Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. The following information explains how we handle your personal data when you use our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

TrustFort IT Consulting GmbH Mies-van-der-Rohe-Str. 6 80807 Munich Germany Phone: +49 (89) 215269300 Email: info@trustfort.net

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you visit our website for informational purposes only, meaning you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to our server (so-called "server log files"):

The website visited
Date and time of access
Amount of data transmitted (in bytes)
Source/referrer from which you accessed the site
Browser used
Operating system used
IP address (if applicable, in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. This data is not passed on or used in any other way. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.

2.2 SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries sent to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser's address bar.

3) Hosting

Microsoft Azure

We use the services of the following provider to host our website and display page content:

Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

Microsoft IndexNow

To notify search engines promptly when our website content changes, we use Microsoft's IndexNow service. After each production deployment, our CI/CD pipeline submits the public page URLs listed in our sitemap (e.g. /en/about-us) to the IndexNow API at api.indexnow.org. This submission contains only publicly accessible page paths, a domain verification key, and our domain name. No personal data of website visitors is included or transmitted.

The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in maintaining accurate and up-to-date search engine indexing of our publicly available content. Microsoft's IndexNow service is operated under the same EU-US Data Privacy Framework participation referenced above.

4) Cookies and Browser Storage

4.1 Overview

This website uses browser storage (localStorage and sessionStorage) to provide core functionality and, with your consent, anonymous usage statistics. We do not use traditional HTTP cookies for tracking purposes.

tf-consent (localStorage, persistent) — Stores your privacy preferences so we can remember your choice across visits. This is strictly necessary to honour your choice under ePrivacy Directive Art. 5(3) and does not require consent. This data is never sent to our servers.

4.3 Statistics Storage (Opt-In Only)

tf_sid (sessionStorage, session only) — Anonymous session identifier for first-party analytics. This is only set if you have given your consent via our consent management tool. It is cleared automatically when you close the browser tab.

4.4 What We Do Not Use

No marketing cookies or tracking pixels
No third-party analytics (no Google Analytics, no Meta Pixel)
No advertising cookies or retargeting
No external scripts that set cookies
No cross-site tracking of any kind

5) Contacting Us

5.1 Online Appointment Booking

For providing an online appointment booking function, we operate a custom booking widget on our website. When you book a meeting, your first name, last name, email address, and selected time slot are collected and processed to schedule and conduct the meeting.

The legal basis is Art. 6(1)(b) GDPR (performance of pre-contractual measures at your request). Your data is stored on our infrastructure (Microsoft Azure, see Section 3) and deleted after the meeting has taken place or the agreed period has expired.

5.2 Email Ticketing System (Microsoft)

To process customer inquiries, we use the email system of:

Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA

If you contact us via email through our website, your inquiry will be stored and organized in our email system to ensure chronological processing and improve service quality. The following personal data is collected and processed: first name, last name, and email address.

The legal basis is Art. 6(1)(f) GDPR, based on our legitimate interest in efficient customer service and prompt response to inquiries.

We have concluded a data processing agreement with the provider. For data transfers to the USA, Microsoft participates in the EU-US Data Privacy Framework.

5.3 Contact Form

When contacting us via our contact form, the following personal data is collected: name, email address, company (optional), and your message. This data is stored and used exclusively to respond to your inquiry and for the associated technical administration.

The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in responding to your inquiry. If your inquiry aims at concluding a contract, Art. 6(1)(b) GDPR is an additional legal basis.

Your data will be deleted after final processing of your request, provided there are no statutory retention obligations.

We may also use your contact data for internal lead management, including categorisation of your inquiry and prioritisation of follow-up. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in efficient customer management). No automated decisions with legal or similarly significant effects are made based on this processing. All data remains on TrustFort infrastructure and is not shared with third parties.

6) Web Analytics

First-Party Analytics

This website uses a custom, self-hosted analytics system to understand how visitors use our website. All analytics data is processed exclusively on TrustFort infrastructure (Microsoft Azure, see Section 3). No data is shared with third parties.

When you consent to statistics via our consent management tool, the following data is collected and sent to our server endpoint:

Page URL visited (path only, no query parameters containing personal data)
Referrer host (the domain from which you arrived)
Browser locale
Anonymous session identifier (random UUID stored in sessionStorage, cleared when you close the tab)
Timestamp of the page view
UTM campaign parameters (if present in the URL)

The legal basis is Art. 6(1)(a) GDPR — your explicit consent given via our consent management tool. Without your consent, no analytics data is collected or transmitted. You can revoke your consent at any time via the "Privacy settings" link in the footer of every page.

Data collected through analytics is stored for a maximum of 90 days and then automatically deleted.

If you subscribe to our newsletter at newsletter.trustfort.io, we collect your email address and optionally your name. We use a double opt-in process: after submitting the signup form, you will receive a confirmation email with a unique link. Your subscription is only activated after you click this confirmation link.

The legal basis for processing is Art. 6(1)(a) GDPR (your consent). You can unsubscribe at any time using the unsubscribe link included in every newsletter email, or by contacting us at info@trustfort.net. Upon unsubscription, your data will be deleted.

Newsletter data is stored and processed on TrustFort infrastructure (Microsoft Azure, see Section 3). No data is shared with third parties.

This website uses a custom-built consent management tool to obtain valid user consent for non-essential browser storage. The tool is displayed upon your first visit and offers three options: Accept all, Reject all, or Manage preferences.

Non-essential storage and services are only activated after you give your explicit consent. You can change your preferences at any time via the "Privacy settings" link in the footer.

The tool stores your preference in localStorage (see Section 4.2). Technically necessary storage is used pursuant to Art. 6(1)(f) GDPR and Art. 6(1)(c) GDPR.

9) Rights of Data Subjects

9.1 You have the following rights under applicable data protection law:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

The competent supervisory authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

9.2 Right to Object

If we process your personal data based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time for reasons arising from your particular situation.

If you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

If personal data is processed for direct marketing purposes, you have the right to object at any time. In this case, processing for such purposes will cease.

10) Duration of Storage of Personal Data

The storage duration depends on the legal basis, processing purpose, and applicable statutory retention periods (e.g. commercial or tax law retention obligations).

Data processed based on consent is stored until consent is withdrawn.
Data processed under contractual obligations is deleted after statutory retention periods.
Data processed based on legitimate interests is stored until you object, unless overriding legitimate grounds exist.

Unless otherwise stated, personal data is deleted once it is no longer necessary for its intended purpose.

Last updated: March 28, 2026