Data Protection and Privacy Statement

As of: 16 February 2026

This Privacy Policy informs you about the processing of personal data when you use our website.

---

1. Controller

NSIDE ATTACK LOGIC GmbH
Landshuter Allee 8
80637 Munich
Germany

---

2. Data protection contact

E-mail: datenschutz@nsideattacklogic.de
Phone: +49 (0) 89 89 082 110

---

3. Definitions

Personal data means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).

---

4. Legal bases for processing

Unless a more specific legal basis is stated in this Privacy Policy, we process personal data in particular on the following bases:

• Art. 6(1)(b) GDPR (performance of a contract / steps prior to entering into a contract)
• Art. 6(1)(f) GDPR (legitimate interests, e.g. secure and efficient provision of the website)
• Art. 6(1)(a) GDPR (consent, e.g. for certain cookies/statistics)
• Art. 6(1)(c) GDPR (legal obligation, e.g. retention obligations under commercial/tax law)

---

5. Hosting and provision of the website (Raidboxes)

Our website is hosted by:

Raidboxes GmbH
Hafenstraße 32
48153 Münster
Germany

When you access our website, the hosting provider and our systems process so-called server log files (e.g. IP address, date and time of access, pages/files accessed, referrer URL, browser type/version, operating system, amount of data transferred, status codes).

Purposes: technical provision of the website, ensuring stability and security, detecting/defending misuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and uninterrupted operation).

Retention period: 14 days.

Recipients: Raidboxes GmbH (processor).

---

6. SSL/TLS encryption

Our website uses TLS encryption (https). This protects the transmission of data against unauthorised access.

---

7. Cookies and consent management (Borlabs Cookie)

We use cookies and similar technologies.

7.1 Technically necessary cookies

Technically necessary cookies are required to provide basic functions of the website.

Legal basis: Art. 6(1)(f) GDPR and Section 25(2) no. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG).

7.2 Consent management with Borlabs Cookie

We use Borlabs Cookie to store your consent decisions.

Legal basis: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR as well as Section 25(2) no. 2 TTDSG.

Withdrawal: You can withdraw your consent at any time with effect for the future via the cookie settings.

Note: You can view the cookies used and their retention periods at any time in the cookie settings (Borlabs).

---

8. Web statistics (WP Statistics)

We use the WordPress plugin “WP Statistics” to statistically analyse the use of our website.

Processed data (typically): pages accessed, referrer URL, timestamps, device/browser information and, if applicable, IP address (possibly shortened/anonymised depending on configuration).

Purpose: reach measurement and optimisation of the website.

Legal basis: consent (Art. 6(1)(a) GDPR) and Section 25(1) TTDSG, insofar as cookies/similar identifiers are used.

Retention period: 365 days.

Withdrawal: via the cookie settings.

Recipients: generally no disclosure to third parties; the data is typically processed in the website database.

---

9. Contacting us

9.1 Contact form (Ninja Forms)

If you contact us via our contact form, we process the data you provide (e.g. name, e-mail address, message content and any other voluntary information).

Purpose: handling your request and communicating with you.

Legal basis:

• Art. 6(1)(b) GDPR (if the request is aimed at concluding or performing a contract)
• Art. 6(1)(f) GDPR (other requests; legitimate interest in communication)

Retention period: 6 months, unless longer statutory retention obligations apply or a business relationship arises.

9.2 E-mail delivery (WP Mail SMTP Pro)

For the technical delivery of e-mails from WordPress (e.g. form notifications) we use WP Mail SMTP Pro. In this context, the content of the e-mail (including sender/recipient details, subject, content and, if applicable, attachments) is transmitted to the mail server/mail service provider we use.

Recipients: category “e-mail/mail server service providers” (depending on the configured provider).

Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR (communication).

---

10. Newsletter (CleverReach)

If you subscribe to our newsletter, we process your e-mail address and any additional voluntary information (e.g. name).

Registration is carried out using the double opt-in procedure. In addition, we process the time of registration and confirmation and, where applicable, technical proof data in order to be able to demonstrate your consent.

Service provider:

CleverReach GmbH & Co. KG
Schafjückenweg 2
26180 Rastede
Germany

Purpose: sending the newsletter.

Legal basis: consent (Art. 6(1)(a) GDPR).

Withdrawal: at any time with effect for the future via the unsubscribe link in the newsletter or by e-mail to datenschutz@nsideattacklogic.de.

Recipients: CleverReach (processor).

---

11. Newsletter analytics

Our newsletters may contain tracking pixels and/or tracking links in order to evaluate open and click rates.

Purpose: statistical evaluation and optimisation of the newsletter.

Legal basis: consent (Art. 6(1)(a) GDPR).

Withdrawal: by unsubscribing from the newsletter (or—if offered—by disabling tracking separately).

---

12. Applications (if offered / application by e-mail or form)

If you apply to us, we process the application data you provide for the purpose of carrying out the application procedure.

Legal basis: Section 26 German Federal Data Protection Act (BDSG) in conjunction with Art. 6(1)(b) GDPR and, if applicable, Art. 6(1)(a) GDPR (consent, e.g. talent pool).

Retention period: generally 6 months after completion of the procedure, unless longer retention has been agreed.

---

13. External links (e.g. social media)

Our website contains links to external websites (e.g. X/Twitter, LinkedIn, XING). When you click a link, you leave our website; from that point onward the respective provider is responsible for the data processing.

---

14. Recipients / categories of recipients

We use processors and service providers, in particular:

• Hosting: Raidboxes GmbH
• Newsletter sending: CleverReach GmbH & Co. KG
• E-mail/mail server service providers (depending on the configuration used for sending website e-mails)

Apart from this, we only disclose data if this is permitted by law or you have given your consent.

---

15. Transfers to third countries

At present, no third-country transfer is intended for the core service providers mentioned above (hosting in Germany, newsletter in Germany).

Note: Depending on the e-mail/mail server service provider used (WP Mail SMTP), processing outside the EU/EEA cannot be ruled out. In such cases, a transfer will only take place under the conditions of Art. 44 et seq. GDPR (e.g. adequacy decision or EU Standard Contractual Clauses (SCC 2021/914)).

---

16. Retention period (general)

Unless a more specific retention period is stated in this Privacy Policy, we process data only for as long as it is necessary for the respective purpose. Data will then be deleted unless statutory retention obligations prevent this.

---

17. No automated decision-making / no profiling

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

---

18. Your rights

Subject to the applicable legal requirements, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
• Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

To exercise your rights, simply send a message to: datenschutz@nsideattacklogic.de

---

19. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

Competent supervisory authority for Bavaria (Germany):

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Germany
https://www.lda.bayern.de

---

20. Obligation to provide data

In general, you are neither legally nor contractually obliged to provide personal data. However, without certain information (e.g. in the contact form) we may not be able to process your request.

---

21. Changes to this Privacy Policy

We will update this Privacy Policy as soon as this becomes necessary due to technical changes or legal requirements.