1. Controller

Portfolio DOC UG (haftungsbeschränkt) Rissener Landstraße 40B, 22587 Hamburg, Germany Email: contact@portfoliodoc.de

2. What We Process, Why, and the Legal Basis

Site visit / server logs: IP address, date/time, URL, referrer, user-agent, device/OS; to ensure connection, security, and stability. Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Contact via email: your email address and the information you send us; to handle enquiries and pre-contract steps. Legal basis: Art. 6(1)(b) GDPR.

Using our services: data necessary to provide our services (e.g., personalised portfolio analyses) and to fulfil a contract. Legal basis: Art. 6(1)(b) GDPR.

Cookies/analytics/marketing (optional): set only with your consent. Legal basis: Art. 6(1)(a) GDPR. See the Cookie Policy.

3. Recipients and Processors

We may use carefully selected service providers (e.g., hosting, analytics, email, security) acting as processors pursuant to Art. 28 GDPR under appropriate data processing agreements. We disclose data only with consent, for contract fulfilment, or where required by law (Art. 6(1)(a)–(c) GDPR).

4. International Transfers

Where data is transferred outside the EEA, we implement appropriate safeguards (such as EU Standard Contractual Clauses) and, where required, conduct transfer impact assessments.

5. Retention

We retain personal data only as long as necessary for the purposes described or to comply with statutory retention periods. Examples include:

• Server logs: typically 30–90 days for security/abuse detection.
• Contract/account data: for the term of the contract plus statutory retention periods.
• Support enquiries: typically 6–24 months after closure.

Actual periods may vary depending on the context and legal requirements.

6. Your Rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21) to processing based on legitimate interests, as well as the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You may also lodge a complaint with a supervisory authority, e.g., the Hamburg Commissioner for Data Protection and Freedom of Information.

Contact for requests: contact@portfoliodoc.de

7. Security

We maintain appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and regular backups.

8. Children's Data

Our services are not directed to children. We do not knowingly process children's data without parental consent where required.

9. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects unless clearly disclosed, with meaningful information about the logic and consequences.

10. Changes to This Policy

We may update this Privacy Policy and will indicate the 'Last updated' date. Material changes will be highlighted where appropriate.