§ 1 Information on the Collection of Personal Data
Below we inform you about how we collect and process personal data when you use our website. Personal data refers to all data that can be related to you personally. This includes, for example, your name, address, and e-mail address. According to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR), the data controller is BaySec – Bayerische Gesellschaft für Cybersicherheit mbH, Stoissberg 79, 83454 Anger (see our legal notice for more information). If you contact us by e-mail or via a contact form, we will store the data you provide so that we can process or answer your question. We delete this data after the storage of the data is no longer necessary, or we restrict processing if statutory retention obligations require it. In the event that we use commissioned service providers for individual functions as part of our data processing, we will inform you in detail about this below. This also applies if we wish to use your data for advertising purposes. You will also be informed about the criteria for the storage period in this context.
§ 2 Your Rights
Regarding your personal data, you have the following rights towards us: Right to access, right to data portability, right to object to processing, right to restriction of processing, right to rectification or erasure. You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
§ 3 Collection of Personal Data when Visiting our Website
When you visit our website purely for informational purposes If you use our website merely for informational purposes, i.e., you do not register or otherwise transmit information (e.g., newsletter registration), we only process the personal data that your browser or computer system transmits to our servers. We process the data because it is technically necessary to display our website to you, as well as to ensure stability and security. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR. Specifically, the following data is processed: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request comes, browser (e.g., language, version, manufacturer), operating system.
Use of Cookies In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using, and they serve to make the overall Internet offering more user-friendly and effective. The entity that sets the cookie (here BaySec – Bayerische Gesellschaft für Cybersicherheit mbH) receives certain information through this. Cookies cannot transmit viruses to your computer or execute programs.
This website uses „Transient Cookies“ (temporary storage), „Persistent Cookies“ (time-limited storage), as well as Third-Party Cookies (stored by third-party providers). Below we explain the scope and functionality:
-
Transient Cookies, which also include so-called session cookies, are only stored temporarily and are automatically deleted when you close the browser. Transient cookies work with a so-called session ID, with which various requests from your browser can be assigned. With such cookies, your computer can be identified again when you return to our website.
-
Persistent Cookies are automatically deleted after a specified duration, which may vary depending on the cookie. Thus, if you close your browser, such cookies remain stored on your computer until this duration expires.
-
Third-Party Cookies are created by third-party providers.
You can configure the processing of cookies in your browser according to your preferences, delete them, and, for example, generally reject the storage of cookies. We point out that some functions of our website may not be usable or may restrict your experience when using our website as a result. If necessary, please familiarize yourself with the operation of your browser for this purpose. We use cookies to be able to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.
§ 4 Further Functions and Offers of our Website In addition to the purely informational use of our website, we offer various services. You can use these if you are interested. As a rule, this requires the provision of further personal data, which we use for the purpose of fulfilling the service. The previously described data processing principles also apply to these. For the processing of your data, we partly use external service providers. We have carefully selected and commissioned them. They are bound by our instructions. We will inform you in the description of our offer if our service providers or partners are based in a country outside the European Economic Area (EEA); this also applies to the consequences of this circumstance.
§ 5 Newsletter You can optionally subscribe to our newsletter and indicate your consent through active registration and confirmation. With the newsletter, you will receive current information on security, offers, and promotions from BaySec – Bayerische Gesellschaft für Cybersicherheit mbH.
You can subscribe to the newsletter using the so-called double-opt-in procedure. After your registration, we will send an e-mail to the e-mail address you provided. You must click on the confirmation link in this e-mail. Only then is the newsletter subscription activated. If you do not confirm your registration, your information will be automatically deleted after one month. We store your IP address and the time of registration as well as the confirmation respectively. The reason for this storage is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We need at least your e-mail address to register for the newsletter. Further data is voluntary, e.g., to be able to address you personally. As soon as you have confirmed the newsletter within the scope of the double-opt-in procedure, we store the previously listed data for the purpose of sending the newsletter. The legal basis for this is Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. For this purpose, you will find a provided link in every newsletter e-mail. You can also send us an e-mail at newsletter@eusec.net or contact us via the contact form.
§ 6 Objection or Revocation against the Processing of Your Data Of course, you can revoke your consent to the processing of your data at any time if you have previously given your consent to the processing of your data. If we base the processing of your personal data on a balancing of interests, you can object to the processing. You can inform us about your objection to advertising using the following contact details:
BaySec – Bayerische Gesellschaft für Cybersicherheit mbH Datenschutz Stoißberg 79 83454 Anger E-Mail: legal(at)eusec.net
§ 7 Social Media, Platform Profiles, and External Presences We use static links to social media and Github channels. When you click such a link, you leave the area of BaySec – Bayerische Gesellschaft für Cybersicherheit mbH. Despite careful content control, we assume no liability for the content and data processing of external links. The operators of the linked pages are solely responsible for their content and data processing.
Additionally for the profiles actively operated by us:
Instagram We operate a company profile on Instagram. When you visit our Instagram profile, Instagram or Meta processes personal data of users, also for their own purposes. This applies in particular to data that arises when using the platform, interacting with our content (e.g., likes, comments, direct messages, story interactions), as well as in the provision of statistics and reach analyses („Insights“).
Insofar as we communicate with you via our Instagram profile or process your inquiries, we process the data you have provided in this context to handle your request, for our company’s public representation, and for reach analysis. The legal basis is Art. 6 Para. 1 lit. f GDPR; insofar as the communication is aimed at concluding or executing a contract, additionally Art. 6 Para. 1 lit. b GDPR.
Insofar as Meta provides us with Insights or other statistics, we generally only receive aggregated data from which we basically cannot directly identify individual persons. Otherwise, data processing on Instagram takes place in accordance with Meta’s privacy policy. Further information on the processing of personal data by Meta, on recipients, third-country transfers, and your setting options can be found in the privacy policy of Instagram/Meta at: https://privacycenter.instagram.com/policy
We delete data processed directly by us as soon as the purpose of the processing ceases to apply and there are no opposing statutory retention obligations.
Spotify We also operate a company profile or publish content on Spotify. When accessing our Spotify profile or our content provided there, Spotify generally processes the personal data of users under its own data protection responsibility. This may particularly concern profile/account data and usage data, such as interactions with the service, search queries, streaming history, playlists, library, navigation history, or the use of connected third-party services.
Insofar as we communicate with you via Spotify or receive statistics and evaluations regarding our content within the scope of creator/artist functions, we process this information for communication, reach measurement, and to improve our offering. The legal basis is Art. 6 Para. 1 lit. f GDPR; insofar as the communication is aimed at concluding or executing a contract, additionally Art. 6 Para. 1 lit. b GDPR.
Insofar as Spotify provides us with statistics or Insights, we regularly only receive aggregated information. Insofar as we receive personal data from Spotify and process it further ourselves, this happens under our own data protection responsibility. Further information on data processing by Spotify can be found at: https://www.spotify.com/de/legal/privacy-policy/
We delete data processed directly by us as soon as the purpose of the processing ceases to apply and there are no opposing statutory retention obligations.
Spotify for Creators / Spotify for Artists Insofar as we use special business or creator functions of Spotify and exchange personal data with Spotify in this context, Spotify and we are each independently responsible for data protection in this regard.
LinkedIn We operate a company profile on LinkedIn. When visiting our LinkedIn profile, LinkedIn processes personal data of users, also for its own purposes. This applies in particular to data that arises when using the platform, interacting with our profile or our posts (e.g., page views, follows, reactions, comments, messages), as well as in the provision of statistics and reach analyses („Page Insights“).
Insofar as we communicate with you via our LinkedIn profile or process your inquiries, we process the data you have provided in this context to handle your request, for our company’s public representation, and for reach analysis. The legal basis is Art. 6 Para. 1 lit. f GDPR; insofar as the communication is aimed at concluding or executing a contract, additionally Art. 6 Para. 1 lit. b GDPR.
Insofar as LinkedIn provides us with „Page Insights“, we generally receive aggregated data from which we basically cannot directly identify individual persons. For the processing of personal data in connection with these „Page Insights“, there is a joint controllership between LinkedIn and us within the meaning of Art. 26 GDPR. According to its own statements, LinkedIn assumes primary responsibility for fulfilling the data protection information obligations and for handling data subject rights in relation to the Insights data.
Otherwise, data processing by LinkedIn takes place in accordance with LinkedIn’s privacy policy. Further information on the processing of personal data by LinkedIn, on recipients, on third-country transfers, and on your setting options can be found at: https://privacy.linkedin.com/de-de https://www.linkedin.com/legal/l/page-joint-controller-addendum
We delete data processed directly by us as soon as the purpose of the processing ceases to apply and there are no opposing statutory retention obligations.
YouTube We operate a company channel on YouTube. When visiting our YouTube channel or interacting with our content, YouTube or Google processes personal data of users, also for their own purposes. This applies in particular to data that arises when using the platform, interacting with our channel or our content (e.g., video views, comments, likes, live chat participation, or other reactions), as well as in the provision of statistics and reach analyses via YouTube Studio or YouTube Analytics.
Insofar as we interact with users via our YouTube channel, in particular answering comments or processing inquiries, we process the data you have provided in this context to handle your request, for our company’s public representation, and for reach analysis. The legal basis is Art. 6 Para. 1 lit. f GDPR; insofar as the communication is aimed at concluding or executing a contract, additionally Art. 6 Para. 1 lit. b GDPR.
Insofar as YouTube provides us with statistics and evaluations of our videos and our channel via YouTube Studio or YouTube Analytics, we generally only receive aggregated or limitedly available information, in particular on reach, interactions, watch time, and target audiences. We use this information to evaluate our content and improve our offering.
Otherwise, data processing by YouTube or Google takes place in accordance with Google’s privacy policy. Further information on the processing of personal data, on recipients, on third-country transfers, and on your setting options can be found at: https://www.youtube.com/intl/de_be/howyoutubeworks/privacy/
Insofar as personal data is transferred to the USA or other third countries as part of the use of YouTube, this takes place on the basis of the data protection mechanisms described by Google. In this respect, Google refers, among other things, to its certification under the EU-U.S. Data Privacy Framework.
We delete data processed directly by us as soon as the purpose of the processing ceases to apply and there are no opposing statutory retention obligations.
§ 8 Previous Version You can find the previous version of the privacy policy here. This was valid until March 05, 2026.
§ 9 Data Protection Officer We have not appointed a separate data protection officer and are not legally obliged to do so. The management takes over this function and is a qualified data protection officer.
§ 10 Updates We can change the privacy policy at any time. We will publish the new version here. If we operate portals, we will publish corresponding news about the change in the privacy policy via these platforms. We will inform customers or registered users of changes by e-mail. Since we do not offer an app, there is no need for information via an app (e.g., as a push notification).
§ 11 Technical and Organizational Measures We implement technical and organizational measures to protect personal data (e.g., encrypting communication when accessing the website).
§ 12 Storage Location Unless expressly stated otherwise, we store personal data on servers in Germany and ISO 27001 certified data centers.
§ 13 Automated Decision-Making We do not use automated decision-making.
§ 13 Tracking Unless expressly stated otherwise, we do not use tracking.
§ 14 Third Parties Outside the EU or Sale of Data We do not sell your data. We only forward your data to third parties outside the EU after explicit consent. If we forward them, we observe the legal provisions and, if necessary, agree on standard contractual clauses to protect your data.
© BaySec – Bayerische Gesellschaft für Cybersicherheit mbH. Date: March 06, 2026