Legal

Privacy Policy

Version effective from 11 June 2026

In this privacy policy ("Privacy Policy"), we, Alexander van der Berg (hereinafter "we" or "us"), explain how we collect and otherwise process personal data.

The term "personal data" or "data" refers to all information relating to an identified or identifiable natural person. If you provide us with personal data about other persons (e.g. family members or work colleagues), please ensure that those persons are aware of this Privacy Policy and only share their data with us if you are authorised to do so and if the data is accurate.

Please note that other privacy policies, general terms and conditions, participation terms and similar documents may separately govern certain data protection matters. This Privacy Policy is aligned with the EU General Data Protection Regulation ("GDPR") and the Swiss Federal Act on Data Protection ("FADP"). However, the application of these laws depends on the specific case.

The terms used in this Privacy Policy are gender-neutral.

1 Controller

Alexander van der Berg is responsible for the data processing described herein, unless otherwise stated in individual cases. For data protection enquiries, you may contact us at the following address:

Phone: +49 40 414 312 151
Email: alexander@vanderberg.de

2 Collection and Processing of Personal Data

We primarily process personal data that we receive from our clients and other business partners in the course of our business relationships, personal data that you provide to us directly (e.g. by email or via the contact form on our website), and technical data that is generated when you visit our website (e.g. IP address, browser type, date and time of access; see Section 4). Where relevant to an engagement and permitted, we may also consult publicly accessible sources (e.g. commercial registers, professional networks, press and the internet).

3 Purpose of Data Processing and Legal Basis

We use the personal data we collect primarily for the initiation and performance of contracts with our clients and business partners, in particular in connection with the following activity: software quality assurance and testing. In this context, we collect personal data for transactions with our clients as well as for the procurement of products and services from our suppliers and subcontractors, and to fulfil our legal obligations domestically and abroad. If you act for such a client or business partner, your personal data may of course also be affected in that capacity.

In addition, we process your data and the data of other persons, where permitted and where we consider it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest:

4 Website Hosting, Contact Form and Cookies

This website does not set cookies, does not use analytics or tracking tools, and does not send newsletters.

This website is hosted on GitHub Pages (GitHub, Inc., a subsidiary of Microsoft Corporation, United States). GitHub Pages processes visitors' IP addresses and request metadata (e.g. browser type, referring URL, and date and time of visit) in server logs as part of normal hosting operations. GitHub acts as a data processor on our behalf. For transfers to the United States, we rely on the standard contractual clauses referred to in Section 6. GitHub's own privacy policy also applies to the processing of your data by GitHub.

We use Formspree (Formspree, Inc., United States) to process contact form submissions on our website. Data submitted via the contact form (e.g. your name, email address and message) is transmitted to and stored by Formspree. Formspree acts as a data processor on our behalf. For transfers to the United States, we rely on the standard contractual clauses referred to in Section 6. Formspree's own privacy policy also applies to the processing of your data by Formspree.

5 Disclosure of Data to Third Parties

In the course of our business activities and in accordance with the purposes of data processing set out in Section 3, we may disclose data to third parties where such disclosure is permitted and we consider it appropriate, so that they may process the data on our behalf or, where applicable, for their own purposes. The following categories of recipients may be involved in particular:

collectively "recipients".

When we disclose data to third parties, we comply with the relevant legal requirements and, in particular, conclude data processing agreements or similar arrangements with the respective recipients in order to protect your data.

6 Transfer of Data Abroad

We may disclose data to persons, authorities, organisations, companies or other entities abroad. In particular, we may transfer personal data to any country in which our service providers process personal data.

If a recipient is located in a country that does not have an adequate level of data protection under applicable law, we contractually require the recipient to comply with applicable data protection law (for this purpose we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), provided the recipient is not already subject to a legally recognised framework for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests or where performance of a contract requires such disclosure, where you have given your consent, or where the data has been made generally accessible by you and you have not objected to its processing.

7 Retention Period for Personal Data

We process and store your data for as long as necessary to fulfil our contractual and legal obligations or otherwise to pursue the purposes for which processing takes place, for example for the entire duration of the business relationship (from initiation through to the termination of a contract) and beyond, in accordance with statutory retention and documentation obligations. In this context, we may retain personal data for the period during which claims may be brought against our company, as well as where we are otherwise legally obliged to do so or where legitimate business interests require it (e.g. for evidentiary and documentation purposes). Once your data is no longer required for the above purposes, it will generally be deleted or anonymised to the extent possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system logs).

8 Data Security

We implement appropriate technical and organisational security measures to protect your data against unauthorised access and misuse.

These measures include the following: we follow data processing best practices and make every effort to always comply with current standards for secure data processing and storage.

We take the protection of personal data into account from the outset when designing or selecting hardware, software or processes, by implementing appropriate technical and organisational measures (privacy by design).

We also ensure privacy-friendly default settings (privacy by default).

9 Obligation to Provide Personal Data

In the context of our business relationship, you must provide the personal data necessary for the initiation and conduct of a business relationship and the fulfilment of the associated contractual obligations (there is generally no statutory obligation to provide data to us). Without this data, we will generally be unable to conclude or perform a contract with you (or the legal entity or person you represent). Our websites also cannot be used if certain information required to secure data traffic (e.g. the IP address) is not disclosed.

10 Profiling and Automated Individual Decision-Making

We do not use profiling or automated individual decision-making (as governed by Art. 21 FADP or Art. 22 GDPR). Should we employ such processes in individual cases, we will inform you separately and, where required by law, advise you of your rights in this regard.

11 Your Rights

Subject to and to the extent provided by applicable law (such as where the GDPR applies), you have the following rights:

Please note, however, that we reserve the right to invoke the restrictions provided by law on our part, for example where we are obliged to retain or process certain data, have an overriding interest in doing so (to the extent we may rely on this) or need it to assert claims. If this results in costs to you, we will inform you in advance. Please note that exercising these rights may conflict with contractual agreements and may have consequences, such as early termination of the contract or the incurrence of costs. We will inform you of this in advance, to the extent not already provided for in the contract.

Exercising these rights generally requires you to clearly prove your identity (e.g. by providing a copy of your identity document, unless your identity is otherwise clearly established or can be verified). To exercise your rights, please contact us at the address given in Section 1.

Every data subject also has the right to enforce their claims through the courts or to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). Where the GDPR applies, you may also lodge a complaint with the supervisory authority of an EU/EEA member state, in particular in the member state of your habitual residence or place of work.

12 Changes to this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The version currently published on our website shall apply. If this Privacy Policy forms part of an agreement with you, we will notify you of any changes by email or other appropriate means.