SSIG-ITE-Mail Security
/

Privacy Policy

1. Data Controller

SSIG-IT GmbH
Zum weißen Jura 3
89143 Blaubeuren
Germany
E-Mail: infossig-it.com
Phone: +49 7335 163310

Data protection contact: datenschutzssig-it.com

2. Data We Collect

When using the Email Security Check, the following data is processed:

  • Domain name: Technical information used to perform the security check. For sole proprietors, this may constitute personal data.
  • Contact data: First name, last name, email address, company name — only collected when you request the detailed report.
  • IP address: Processed for rate limiting purposes. Stored only in pseudonymized hashed form, not in plain text.

3. Purpose of Processing

  • Performing the email security check
  • Sending the detailed report via email
  • Contacting you regarding IT security consulting

4. Legal Basis

The processing of your personal data is based on your consent (Art. 6(1)(a) GDPR), which you provide by checking the consent checkbox before submitting the report request.

5. Data Recipients

  • Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA): Hosting provider (EU region Frankfurt). Data processor agreement and EU Standard Contractual Clauses in place.
  • Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA): Bot protection via Cloudflare Turnstile (CAPTCHA alternative). Processes IP address and a browser-side token solely for spam prevention. No tracking cookies.
  • Upstash, Inc. (EU Region): Redis cache and rate limiting (hashed request identifiers, retained for up to 24 hours depending on the endpoint).
  • n8n: Self-hosted workflow automation on SSIG-IT infrastructure (no third country transfer).
  • Umami Analytics: Self-hosted, cookieless web analytics on SSIG-IT infrastructure (umami.ssig-it.com). Collects aggregate page views, referrer, device type and approximate region. IP addresses are not stored; no third country transfer; no cross-site tracking.
  • Autotask (Datto): CRM system for lead management (data processor agreement in place).
  • Mailjet (Sinch Email): Email delivery service for sending the report (EU servers, data processor agreement in place).

6. Data Retention

  • Check results: cached for max. 60 minutes, then automatically deleted. No long-term storage on our servers.
  • Contact data in Autotask: stored in accordance with legal retention obligations.

7. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us at: datenschutzssig-it.com

Supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
https://www.baden-wuerttemberg.datenschutz.de

8. Note for Sole Proprietors

If the checked domain is directly linked to a natural person (e.g., sole proprietors), the domain name may constitute personal data. In this case, the above privacy provisions apply to the domain check as well.