Privacy Policy

Last updated: February 2025

Purple Resilience ("we", "us", "our") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Purple Resilience (in formation)
Berlin, Germany
Email: tobias.reuss@purple-resilience.eu

[Note: Full legal entity details including registered address will be added following company incorporation.]

You can contact us at the email address above for any privacy-related questions.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Contact Form Data

When you submit our contact form or request information, we collect:

Name
Company/Organisation name
Role/Department
Email address
Message content

2.2 Website Usage Data

When you visit our website, we may automatically collect certain technical information:

IP address
Browser type and version
Operating system
Referring website
Pages visited and time spent
Date and time of access

2.3 Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to enhance your experience on our website. You can control cookie preferences through your browser settings.

[PLACEHOLDER: Update with specific cookies used once website analytics are implemented. Consider cookie consent banner requirements if using non-essential cookies.]

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

Consent (Art. 6(1)(a)): When you submit the contact form or subscribe to communications, you provide explicit consent for us to process your data.
Legitimate interests (Art. 6(1)(f)): We process certain data based on our legitimate business interests, such as improving our website and services, provided this does not override your rights and freedoms.
Contract performance (Art. 6(1)(b)): Where we enter into pilot agreements or service contracts, processing is necessary to fulfill our contractual obligations.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

Responding to your inquiries and contact requests
Conducting pilot projects and providing our services
Communicating with you about Purple Resilience products and services
Analyzing and improving our website and services
Complying with legal obligations
Protecting our rights and preventing fraud

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

We engage third-party service providers who process data on our behalf, including:

Website hosting providers
Email service providers
Analytics providers

[PLACEHOLDER: Update with specific service providers once finalised. Examples: Netlify for hosting, email service provider, analytics provider, etc.]

All service providers are contractually bound to protect your data and process it only according to our instructions.

5.2 Legal Requirements

We may disclose your personal data if required by law, court order, or governmental regulation, or if necessary to protect our rights or the safety of others.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions confirming adequate data protection in the recipient country
Other legally recognised transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Contact form data: Retained for up to 3 years or until you request deletion
Website usage data: Retained for up to 12 months
Customer/pilot project data: Retained for the duration of the relationship plus any legally required retention period

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15): Request a copy of the personal data we hold about you
Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Right to restriction (Art. 18): Request limitation of processing in certain circumstances
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at tobias.reuss@purple-resilience.eu. We will respond to your request within one month.

9. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In Germany, the relevant authority is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Staff training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us so we can delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: tobias.reuss@purple-resilience.eu
Subject line: Privacy Inquiry

[PLACEHOLDER: Update with full postal address and designated Data Protection Officer contact information once company is incorporated and DPO is appointed (if required based on processing activities).]