This Privacy Policy governs the relationship between you, the user of this website, and the owner and provider of this website.
It applies to the use of all personal data we collect in connection with your use of this website and any services, content, tools, or systems offered through it.

1. Responsible Controller
AISAFSEC
Better AI for Better Humans
Operated by:
Norelos UG
Togostr.17a
81827 Munich
📧 support@aisafsec.com

2. Questions About Data Protection and Your Rights
If you have any questions about the processing or protection of your personal data, or if you wish to exercise your rights under applicable data protection laws, please contact us using the contact details above.

3. Orders and Contractual Services
When you order services, digital products, memberships, or event access offered via AISAFSEC, we process the data you provide to conclude and perform the corresponding contract.
Legal basis: Art. 6(1)(b) GDPR
Legal obligations (e.g. invoicing, record keeping): Art. 6(1)(c) GDPR
Fraud prevention: Art. 6(1)(f) GDPR (legitimate interest)
Data will be deleted once statutory retention obligations expire, unless further retention is required to assert or defend legal claims.

4. Payment Providers
For payments, the respective payment service provider acts as an independent data controller.
Personal data (e.g. name, billing address, payment amount) is transferred solely for payment processing.
Legal basis: Art. 6(1)(b) GDPR
If payment providers transmit data back to us (e.g. confirmation, chargeback information), we process it exclusively to fulfill contractual obligations.

5. User Accounts / Member Areas
When you register for an account or member area, we process the data you provide to create and manage your account and enable access to AISAFSEC services and resources.
Legal basis: Art. 6(1)(b) GDPR
We use a double-opt-in process to confirm registrations.
Legal basis: Art. 6(1)(f) GDPR (security and abuse prevention)
Account data is deleted upon account deletion unless statutory retention obligations apply.

6. Email Newsletter
By subscribing to our newsletter, you consent to the processing of your data for newsletter delivery.
Legal basis: Art. 6(1)(a) GDPR (consent)
Subscription confirmation (double opt-in) is logged to document consent.
Legal basis: Art. 6(1)(c) GDPR
You may unsubscribe at any time. Data related to newsletter delivery is deleted after unsubscription, while proof of consent is retained only for statutory limitation periods.

7. Contact Forms and Direct Inquiries
When you contact us, we process the data you provide to respond to your inquiry.
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in responding)
Art. 6(1)(b) GDPR (if related to a contract)
Data is deleted after request completion unless legal retention obligations apply.

8. Online Events, Webinars, and Meetings (e.g. Zoom)
We use video conferencing tools (e.g. Zoom) to conduct online events, trainings, and webinars.
Processed data may include:
Name (pseudonyms permitted)
Email address
Audio/video streams (only if activated)
Chat messages, Q&A entries
Technical metadata (IP address, device information)
Recordings are made only after prior notice and for stated purposes (e.g. documentation, later replay).
Legal basis:
Art. 6(1)(b) GDPR (contractual participation)
Art. 6(1)(f) GDPR (legitimate interest in effective communication)
Zoom acts as a data processor under Art. 28 GDPR.
Data transfers outside the EU/EEA are safeguarded using EU Standard Contractual Clauses.

9. Advertising and Analytics Services
We use advertising and analytics services only with your consent.
Legal basis: Art. 6(1)(a) GDPR
Consent covers:
Storage of cookies
Use of the respective service
You may withdraw consent at any time without disadvantage.

10. Web Fonts (Google Fonts)
We use web fonts to ensure consistent website presentation.
Legal basis: Art. 6(1)(f) GDPR
Fonts are provided by Google Ireland Limited.
Further information:
https://developers.google.com/fonts/faq
https://www.google.com/policies/privacy/

11. Data Transfers to Third Countries
Some services may process data outside the EU/EEA (e.g. US-based providers).
Where applicable, transfers are safeguarded through:
EU Standard Contractual Clauses
Technical and organizational measures (e.g. encryption)
Despite safeguards, foreign authorities may have access rights beyond EU standards. You should consider this risk before granting consent.

12. Your Rights Under the GDPR
You have the following rights:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

13. Glossary (Selected Terms)
GDPR – General Data Protection Regulation
EEA – European Economic Area
Third country – Country outside the EEA without an EU adequacy decision
Standard Contractual Clauses (SCCs) – EU-approved safeguards for international data transfers

Privacy Policy last updated: January 2026