Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information in compliance with GDPR and applicable German data protection laws.
1. Data Controller
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Jaykumar Gajera
Gajera IT Solutions (Einzelunternehmen)
Lippersdorfer Weg 17, 01189 Dresden, Germany
Email: info@gajeraitsolutions.com
Phone: +49 15209155571
Data Protection Officer: Given the size of our business, we are not legally required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR. For any data protection inquiries, please contact us directly at the address above.
2. Overview of Data Processing
We process personal data only when there is a lawful basis to do so. Below is a summary of the data we collect, its purpose, and the legal basis under GDPR:
| Data Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Contact form data (name, email, message) | Responding to your inquiry | Art. 6(1)(b) GDPR — pre-contractual measures | 2 years |
| Client project data | Fulfilment of contractual services | Art. 6(1)(b) GDPR — contract performance | Duration of contract + 10 years (§ 147 AO) |
| Newsletter email | Sending technology insights | Art. 6(1)(a) GDPR — consent | Until unsubscribe |
| Website analytics (IP, pages visited, device) | Website improvement | Art. 6(1)(a) GDPR — consent (via cookie banner) | 26 months |
| Server log files (IP, browser, timestamp) | Security, error detection | Art. 6(1)(f) GDPR — legitimate interest | 14 days |
| Invoicing data | Legal accounting obligations | Art. 6(1)(c) GDPR — legal obligation | 10 years (§ 147 AO, § 257 HGB) |
3. Third-Party Processors & Sub-Processors
We use the following third-party service providers who may process personal data on our behalf:
| Provider | Purpose | Data Location | Safeguard |
|---|---|---|---|
| Vercel Inc. | Website hosting, serverless functions | EU / US | EU–US Data Privacy Framework |
| Google LLC (Analytics) | Website analytics (only with consent) | EU / US | EU–US Data Privacy Framework |
Data Processing Agreements (Art. 28 GDPR) are in place with all sub-processors. International transfers are conducted under appropriate safeguards including the EU–US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission.
4. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- • Right of access (Art. 15) — obtain a copy of the data we hold about you
- • Right to rectification (Art. 16) — correct inaccurate or incomplete data
- • Right to erasure (Art. 17) — request deletion of your data (“right to be forgotten”)
- • Right to restriction of processing (Art. 18) — limit how we use your data
- • Right to data portability (Art. 20) — receive your data in a machine-readable format
- • Right to object (Art. 21) — object to processing based on legitimate interests
- • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing
We will respond to your request within 30 days as required by law.
Submit a Data Rights Request5. Right to Lodge a Complaint
Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
Competent supervisory authority for Saxony:
Sächsischer Datenschutz- und Transparenzbeauftragter
Devrientstraße 5, 01067 Dresden, Germany
Phone: +49 351 85471 101
Website: www.datenschutz.sachsen.de
6. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. Non-essential cookies (analytics, marketing) are only activated after you give your explicit consent via our cookie banner, in accordance with § 25 TTDSG and Art. 6(1)(a) GDPR.
For full details, see our Cookie Policy.
7. International Data Transfers
Some of our service providers are based in the United States. Data transfers to the US are conducted under the EU–US Data Privacy Framework (adequacy decision by the European Commission, July 2023) or Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
Where we use offshore development teams, all work is performed under strict contractual confidentiality and data processing agreements. No client personal data is stored outside of the EU unless expressly agreed with the client.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include TLS encryption for data in transit, access controls, and regular security reviews.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version on this page and update the “Last Updated” date. For material changes, we will make reasonable efforts to notify affected individuals.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights:
Data Controller: Jaykumar Gajera
Business: Gajera IT Solutions (Einzelunternehmen)
Address: Lippersdorfer Weg 17, 01189 Dresden, Germany
Email: info@gajeraitsolutions.com
Phone: +49 15209155571
Response Time: Within 30 days