, including TLS 1.3 encryption, role-based access control (RBAC), and regular penetration testing aligned with ISO 27001 standards.

6. Your Rights

Under the GDPR, you have the right to:

  • Access your stored data (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erasure ("Right to be forgotten") (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).