Privacy Policy

1. Who We Are

TheSecureBase GmbH is a cybersecurity company registered in Germany, with its registered office at Taunusstraße 6, 60329 Frankfurt am Main. We offer penetration testing, security audits, incident response consulting, and security awareness training primarily to companies operating in Germany and the EU.

For the purposes of EU data protection law, TheSecureBase GmbH is the data controller responsible for your personal data. You can reach us at [email protected] or by telephone at +49 69 902 307 78.

2. What Data We Collect and Why

2.1 Contact and Enquiry Data

When you use the contact form on this website, we collect your name, email address, and the content of your message. We use this information solely to respond to your enquiry. The legal basis is Article 6(1)(b) GDPR (processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract) and, where applicable, Article 6(1)(f) GDPR (our legitimate interest in responding to business enquiries).

We retain enquiry data for up to 12 months after your last contact with us, unless a contractual relationship results from the enquiry, in which case standard commercial and tax retention periods apply (generally six to ten years under German law).

2.2 Server Log Files

Our web hosting provider automatically records certain technical data when you visit this site: the IP address of your device, the date and time of the request, the URL requested, the HTTP status code, and the referring URL if applicable. This data is processed on the basis of Article 6(1)(f) GDPR — our legitimate interest in the secure and stable operation of the website. Log files are retained for a maximum of 14 days and are not used for profiling or cross-site tracking.

2.3 Cookies

This website uses a small number of cookies. For a full description of which cookies we set, their purpose, and how long they persist, please see our Cookie Policy. Essential cookies are placed on the basis of Article 6(1)(f) GDPR; any non-essential cookies are placed only with your explicit consent under Article 6(1)(a) GDPR.

3. How We Share Your Data

We do not sell, rent, or trade your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

• Web hosting provider — our hosting infrastructure processes server logs as described above. Data is processed within the EU.
• Email service provider — messages submitted via our contact form are delivered through our email infrastructure, which is operated within the EU.
• Legal and regulatory authorities — we may disclose data if required to do so by law, court order, or regulatory instruction.

We do not transfer personal data outside the European Economic Area.

4. Your Rights Under the GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — you may request a copy of the data we hold about you.
• Right to rectification (Art. 16 GDPR) — you may ask us to correct inaccurate data.
• Right to erasure (Art. 17 GDPR) — you may ask us to delete your data, subject to applicable legal retention obligations.
• Right to restriction (Art. 18 GDPR) — you may ask us to restrict processing in certain circumstances.
• Right to data portability (Art. 20 GDPR) — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR) — where processing is based on legitimate interests, you may object at any time.
• Right to withdraw consent (Art. 7(3) GDPR) — where we rely on consent as the legal basis, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. You also have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for TheSecureBase GmbH is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany.

5. Security

We implement appropriate technical and organisational measures to protect the personal data we process against unauthorised access, loss, or alteration. Data in transit is encrypted using TLS. Access to personal data is restricted to personnel who require it to carry out their responsibilities.

6. Children's Data

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently received data from a minor, please contact us and we will delete it promptly.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated where we are able to do so.

8. Contact

Questions about this policy or how we handle your data should be directed to: