Privacy Policy 

DastN GmbH (“DastN” or “we”) is committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, and safeguard personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws. It applies to our services in International Relocation (for employers and candidates) and Digital Transformation & ERP consulting (Odoo-based), as well as your use of our website (dastn.com). We process personal data lawfully, fairly, and transparently for specified purposes only. All personal data is stored and processed on secure servers located within the European Union. We do not transfer your data to countries outside the EU/EEA, except as noted below under strict safeguards.

The Data Controller responsible for your personal data is:

DastN GmbH
Kurfürstendamm 194
10707 Berlin, Germany
HRB 230821 B (Amtsgericht Charlottenburg, Berlin)

Email: info@dastn.com

Phone: +49 30 700 159 547

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the above details.

This Privacy Policy covers the personal data of the following categories of individuals (“data subjects”):

• Clients: Our customers, including employers and business clients using our relocation or consulting services, and their representatives.
  
  
• Job Applicants/Candidates: Individuals who apply for jobs or participate in international relocation through DastN’s services (e.g. candidates seeking placement with employer clients).
  
  
• Website Visitors: Individuals who visit or interact with our website or online services (e.g. users of our contact forms or analytics tracked visitors).
  
  
• Contractors and Partners: Natural persons who are contractors, consultants, or external service providers working with or for DastN (e.g. support contractors, outsourcing team members).

We collect personal data directly from you as well as through your interactions with our services. The types of data and collection sources include:

• Contact Forms: When you fill out contact forms on our website or request information, we collect the information you provide. This typically includes your name, contact details (email address, phone number), company/organization, and the content of your message or inquiry. We use this data to respond to your requests and provide information.
  
  
• Application Portals: If you apply for a job opportunity or relocation via our online portals or recruitment forms, we collect data such as your name, contact information, CV/résumé details, employment history, education, qualifications, and any other information you submit (e.g. cover letter, references). This may also include personal identification details needed for relocation (e.g. date of birth, nationality, visa status) and any documents you upload. We gather this data to evaluate your application and facilitate the recruitment/relocation process.
  
  
• Client Communications: If you communicate with us by email, phone, or other channels (for example, as a client or candidate), we may collect and store the personal data you provide during those communications. This includes contact details, the content of emails or call notes, and any other information you share while we assist you. These communications may be recorded or documented for quality assurance, contract execution, and to keep track of project or case progress.
  
  
• Website Analytics Data: We use website analytics tools and tracking technologies (such as Google Analytics and Meta Pixel) on our site. These tools automatically collect certain data about your device and browsing behavior when you visit our website, only with your consent where required. The data collected may include: IP address (anonymized where possible), browser type and version, device identifiers, pages visited and time spent, referral source, and cookies or pixel tags that uniquely identify your browser. We use this information to analyze website traffic, measure marketing effectiveness, and improve our website and services.
  
  
• Cookies and Similar Technologies: Our website uses cookies and similar technologies to enhance user experience and gather analytics (see Cookies and Analytics section below for details). Some cookies may collect personal data or be linked to other data about you, as described in that section.
  
  
• Other Sources: In the course of providing our services, we may also receive personal data from third parties or publicly available sources. For example, an employer client may provide us personal details of a candidate for relocation, or we might receive verification information from service providers (such as background check agencies or visa processing partners). If we collect data from third-party sources, we will treat it in accordance with this Policy and applicable law.

We do not collect any special categories of sensitive personal data (such as health, genetic, or biometric data) unless it is voluntarily provided by you and necessary for the specific service (in which case we will seek explicit consent or otherwise ensure lawful processing). We also do not knowingly collect personal data from children under 16 without appropriate consent.

We process personal data only for purposes that are legitimate and necessary for our business and as permitted by law. For each processing activity, we rely on one or more of the legal bases provided under Article 6(1) GDPR (and corresponding provisions of German law). Below we explain the purposes for which we use personal data and the associated legal bases:

• Providing Services and Fulfilling Contracts: We use client and candidate data to deliver our relocation services and digital transformation/ERP consulting services. This includes processing personal data to arrange international relocations (e.g. handling immigration paperwork, coordinating travel/logistics, matching candidates with employers) and to perform consulting projects or software implementations for clients. Legal Basis: Processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request (GDPR Art. 6(1)(b)). For example, if you are an employer client, we process your contact and company details to execute our service agreement; if you are a candidate, we process your application data to consider you for job placement and relocation assistance.
  
  
• Communication and Responding to Inquiries: We process personal data when we communicate with you to respond to questions, requests, or support needs (whether you are a prospective client, existing client, candidate, or site visitor). Legal Basis: Our legitimate interest in providing you with information and support, and/or steps preparatory to entering a contract (Art. 6(1)(f) or Art. 6(1)(b) GDPR). When you voluntarily contact us, we have a legitimate business interest to use your provided data to reply appropriately. In some cases, your consent may also serve as a basis (Art. 6(1)(a)), for instance if you fill out a form explicitly consenting to be contacted.
  
  
• Recruitment and Candidate Placement: We use personal data from job applicants and candidates to assess qualifications, arrange interviews, present candidates to employer clients, and facilitate employment contracts and relocation. This may involve sharing certain candidate data with the potential employer (client) that is offering the job. Legal Basis: Performance of a contract or steps prior to a contract (Art. 6(1)(b)), as the processing is necessary to evaluate and potentially place the candidate in a position. When required by law, we will obtain consent for specific processing (e.g. if we retain a candidate’s CV for future opportunities, we may ask for consent).
  
  
• Marketing and Business Development: With your consent, we may use your contact information to send newsletters, updates about our services, or invitations to events/webinars. We may also process data to develop and improve our services or to understand client needs (analytics, surveys, etc.). Legal Basis: Consent (Art. 6(1)(a)) for electronic direct marketing communications. You can withdraw consent at any time. In limited cases, we might rely on legitimate interests (Art. 6(1)(f)) to inform existing clients about similar services, but will always respect opt-out requests.
  
  
• Website Analytics and Improvement: We process data collected by cookies and analytics tools to understand how users interact with our website, to troubleshoot performance issues, and to improve user experience and the relevance of our content. Legal Basis: Consent (Art. 6(1)(a)) – we will only deploy non-essential cookies or analytics (like Google Analytics, Meta Pixel) if you have given consent via our cookie banner or settings. For strictly necessary technical cookies (that ensure the website functions correctly), the legal basis is our legitimate interest (Art. 6(1)(f)) in providing a functional website.
  
  
• Legal Compliance: We may process personal data to fulfill our legal obligations under EU or German law. Examples include maintaining proper business records, accounting and tax filings, complying with employment or immigration laws during relocations, and responding to lawful requests by public authorities. Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR). For instance, German commercial and tax laws require us to retain certain transaction data for set periods.
  
  
• Security and Fraud Prevention: We process personal data as needed to ensure the security of our systems, website, and users. This includes using server logs and security monitoring to protect against unauthorized access, malware, or other cyber threats, and to detect or investigate fraud or abuse. Legal Basis: Legitimate interests (Art. 6(1)(f)), as we have a legitimate interest in maintaining the integrity and security of our services. In some cases, processing may also be necessary to protect vital interests (Art. 6(1)(d)) if, for example, we need to process data to prevent harm.
  
  
• Establishing, Exercising or Defending Legal Claims: If necessary, we will use relevant personal data to establish or exercise our legal rights or defend against legal claims (e.g. in disputes, litigation, or regulatory investigations involving us or our clients). Legal Basis: Legitimate interests (Art. 6(1)(f)), as processing is necessary for our legitimate need to protect our legal position. In certain situations, processing may also be based on legal obligation if we are required to retain or disclose information by law or court order (Art. 6(1)(c)).

Where our processing is based on your consent, you have the right to withdraw that consent at any time, which will apply going forward (this will not affect the lawfulness of processing done before the withdrawal). Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms to ensure no undue impact on your privacy. You have the right to object to processing based on legitimate interests (see Your Rights below). If we need to process personal data for a new purpose that is incompatible with the original purpose, we will inform you and, if required, seek your consent or provide a relevant legal justification.

We treat your personal data with care and confidentiality. We do not sell or rent personal data to third parties. However, in order to run our business and provide our services, we may share personal data with certain third-party recipients under strict conditions and only for the purposes described above:

• Service Providers (Processors): We may disclose personal data to trusted third-party service providers who process data on our behalf and under our instructions. Examples include website hosting providers, cloud storage or IT infrastructure providers, customer relationship management (CRM) software (including Odoo-based systems), email service providers, analytics services (like Google and Meta for analytics/tracking), or other vendors that help support our operations. We ensure such providers are bound by data processing agreements as required by GDPR Article 28, which contractually oblige them to safeguard your data and use it only for our specified purposes.
  
  
• Employer Clients and Business Partners: If you are a job applicant or candidate for relocation, we will share necessary personal data with the prospective employer or client that is interested in hiring or relocating you. This is a core part of our relocation/recruitment service. We will only share details relevant to the hiring decision (such as your CV, qualifications, and necessary personal info) and only with organizations involved in your placement. We may also share limited personal data of clients or candidates with partner organizations or consultants collaborating on delivering the service (for example, a local immigration lawyer or relocation agent assisting with visa processing). In all cases, such sharing is strictly for fulfilling our contract with you or the client, and the recipients will be informed to use the data only for these purposes.
  
  
• Affiliated Companies: Currently, DastN GmbH does not have any parent or subsidiary companies outside of its own operations. If in future we operate any affiliates or branch offices, your data may be shared within our corporate group on a need-to-know basis, under the same security and privacy practices.
  
  
• Legal and Compliance Recipients: We may disclose personal data if required to do so by law or legal process, or if we are compelled by competent authorities. This includes sharing data with government agencies, courts, regulators, or law enforcement (for example, disclosing information to immigration authorities for visa applications, or to tax authorities during an audit). We may also disclose data to our external auditors, legal counsel, or insurance providers if necessary for compliance or to protect our rights.
  
  
• Professional Advisors and Contractors: We may share data with our professional advisors (such as lawyers, accountants) if needed for consulting on a matter involving your data (e.g. a legal dispute or complex relocation case). In addition, personal data might be accessible to individual contractors or consultants we hire (including those mentioned in the next section on international access) to perform services for us (such as IT support, development, or customer support). These persons are bound by confidentiality agreements and GDPR-compliant contracts. They will only process data under our direction and for the tasks we’ve engaged them for.

In all cases of data sharing, we adhere to the principle of data minimization: we only share the minimum amount of personal data necessary for the purpose. We also ensure that any third party receiving personal data has an obligation to keep it secure and confidential. If a third party acts as a data processor on our behalf, they are not permitted to use the data for their own purposes. If any third party will act as an independent controller (for example, an employer client receiving candidate data for hiring), we ensure that appropriate safeguards or agreements are in place and that you are informed of such disclosures when required.

As a rule, DastN does not transfer your personal data to any country outside the European Union (EU) or European Economic Area (EEA). All personal data we collect is stored and processed on secure servers located within the EU. Furthermore, our main IT systems (including Odoo-based platforms and databases) are hosted in the EU. We have chosen EU-based providers whenever possible to avoid exporting personal data to third countries.

No routine transfers to third countries: We do not host or routinely send personal data to third countries (outside the EU/EEA) without your knowledge. In particular, we do not transfer data to the United States or other countries for storage or processing, except via the limited use of third-party services described below and with appropriate safeguards.

Limited remote access under safeguards: Some of our trusted partners, support contractors, or team members may be located outside the EU and might need to access personal data stored on our EU servers in read-only form to perform certain tasks (for example, an overseas IT support technician troubleshooting our system, or an off-shore consultant reviewing a project file). Such access is not a “transfer” in the sense of moving your data to a foreign system; rather, the data remains in the EU and is only viewed remotely. In these cases, we ensure that:

• Access is granted only on a strict need-to-know basis and limited to the data necessary for the task.
  
  
• The individuals or partner companies accessing the data are bound by GDPR-compliant safeguards, including standard contractual clauses (SCCs) or equivalent data protection agreements that commit them to EU privacy standards.
  
  
• The remote access is read-only, meaning the external party cannot download or store the personal data outside our controlled environment. We monitor such access and enforce security measures (e.g. VPNs, authentication) to protect the data during remote sessions.

By implementing these measures, we maintain a level of protection for your data that is essentially equivalent to that provided in the EU, even when certain support functions are carried out from other countries. If in the future we need to transfer your personal data to a third country for any other reason (e.g. to a cloud service provider or to an affiliate abroad), we will do so only in compliance with GDPR Chapter V – for example, by relying on an EU Commission adequacy decision for that country (if applicable), or by using Standard Contractual Clauses and additional safeguards to ensure your data remains secure. You will be notified where required, and we will always ensure a valid legal basis for such transfer (Art. 49(1) GDPR or other appropriate provision).

We take the security of personal data very seriously and implement appropriate technical and organizational measures (“TOMs”) to protect your data against unauthorized access, loss, alteration, or disclosure. These measures are designed to provide a level of security appropriate to the risk of our data processing. They include, but are not limited to:

• Encryption: We use encryption technology to protect data in transit over networks (for example, our website is served over HTTPS/TLS encryption to secure data entered online). Sensitive data stored in our systems is protected with encryption or hashing where applicable.
  
  
• Access Control: Personal data is accessible only by authorized personnel of DastN and our authorized processors who need access to perform their duties. We enforce role-based access controls and authentication mechanisms (strong passwords, two-factor authentication where possible) to prevent unauthorized access.
  
  
• Secure Infrastructure: Our servers are located in secure data centers within the EU with robust physical security and environmental controls. We ensure our hosting providers maintain high security standards (firewalls, intrusion detection systems, regular security audits). Software and systems are kept up-to-date with security patches to mitigate vulnerabilities.
  
  
• Confidentiality and Training: All DastN employees, contractors, and partners who handle personal data are bound by confidentiality obligations. We provide training and guidance to our team on data protection principles and security practices, ensuring that they understand the importance of protecting personal data.
  
  
• Data Minimization and Pseudonymization: We strive to collect only the personal data that is necessary for the purposes stated. Where feasible, especially in analytics or testing scenarios, we use pseudonymization or anonymization so that individuals are not readily identifiable. For example, analytics data may be aggregated or stripped of direct identifiers.
  
  
• Monitoring and Breach Management: We monitor our systems for potential security incidents and have procedures in place to detect and respond to data breaches. In the unlikely event of a data breach affecting personal data, we will promptly contain the issue, assess the risk, and notify affected individuals and authorities as required by GDPR.

Despite our best efforts with industry-standard security, no system can be guaranteed 100% secure. However, we continuously evaluate and improve our security measures to adapt to new threats and ensure your personal data remains protected. We also encourage you to take precautions when transmitting data to us (for instance, be mindful not to send highly sensitive information via unencrypted email).

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations. Retention periods may vary depending on the category of data and the context of processing:

• Service Data (Client and Candidate Records): If you are a client or a relocation candidate, we will retain your personal data for the duration of our contractual relationship. This includes maintaining the information needed to deliver our services and fulfill our obligations to you. After the relationship ends (for example, after a relocation project is completed or a consulting contract terminates), we will keep relevant data for a period necessary to conclude any post-service matters (such as final reports or support) and as required by law. In general, we may retain contract-related data for up to six (6) to ten (10) years following the end of the contract, in line with German commercial and tax record-keeping requirements (Handelsgesetzbuch, Abgabenordnung) and to be able to address any legal issues or audits.
  
  
• Job Applications (Unsuccessful Candidates): If you applied for a job or relocation opportunity but were not successful, we will typically retain your application data for a limited period (e.g. 6 months after the position is filled) and then delete or anonymize it. This retention allows us to comply with German Equal Treatment Act requirements and to defend against any potential discrimination claims related to the hiring process. If you consented to have your application kept on file for future opportunities, we may retain it for a longer period specified in that consent (or until you withdraw consent).
  
  
• Website and Analytics Data: Data collected via cookies and analytics is retained according to the tool’s settings and your preferences. For instance, Google Analytics data may be retained for a period (e.g. 14 months) as configured, but we do not identify individual site visitors from this data. Cookie lifespans vary: some cookies (like session cookies) last only while your browser is open, whereas others (like tracking cookies) may persist for months unless you delete them. We honor any shorter retention or deletion timeframe you request (for example, if you opt-out or clear cookies).
  
  
• Legal Retention Requirements: Certain data must be retained for specific statutory periods. For example, invoices, contracts, and business communications may be kept for 6 to 10 years to satisfy commercial and tax law. Similarly, records relevant to immigration or employment (in the context of relocation) might be kept for the durations mandated by law. During such period, we archive the data securely and restrict access to only what’s necessary for compliance purposes.
  
  
• General Policy: Unless a longer retention period is required by the above conditions or other legal grounds, we will delete or anonymize personal data once the purpose for collection has been fulfilled and we no longer have a lawful reason to retain it. In any case, when personal data is no longer needed, we ensure it is either irreversibly anonymized (so it can no longer be associated with an individual) or securely deleted/shredded from our systems.

After expiry of the applicable retention period, personal data will be either deleted or anonymized without undue delay. For example, if you request deletion of your data or withdraw consent, we will erase the data unless we are legally required or permitted to retain it longer (in which case we will isolate the data and keep it only for the mandated period). We also periodically review the data we hold, to ensure we are not keeping data longer than necessary.

Cookies are small text files that are placed on your device when you visit our website. We use cookies and similar tracking technologies to make our website function properly, to analyze traffic, and to support our marketing efforts. When you first visit our site, you will be presented with a cookie consent notice allowing you to accept or decline non-essential cookies. You can manage your preferences at any time. Below is an overview of how we use cookies and analytics:

• Essential Cookies: These cookies are necessary for the website to operate and cannot be turned off in our systems. For example, they may remember your language preferences or maintain session state as you navigate pages. They do not store personally identifiable information and are based on our legitimate interest in providing a functioning service.
  
  
• Analytics Cookies (Google Analytics): With your consent, we use Google Analytics, a web analytics service provided by Google. Google Analytics places cookies that collect information about how visitors use our site, such as which pages are visited, how long users stay, and which links are clicked. The information generated (including your IP address, which we configure Google to anonymize by removing the last octet) is transmitted to Google servers for analysis. Google may process this data on servers in the United States or elsewhere, but Google is obligated to protect the data under GDPR-compliant terms. We use the insights from Google Analytics to improve our website’s content, performance, and user experience. You can opt out of Google Analytics by not consenting to analytics cookies, or by installing the Google Analytics opt-out browser add-on provided by Google.
  
  
• Marketing/Tracking Pixels (Meta Pixel): We also use the Meta Pixel (formerly Facebook Pixel), with your consent, to help us measure the effectiveness of our social media advertising and understand user actions on our site after interacting with our ads. The Meta Pixel tracks certain interactions (like page views or form submissions) and reports them to Meta (Facebook/Instagram). This may cause Meta to place cookies or similar technologies on your device. Data collected through the Meta Pixel (such as your Facebook User ID if you’re logged in, or device information) may be processed by Meta in accordance with their privacy policies. We do not receive personal data from Meta that identifies you; rather, we receive aggregated insights (for example, how many users completed a form). You can control how Meta uses your data for ads in your Facebook privacy settings, and you can opt out of the pixel by declining marketing cookies on our site.
  
  
• Third-Party Integrations: Our website may incorporate content or scripts from third-party services that could set cookies or collect data (for example, an embedded map or a video player, or using Odoo’s web portal functionalities). Whenever we include such integrations, we do so to enhance your experience or facilitate our services. We ensure that any third-party integration we use is assessed for data protection compliance. You will be informed or asked for consent where those services might collect your personal data. For instance, if we integrate a chat support widget or a scheduling tool, we will provide you with relevant information about any data processing that tool performs.

Managing Cookies: You have the right to decide whether to accept or reject cookies (aside from those strictly necessary). When you first visit, you can choose your cookie settings. If you later change your mind, you can adjust your browser settings to block or delete cookies. Most browsers allow you to remove or refuse cookies and to alert you when a cookie is set. Please note that disabling certain cookies may affect the functionality of our website; for example, some features might not work properly if cookies are entirely blocked.

In addition to browser controls, we honor any specific cookie preferences you’ve set via our website (if we provide a cookie settings tool). If you want to opt-out of tracking by Google Analytics or Meta Pixel without affecting other site cookies, you can use the aforementioned opt-out solutions (Google’s add-on, or adjusting ad settings on Facebook/Meta services).

Do Not Track: Our website currently does not respond to “Do Not Track” signals from browsers. However, we only use tracking cookies with your consent. If you have any concerns about our use of cookies or analytics tools, please contact us for more information. We periodically update our cookie practices in line with legal requirements and will reflect any changes in this Policy or in our cookie consent banner.

As an individual whose personal data we process, you have certain rights under the GDPR and other data protection laws. We respect and uphold these rights, which include:

• Right of Access: You have the right to obtain confirmation of whether we are processing personal data about you, and if so, to request a copy of that data along with information about how we use it (GDPR Art. 15). This allows you to understand and verify the lawfulness of our processing.
  
  
• Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you (GDPR Art. 16). We encourage you to notify us if your personal details change or if you find any inaccuracies in our records.
  
  
• Right to Erasure: Also known as the “right to be forgotten,” this right allows you to request the deletion of your personal data in certain circumstances (GDPR Art. 17). For example, you can request erasure if the data is no longer necessary for the purposes it was collected, if you have withdrawn consent and no other legal basis exists, or if you believe we are unlawfully processing your data. Note that this right is not absolute – we may need to retain certain data if required by law or if another lawful basis applies (we will inform you if so).
  
  
• Right to Restriction of Processing: You have the right to ask us to restrict (temporarily halt) the processing of your personal data under certain conditions (GDPR Art. 18). You might exercise this right if you contest the accuracy of your data (for a period allowing us to verify it), or if you object to our processing and we are evaluating your request, or if the processing is unlawful but you prefer restriction instead of deletion. When processing is restricted, we will store your data securely and not use it except to the extent allowed by you or as necessary for legal claims or important public interest.
  
  
• Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract with you, you have the right to receive that data in a structured, commonly used, machine-readable format (GDPR Art. 20). You also have the right to request that we transmit such data directly to another controller where technically feasible. This right enables you to reuse your data across different services.
  
  
• Right to Object: You have the right to object to our processing of your personal data at any time, on grounds relating to your particular situation, if the processing is based on our legitimate interests (Art. 6(1)(f)) or performance of a task in the public interest (Art. 6(1)(e)) (GDPR Art. 21). If you raise an objection, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defense of legal claims. Right to object to direct marketing: If we process your data for direct marketing purposes (e.g. sending a newsletter), you have an absolute right to object at any time to that processing. If you opt-out or object to marketing, we will stop using your data for that purpose immediately.
  
  
• Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw your consent at any time. This withdrawal will not affect the lawfulness of any processing carried out before you withdrew consent. Once consent is withdrawn, we will cease the processing for which it was granted, unless we have another lawful basis to continue (we will let you know if so). For example, you can unsubscribe from our newsletter at any time, and we will stop sending it.
  
  
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or GDPR obligations, you have the right to lodge a complaint with a data protection supervisory authority (GDPR Art. 77). You may do so in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. For example, you can contact the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz) or another relevant authority. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so we invite you to contact us first with any complaint and we will do our best to resolve it.

These rights are subject to certain legal conditions and exceptions. For instance, some rights might not apply in particular contexts (e.g., the right to data portability applies only to data you provided, and the right to erasure can be overridden by legal obligations to retain data). We will honor your exercise of rights to the fullest extent required by law.

How to Exercise Your Rights: You can exercise any of your rights by contacting us via email at info@dastn.com or by mail to our postal address provided above. Please describe your request clearly, indicating which right you wish to exercise and any relevant details. We may need to verify your identity before acting on the request (to ensure we do not disclose data to the wrong person). There is no fee for exercising your rights, except that we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive. We aim to respond to all legitimate requests within one month, or inform you if we need more time.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:

DastN GmbH – Privacy Team

Email: info@dastn.com

Address: Kurfürstendamm 194, 10707 Berlin, Germany

Phone: +49 30 700 159 547

We will be happy to assist you and will address your inquiry as promptly as possible. For security and privacy reasons, when you contact us about your personal data, we may need to ask you for certain information to verify your identity. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We reserve the right to modify this Policy at any time, and any changes will be effective when we post the updated Policy on our website. We will indicate the “Last Updated” date at the top of the Policy so you can see when revisions occurred. In case of significant changes that materially affect your privacy rights, we may also notify you directly (for example, via email or a notice on our homepage) prior to the change becoming effective, where required by applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued relationship with us or use of our website after any updates to this Policy will constitute acknowledgement of the changes.