1. Controller Information
Stepien Digital is established in Germany and acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).
VAT ID: DE454302821
This page explains what data we process, why we process it, which providers are involved, how long we keep data, and your rights under the GDPR.
Jump directly to any section. Each section includes a copy-link button and an expand/collapse option.
Stepien Digital is established in Germany and acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).
This Privacy Policy explains how personal data is collected, processed, and protected when you use Stepien Digital services, websites, and communication channels.
It applies to visitors, prospects, business clients, and contacts who reach out via email, web forms, social platforms, or other channels used to deliver our services.
We may process the following categories of personal data, depending on the interaction and service scope.
We process personal data to provide services, operate websites, manage digital presence, maintain secure systems, communicate with clients, handle billing, and comply with legal obligations.
Legal bases may include performance of a contract, legitimate interests, and compliance with legal obligations. When consent is required, we request it clearly and specifically.
Websites and databases are hosted on SmarterASP.NET. DNS and security services are managed through Cloudflare. Media and static assets may be stored and delivered via Cloudflare R2.
We use third party services only when needed to deliver services, run infrastructure, process payments, improve security, or support operations.
When we rely on providers, we aim to use appropriate contractual protections and technical safeguards.
Our websites process technical data needed to display pages, protect services, prevent abuse, and measure aggregate usage. This can include server logs, IP addresses, request metadata, and security or analytics signals. We use Cloudflare Web Analytics instead of Google Analytics and avoid marketing or behavioral tracking technologies on this website.
When you contact us, we process the data you provide to respond, document the request, and support service delivery.
Communication data can include message content, attachments, and technical metadata. We keep communication data as long as needed to handle the request and meet legal obligations.
Billing information may be processed to issue invoices, manage ongoing services, and maintain accounting records. Payments may be processed through Stripe.
We do not store full card details on our systems. Payment card data is handled by Stripe according to their security standards.
We keep personal data only as long as necessary for the stated purposes and to comply with legal retention duties.
Depending on the providers used, personal data may be processed in different countries. Where international transfers occur, we aim to rely on appropriate safeguards, such as contractual protections and security measures.
Data subjects have the right to access, rectify, erase, restrict processing, object, and request data portability in accordance with GDPR.
Stepien Digital uses transport encryption, firewall protections, access controls, and monitoring measures to safeguard personal data.
Stepien Digital is not responsible for the misuse of its services, unlawful content provided by clients, or actions taken by third-party platforms.
Clients remain responsible for the legality of content they provide, and for compliance obligations that apply to their specific business activities.
This Privacy Policy may be updated to reflect legal or technical changes. The current version is published on the website.
This Privacy Policy is provided in English for convenience. In the event of discrepancies or interpretation issues, the German version shall prevail.