Privacy Policy

Last updated: January 2026

1. Introduction

QuaLCA ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website qualca.io and use our services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

The data controller responsible for your personal data is:

QuaLCA
Yannick Bernard
Weichselstr. 65
12043 Berlin
Germany
Email: contact@qualca.io

3. Data We Collect

3.1 Information You Provide

We may collect information that you voluntarily provide when:

  • Filling out our contact form (name, email, company, message)
  • Subscribing to our newsletter (email address)
  • Requesting a consultation or service quote
  • Communicating with us via email

3.2 Automatically Collected Information

When you visit our website, certain information may be collected automatically:

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Date and time of access
  • Pages visited and time spent
  • Referring website

This information is collected through server log files and is used solely for ensuring the security and functionality of our website.

4. How We Use Your Data

We use the collected data for the following purposes:

  • To respond to inquiries: Processing your contact form submissions and responding to your questions (Legal basis: Art. 6(1)(b) GDPR - contract performance)
  • To provide services: Delivering our LCA consulting services as agreed (Legal basis: Art. 6(1)(b) GDPR - contract performance)
  • To improve our website: Analyzing usage patterns to enhance user experience (Legal basis: Art. 6(1)(f) GDPR - legitimate interest)
  • To comply with legal obligations: Meeting regulatory requirements (Legal basis: Art. 6(1)(c) GDPR - legal obligation)

5. Contact Form

When you use our contact form, we collect the following data:

  • Name (required)
  • Email address (required)
  • Company name (optional)
  • Message content (required)
  • Timestamp of submission

This data is transmitted securely and processed solely for the purpose of responding to your inquiry. We do not use this data for marketing purposes without your explicit consent.

Data retention: Contact form submissions are stored for the duration necessary to process your request, typically up to 6 months after the last communication, unless a longer retention is required for ongoing business relationships or legal obligations.

6. Cookies and Tracking

Our website is designed to minimize the use of cookies and tracking technologies:

  • Essential cookies: We may use technically necessary cookies to ensure basic website functionality. These do not require consent.
  • No third-party tracking: We do not use Google Analytics or other third-party tracking services that would transfer your data outside the EU.
  • No social media plugins: We do not embed social media plugins that could track your behavior.

All fonts and assets are hosted locally on our servers to prevent data transfer to third parties.

7. Data Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service providers: We may share data with trusted service providers who assist in operating our website or conducting our business, under strict confidentiality agreements.
  • Legal requirements: We may disclose data if required by law or in response to valid legal processes.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for all data transmissions
  • Secure hosting with European data centers
  • Regular security updates and monitoring
  • Access controls and authentication measures
  • Employee training on data protection

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15): You can request information about the personal data we hold about you.
  • Right to rectification (Art. 16): You can request correction of inaccurate personal data.
  • Right to erasure (Art. 17): You can request deletion of your personal data under certain circumstances.
  • Right to restriction (Art. 18): You can request restriction of processing in certain situations.
  • Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You can object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7): Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at contact@qualca.io.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact inquiries: Up to 6 months after resolution, unless an ongoing business relationship exists
  • Contract-related data: 10 years after contract completion (German commercial and tax law requirements)
  • Server logs: Maximum 7 days for security purposes

11. International Data Transfers

We primarily process data within the European Economic Area (EEA). If data transfer to third countries becomes necessary, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

12. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the EU member state of your residence, place of work, or the place of the alleged infringement.

In Germany, the competent supervisory authority depends on your location. A list of German data protection authorities can be found at: www.bfdi.bund.de

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new "Last updated" date.

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

QuaLCA
Yannick Bernard
Email: contact@qualca.io