GDPR Compliance
Comprehensive information about the General Data Protection Regulation and its implementation at BrandUp Factory
GDPR Basics
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation of the European Union that standardizes the rules for processing personal data. It came into force on May 25, 2018.
Our Commitment
As a responsible company, we fully implement GDPR requirements and ensure the protection of your personal data at the highest level.
Legal Basis for Processing
Art. 6 Abs. 1 DSGVO
We only process personal data based on one of the following legal bases:
a) Consent
The data subject has given consent to the processing of their personal data for one or more specific purposes.
b) Contract Performance
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
c) Legal Obligation
Processing is necessary for compliance with a legal obligation to which the controller is subject.
d) Vital Interests
Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
f) Legitimate Interests
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Your Rights as Data Subject
Right of Access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where that is the case, you have the right to access the personal data and the information specified in Art. 15 GDPR.
Right to Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to Erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the grounds listed in Art. 17 GDPR applies.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right to obtain from us restriction of processing where one of the conditions listed in Art. 18 GDPR is met.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
Right to Object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.
Categories of Processed Data
Master Data
Name, address, contact details, customer number, contract data
Payment Data
Bank details, payment history, credit information
Usage Data
Pages visited, access times, IP addresses, device information
Communication Data
Email correspondence, support requests, feedback
Technical and Organizational Measures
Encryption
All data transmissions are encrypted via SSL/TLS. Sensitive data is additionally stored encrypted in our databases.
Access Controls
Access to personal data is restricted to authorized employees. All access is logged and regularly reviewed.
Regular Reviews
Our security measures are regularly reviewed and adapted to the state of the art.
Data Backup
Regular backups ensure the availability of your data. The backup systems are subject to the same security standards as our production systems.
Transfer to Third Countries
General Principle
A transfer of personal data to third countries (outside the EU/EEA) only takes place if an adequate level of data protection is ensured.
Standard Contractual Clauses
When working with service providers in third countries, we use the Standard Contractual Clauses adopted by the EU Commission.
Your Rights
You have the right to be informed about all transfers to third countries and to receive a copy of the security arrangements.
Data Protection Officer
Contact
Our data protection officer is available for all questions regarding data protection: Data Protection Officer BrandUp Factory GmbH Duvenstedter Berg 55 22397 Hamburg E-Mail: info@brandupfactory.com
Responsibilities
The data protection officer monitors compliance with GDPR and other data protection regulations, trains our employees, and serves as a contact point for data subjects and supervisory authorities.
Currency and Changes
Regular Review
We regularly review our data protection practices and adapt them as necessary to new legal requirements or technical developments.
Information About Changes
In case of significant changes to our data protection practices, we will inform you by email or through a clear notice on our website.
Stand
This GDPR information is current as of: September 2025
GDPR-Compliant Solutions for Your Business
We support you in implementing GDPR-compliant processes and systems. Our experts are happy to advise you on all aspects of data protection in your IT infrastructure.