Privacy Policy

Privacy Policy of WTS PSP AI GmbH

We, WTS PSP AI GmbH (hereinafter: “WTS PSP AI” or “we”, “our”, “us”) take the protection of your personal data very seriously and process it only in accordance with applicable data protection laws, particularly the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”).

With this privacy policy, we would like to inform you in accordance with Art. 13 and Art. 14 GDPR about how we process your personal data as the data controller.

Personal data means any information that relates to an identified or identifiable natural person. Personal data includes, for example, name, date of birth, email address, login data, or postal address of a natural person. Information that relates exclusively to legal entities and general information that cannot be used to identify natural persons (e.g., aggregated web server log data) are not considered personal data.

1. Name and address of the data controller

The entity responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is WTS PSP AI GmbH, Friedenstraße 22, 81671 Munich, Germany, Phone: 0049 89 286462814, Email: info@wts-psp.ai Phone: 089 286462814, E-Mail: info@wts-psp.ai

2. Subject, purposes, and legal bases of data processing

In the context of your use of our website, contacting us, and initiating and executing a contract with you, we process your personal data as follows:

2.1 Use of our website and the plAIground

(a) Log data

When you visit our website, a so-called web server log is temporarily and pseudonymously stored on our web server out of technical necessity. The web server log consists of the following log data:

  • Date and time of access
  • Description of the type, language, and version of the web browser used
  • IP address
  • Transferred data volume
  • Operating system
  • Message whether the access was successful (access status/HTTP status code)
  • GMT time zone difference

The processing of log data serves to improve the quality of our website, particularly the stability and security of the connection. The legal basis for data processing is the safeguarding of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), which consist of ensuring and improving the stability and functionality of the website as far as technically possible and reasonable.

For technical security reasons, particularly to prevent attack attempts or other abuses of the website, the log data is also stored for a short period. It is not possible for us to directly identify individuals based on this information. After a maximum of seven days, this information is anonymized by shortening the IP address to the domain level, making it impossible to establish a link to an individual. For the period until the IP address is shortened, we may process this information in the event of a security incident (attempted attack or abuse, etc.) in cooperation with your internet provider and/or local authorities in order to identify the originator of the security incident. The legal basis for this is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), which consists of protecting the integrity of our website, our servers, and our users.

2.2 Contact

If you contact us, e.g., via contact form or email, we process the personal data you provide during contact, such as your first and last name, your email address, the content of your request, and any other data you voluntarily provide, such as attached files or documents.

The processing of the data you provide during contact serves to handle your request and communicate with you. The legal basis for data processing is the fulfillment of our contractual obligations (Art. 6 para. 1 sentence 1 lit. b GDPR) or the protection of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), which particularly consist of contacting you and communicating regarding the respective matters for which you contacted us.

3. Data sharing and data transfers to third countries

(a) Sharing personal data

We generally do not share personal data with third parties. Personal data is only disclosed to third parties in exceptional cases, particularly if it is necessary for contract execution (legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR) or if we are legally obligated to do so, e.g., by court order or to fulfill legal obligations (legal basis: Art. 6 para. 1 lit. c GDPR) or if it is necessary to support criminal or legal investigations or other legal inquiries or proceedings domestically or abroad or to protect legitimate interests (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR) or to protect vital interests (legal basis: Art. 6 para. 1 sentence 1 lit. d GDPR).

Please note that we are entitled to outsource the processing of personal data in accordance with data protection regulations pursuant to Art. 28 GDPR, in whole or in part, to external service providers who act as data processors (Art. 4 No. 8 GDPR) on our behalf. In this case, we remain responsible for ensuring data protection-compliant processing and ensure the security of processing by the data processor through legal measures (particularly data processing agreements) and additional technical and organizational measures (e.g., audits at the data processor). The website is hosted on Microsoft Azure (location “Europe West”) in the tenant of our (sub-) data processor WTS Group AG.

(b) Data transfers to third countries

We generally process your personal data only within the European Union (EU), so no data transfer to third countries takes place.

4. Data deletion and storage duration

We store your personal data only as long as necessary to achieve the purposes for which the data was collected or – if there are statutory retention periods (e.g., in the Commercial Code and the Tax Code) – for the duration of the legally prescribed retention. Subsequently, your personal data will be deleted. Only in a few exceptional cases will your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement and defense of legal claims.

5. Automated decision-making

We do not use the personal data collected from you for automated decision-making, including profiling.

6. Your data protection rights

Under applicable data protection law, you have the following data protection rights:

  • Right of access: You have the right to request information about and access to your personal data stored by us at any time.
  • Right to rectification: If we process your personal data, we strive to ensure that your personal data is accurate and up-to-date for the purposes for which it was collected. If your personal data is incorrect or incomplete, you can request the correction of this data.
  • Right to deletion and restriction of processing: You may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no legitimate purpose for such processing under this privacy policy or applicable law, and statutory retention obligations do not enforce further storage.
  • Right to data portability: You may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to transfer this data to another data controller.
  • Right to withdraw your consent: If you have consented to the collection and processing of your personal data, you can withdraw your consent at any time with effect for the future, without affecting the lawfulness of the processing carried out based on the consent until the withdrawal.

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e) or f) GDPR. We will no longer process your personal data after an objection unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise or defence of legal claims (so-called “restricted right to object”). Furthermore, you have the right to object to the processing of your personal data for direct marketing purposes at any time and without giving any reasons.

  • You also have the right to lodge a complaint with the supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Tel. 0049 981/180093-0, Email poststelle@lda.bayern.de. A list of other supervisory authorities to which you can turn (e.g., the supervisory authority responsible for your place of residence) can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

As of 03/2025