Privacy Policy
Last updated: 13 May 2026. Ciobanu Labs ("we", "us") is the controller for personal data processed through ciobanulabs.de in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Contact: hello@ciobanulabs.de.
1. Data We Collect
- Contact and order data: name, email, phone, billing address, company, project notes — provided when you submit a contact or checkout form.
- Payment data: processed directly by our payment provider (Stripe). We receive only a transaction reference, the last four digits of the card and the billing country. We never see or store full card numbers.
- Technical data: IP address, user agent, referrer, pages visited, approximate region. Logged automatically by our hosting and analytics providers.
- Cookies: see our Cookie Policy.
2. Purposes and Legal Bases (GDPR Art. 6)
- Performing the contract and answering inquiries — Art. 6(1)(b).
- Processing payments and complying with tax/accounting obligations (§ 147 AO, 10-year retention) — Art. 6(1)(c).
- Securing and improving the website — legitimate interest, Art. 6(1)(f).
- Optional analytics and marketing cookies — consent, Art. 6(1)(a), withdrawable at any time.
3. Recipients and Processors
We use carefully selected processors under Art. 28 GDPR data processing agreements:
- Hosting and database infrastructure (EU region).
- Stripe Payments Europe Ltd. (Ireland) — payment processing.
- Email delivery provider — transactional emails.
Where a processor transfers data outside the EEA, we rely on EU Standard Contractual Clauses or an adequacy decision (e.g. EU-US Data Privacy Framework).
4. Retention
Inquiry data is kept for up to 24 months after last contact. Order and invoice data is retained for 10 years to meet German tax-law obligations. Analytics data is anonymised or deleted after 14 months.
5. Your Rights (GDPR Art. 15–22)
You have the right to access, rectify, erase, restrict processing, data portability, and to object to processing based on legitimate interests. You may withdraw any consent at any time, with effect for the future. To exercise any right, email hello@ciobanulabs.de.
You also have the right to lodge a complaint with a supervisory authority — for our jurisdiction, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
6. Security
We use TLS encryption in transit, encrypted storage at rest, role-based access controls and regular backups. Despite reasonable measures, no internet transmission is 100% secure.
7. Changes
We may update this policy to reflect changes in law or our practices. Material changes will be flagged on this page.
Questions? Contact Ciobanu Labs at hello@ciobanulabs.de.