Privacy Policy (Datenschutz)

Germany / EEA · United States · Canada

This notice explains what personal data we collect, how we process it, and what rights you have depending on your location.

Applies to website visitors, leads, and clients Last updated: 2026-05-25 info@itcarrot.com

1. Controller and contact

Controller: Oleksandr Perov (itcarrot / itcarrot.com), sole proprietorship, Seydlitzstrasse 63, 80993 Munich, Germany.

Email for privacy requests: info@itcarrot.com.

Data Protection Officer: not appointed (not legally required for this business).

2. Data categories we process

  • Identity and contact data (name, company, email, phone).
  • Communication data (messages, inquiries, support requests).
  • Technical and usage data (IP address, device, browser, logs, pages viewed).
  • Contract and billing metadata for service delivery.
  • Consent records and preference settings (cookies, marketing choices).

3. Purposes and legal bases (GDPR)

  • Contract performance and pre-contractual measures (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR).
  • Legitimate interests such as security, fraud prevention, and service improvement (Art. 6(1)(f) GDPR).
  • Consent-based processing for analytics/marketing where required (Art. 6(1)(a) GDPR).

4. Regional legal frameworks

Germany / EEA

Processing is governed by GDPR, BDSG, and cookie rules under TTDSG/ePrivacy requirements where applicable.

United States

Depending on your state, rights may include access, deletion, correction, and opt-out of sale/sharing/targeted ads.

Canada

Processing follows PIPEDA and applicable provincial laws (for example Quebec Law 25) where relevant.

5. Cookies and tracking

  • Strictly necessary cookies are used for core functionality and security.
  • Analytics or marketing cookies are optional and require prior consent where required by law.
  • You can withdraw or change consent through cookie settings at any time.
  • Global Privacy Control / similar opt-out signals are handled where legally required.

6. Sharing and international transfers

  • We use vetted processors (hosting, analytics, communication, security, payments) under data processing agreements.
  • Data may be shared with authorities when legally required.
  • International transfers are protected through lawful safeguards, including SCCs where applicable.
  • Additional technical and organizational measures are applied for cross-border transfers.

7. Your rights

Germany / EEA rights

Access, rectification, deletion, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority.

US state privacy rights

Depending on state law: know/access, correction, deletion, portability, opt-out rights, and non-discrimination protections.

Canada privacy rights

Access and correction rights, and withdrawal of consent subject to legal and contractual limitations.

8. Retention and security

Personal data is retained only as long as needed for stated purposes, contractual obligations, legal retention, and dispute resolution.

Security measures include access control, encryption in transit where appropriate, monitoring, backups, and incident response procedures.

9. Supervisory authority and updates

Supervisory authority in Bavaria: Bavarian State Office for Data Protection Supervision (BayLDA), P.O. Box 1349, 91504 Ansbach, Germany.

This notice will be updated when processors, tracking tools, or data flows change.