PRIVACY POLICY (DSGVO) – Bravo Projects Force UG (haftungsbeschränkt)

Last updated: May 2026

1. Name and Contact Details of the Controller (Art. 13(1)(a) GDPR)

Bravo Projects Force UG (haftungsbeschränkt)
Rotenhäuser Damm 41
21107 Hamburg
Germany

Phone: +49 (0)170 996 7022
Email: info@bravoprojectsforce.com

Represented by: Igor Filimon (Geschäftsführer)

2. Legal Framework

Data processing is carried out in accordance with:

• GDPR (Regulation (EU) 2016/679)
• BDSG (Bundesdatenschutzgesetz)
• TDDDG (Telekommunikation‑Digitale‑Dienste‑Datenschutz‑Gesetz) – formerly TTDSG
• TMG / TKG (where applicable)

3. Categories of Personal Data We Process

We process the following categories of data:

3.1 Contact and Communication Data

• Name
• Email address
• Phone number
• Company name
• Position / role
• Message content

3.2 Project and Contract Data

• Project details
• Site access information
• Operational documentation
• Safety‑related data (HSE reports)

3.3 Technical and Usage Data

• IP address
• Browser type and version
• Device information
• Date and time of access
• Referrer URL
• Cookies and tracking data (see Section 10)

3.4 Server Log Files (IONOS Hosting)

Automatically collected by our hosting provider (IONOS SE):

• IP address (anonymized by IONOS)
• Timestamp
• Request type
• Error logs
• Browser and OS information

These are collected for security and operational stability.

4. Purposes of Processing (Art. 13(1)(c) GDPR)

We process personal data for the following purposes:

• Responding to inquiries
• Preparing offers and contracts
• Project coordination and communication
• Site access management
• Safety and compliance documentation
• Operational planning and reporting
• Website functionality and security
• Legal obligations (e.g., retention periods)

5. Legal Basis for Processing (Art. 6 GDPR)

5.1 Contractual Necessity – Art. 6(1)(b) GDPR

For communication, project execution, and contract fulfillment.

5.2 Consent – Art. 6(1)(a) GDPR

For:

• Contact forms
• Non‑essential cookies
• Newsletter (if applicable)

5.3 Legal Obligation – Art. 6(1)(c) GDPR

For:

• Tax and commercial law retention
• Safety documentation (HSE)

5.4 Legitimate Interest – Art. 6(1)(f) GDPR

For:

• Website security
• Fraud prevention
• Operational stability
• Server log files

6. Recipients of Personal Data (Art. 13(1)(e) GDPR)

We may share data with:

• IONOS SE (hosting provider)
• Email and IT service providers
• Project partners (only if necessary and contractually secured)
• Authorities (only when legally required)

We do not sell personal data.

7. Data Processing by IONOS SE (Hosting)

Our website is hosted by:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany

IONOS processes data on our behalf under a Data Processing Agreement (Art. 28 GDPR).

IONOS collects:

• anonymized IP addresses
• access logs
• error logs
• device/browser data

IONOS does not store full IP addresses of website visitors.

8. International Data Transfers (Art. 44–49 GDPR)

If data is transferred outside the EU (e.g., email providers, cloud services), this is done only with:

• Standard Contractual Clauses (SCCs)
• Transfer Impact Assessments (TIA)
• Adequacy decisions (where applicable)

We ensure an adequate level of protection at all times.

9. Data Retention (Art. 13(2)(a) GDPR)

• Contact inquiries: 6–24 months
• Contract data: 6–10 years (legal retention)
• Server logs: 8 weeks (IONOS default)
• Cookies: see Section 10

Data is deleted when no longer required.

10. Cookies and Tracking Technologies (TDDDG / GDPR)

We use:

10.1 Essential Cookies (no consent required)

• Security
• Session management
• Load balancing

10.2 Non‑Essential Cookies (consent required)

• Analytics
• Marketing
• Third‑party integrations

Consent is obtained via a cookie consent banner with:

• Accept
• Reject
• Customize

Reject must be equal in prominence to Accept (BGH/CJEU rulings).

11. Contact Form

If you contact us via form or email:

• Data is stored for processing your request
• Not shared without consent
• Deleted after the purpose is fulfilled

Legal basis: Art. 6(1)(a) or (b) GDPR

12. Data Security (Art. 32 GDPR)

We implement:

• SSL/TLS encryption
• Access control
• Secure server infrastructure
• Data minimization
• Regular security audits
• Restricted access to personal data

13. Rights of Data Subjects (Art. 12–23 GDPR)

You have the right to:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)
• Withdraw consent (Art. 7(3))

Requests: info@bravoprojectsforce.com

14. Right to Lodge a Complaint (Art. 77 GDPR)

You may lodge a complaint with any EU supervisory authority.

For Hamburg:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI)
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany

15. Data Protection Officer (DPO)

Bravo Projects Force UG is not legally required to appoint a DPO under §38 BDSG (threshold: ≥20 employees regularly processing personal data).
If this changes, this policy will be updated.

16. Automated Decision-Making / Profiling

We do not use automated decision-making or profiling under Art. 22 GDPR.

17. Changes to This Privacy Policy

We may update this policy to reflect legal, technical, or operational changes.
The latest version is always available on our website.