1. Data Controller Information

The entity responsible for processing your personal data is:

Klarwert GmbH
Wilhelmstraße 5-7
33602 Bielefeld
Deutschland

BaFin-ID: 10158737

Contact:
Email: contact@klarwert.it.com
Phone: +49 30 20679115

For privacy-specific questions, you can also reach us at the same email address with "Privacy Inquiry" in the subject line. We typically respond within three business days.

2. What Information We Collect

Information You Provide Directly

When you interact with our services, we collect data you give us voluntarily. This happens when you create an account, submit inquiries, or use our fraud prevention tools.

• Contact Information: Name, email address, phone number, business address
• Business Details: Company name, role, industry sector, business registration numbers
• Financial Data: Transaction records, payment information, account details needed for fraud analysis
• Communication Records: Messages you send us, support tickets, consultation notes
• Identity Verification: Government-issued ID copies, proof of address when required by financial regulations

Information We Collect Automatically

Our systems gather certain technical data when you visit our website or use our platform. This helps us maintain security and improve functionality.

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on sections, click patterns, feature usage
• Location Data: General geographic location based on IP address
• Cookies and Similar Technologies: Session cookies, preference settings, authentication tokens

Information From Third Parties

Sometimes we receive data from external sources to verify information or enhance our fraud prevention capabilities.

• Credit reference agencies and financial databases
• Business registries and public records
• Payment processors and banking partners
• Fraud prevention networks and watchlists

3. How We Use Your Information

We process your data for specific purposes, each with a legal basis under GDPR. Here's what we do and why:

Service Delivery

We use your information to provide the fraud prevention services you've requested. This includes analyzing transactions, identifying suspicious patterns, and generating reports.

Legal Basis: Contract performance and legitimate interests

Compliance and Verification

Financial regulations require us to verify client identities and maintain certain records. This isn't optional under German banking law and EU anti-money laundering directives.

Legal Basis: Legal obligation and regulatory compliance

Security and Fraud Prevention

We monitor for unusual activity, unauthorized access attempts, and potential security threats. This protects both you and other clients.

Legal Basis: Legitimate interests in maintaining platform security

Communication

We'll send you service updates, respond to inquiries, and provide support. If you've agreed, we might also send educational content about fraud trends.

Legal Basis: Contract performance and consent (for marketing)

Platform Improvement

We analyze usage patterns to fix problems, develop features, and make the platform more useful. This involves aggregated, often anonymized data.

Legal Basis: Legitimate interests in service improvement

4. Data Sharing and Disclosure

We don't sell your information. Period. But we do share data in specific circumstances:

Service Providers

Third-party vendors help us operate our platform. They only access data necessary for their specific tasks and are bound by strict confidentiality agreements.

• Cloud infrastructure providers for secure data storage
• Payment processors for transaction handling
• Analytics tools for platform performance monitoring
• Customer support software providers

Legal Requirements

We'll disclose information when legally required to do so, such as responding to court orders, regulatory inquiries, or law enforcement requests with proper authorization.

Business Partners

With your consent, we might share data with financial institutions you're working with or fraud prevention networks that enhance our services.

Business Transfers

If Klarwert GmbH merges with another company or sells assets, your information might be transferred. You'd be notified before any such transfer occurs.

5. International Data Transfers

Our primary servers are located within the European Union. However, some service providers operate from other countries, including the United States.

When we transfer data outside the EU/EEA, we use approved safeguards:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent protection levels
• Binding Corporate Rules for multinational service providers

Our Los Angeles office at 12180 Millennium Dr processes limited data under strict data transfer agreements. Client data remains primarily within EU infrastructure.

6. Your Rights Under GDPR

German and European law gives you significant control over your personal information. Here's what you can do:

Access Right

Request a copy of all personal data we hold about you. We'll provide this within one month, free of charge for your first request.

Correction Right

Ask us to fix inaccurate information or complete incomplete records. We'll update our systems and notify relevant third parties if necessary.

Erasure Right (Right to be Forgotten)

Request deletion of your data when it's no longer needed, you withdraw consent, or there's no legal basis for processing. Note that some data must be retained for regulatory compliance.

Restriction Right

Limit how we use your data while we verify accuracy or assess whether we have legitimate grounds to process it.

Portability Right

Receive your data in a structured, commonly used format and transfer it to another service provider when technically feasible.

Objection Right

Object to processing based on legitimate interests or for direct marketing purposes. We'll stop unless we can demonstrate compelling reasons.

Automated Decision-Making

Our fraud detection uses some automated analysis. You can request human review of any automated decision that significantly affects you.

7. Data Retention

We keep information only as long as necessary for the purposes described here or as required by law.

Active Accounts

While you're using our services, we maintain your data to provide continuous fraud prevention support.

Inactive Accounts

After account closure, we retain essential records for six years to comply with German commercial and tax law. Some data might be kept longer if required by BaFin regulations.

Legal Hold

If there's an ongoing legal matter, investigation, or regulatory inquiry, we'll preserve relevant data until the matter concludes.

Aggregated Data

Anonymized, aggregated data that can't identify individuals may be kept indefinitely for research and service improvement.

8. Security Measures

Protecting financial data is central to what we do. Our security approach includes multiple layers:

• Encryption: All data transmitted to and from our servers uses TLS 1.3 encryption. Stored data is encrypted at rest using AES-256 standards.
• Access Controls: Strict role-based permissions limit who can view or modify data. Multi-factor authentication is mandatory for all staff accounts.
• Network Security: Firewalls, intrusion detection systems, and regular vulnerability scanning protect our infrastructure.
• Regular Audits: Annual security assessments and penetration testing identify potential weaknesses.
• Staff Training: All employees complete data protection training and sign confidentiality agreements.
• Incident Response: We maintain a detailed plan for responding to potential data breaches, including notification procedures.

No system is completely invulnerable. If a breach occurs that might affect you, we'll notify you within 72 hours as required by GDPR.

9. Cookies and Tracking Technologies

Our website uses cookies to function properly and improve your experience. You can manage cookie preferences through your browser settings.

Essential Cookies

Required for the website to work. These handle authentication, security, and basic functionality. You can't disable these without breaking the platform.

Analytics Cookies

Help us understand how visitors use our site. We use this to fix problems and improve navigation. These don't identify you personally.

Preference Cookies

Remember your settings and choices so you don't have to re-enter them each visit.

We don't use advertising cookies or third-party tracking for marketing purposes. Our analytics tools are configured to respect privacy and comply with GDPR.

10. Children's Privacy

Our services are designed for businesses and professionals. We don't knowingly collect information from individuals under 16 years old.

If we discover we've inadvertently collected data from a minor, we'll delete it immediately. Parents or guardians who believe we might have such information should contact us right away.

11. Changes to This Policy

We update this policy occasionally to reflect service changes, legal requirements, or feedback. The "Last Updated" date at the top shows when changes were made.

Significant changes will be communicated via email or prominent website notice at least 30 days before taking effect. Continued use of our services after changes means you accept the updated policy.

Previous versions are available upon request if you need to review historical terms.

12. Supervisory Authority

You have the right to lodge a complaint with the German data protection authority if you believe we've mishandled your information.

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf
Germany

Website: ldi.nrw.de

We'd appreciate the chance to address concerns directly before you contact the authority, but the choice is entirely yours.