Privacy policy.

SciReg takes the protection of your personal data very seriously. We treat your data confidentially and in accordance with statutory data protection regulations. This Privacy Policy informs you about the type, scope, and purpose of the collection and processing of personal data when using this website and our consulting services.

Processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).

This website and our services are intended exclusively for business customers and partners in the field of GMP compliance and regulatory consulting.

Last updated: 1st September 2025

1. Controller

Controller within the meaning of Art. 4(7) GDPR:
Maximilian E. Gert-Kleint
Freelance GMP Consultant
Kolonnenstraße 8
10827 Berlin
Germany

Phone: +49 176 2509 7106
Email: info@sciregconsult.com

2. Categories of Personal Data

We may process the following categories of personal data:

  • Identity and contact data (e.g. name, company, position, email address, telephone number, business address)
  • Business-related information (e.g. project details, communication records, offers and contracts, invoices)
  • Technical data (e.g. IP address, browser type and version, operating system, date and time of access, referrer URL, device information, server log files)
  • Usage data (e.g. visited pages, navigation paths, interactions with forms, length of visit)

We do not intentionally collect special categories of personal data within the meaning of Art. 9 GDPR (e.g. health data, biometric data, political opinions). If such information is inadvertently transmitted to us, it will be deleted without undue delay.

3. Legal Bases for Processing

We process personal data exclusively on the following legal bases:

  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures (e.g. handling inquiries, preparing offers, fulfilling consulting agreements)
  • Art. 6(1)(c) GDPR – compliance with legal obligations (e.g. commercial and tax retention requirements under German law)
  • Art. 6(1)(f) GDPR – legitimate interests (e.g. ensuring IT security, preventing misuse, optimizing services, business development)
  • Art. 6(1)(a) GDPR – your consent, where required (e.g. analytics cookies, newsletter subscriptions)

4. Purposes of Processing

  • Communication in connection with inquiries, offers, and consulting engagements
  • Execution and performance of contractual consulting services (GMP, ISO, quality management systems)
  • Fulfilment of legal obligations, particularly record-keeping under tax and commercial law
  • Operation, maintenance, optimization, and security of this website and IT systems
  • Business relationship management and development of new business opportunities

5. Data Retention

We store personal data only as long as necessary for the stated purposes or as required by law:

  • Business documents (e.g. invoices, contracts): retained up to 10 years pursuant to German law (§ 147 AO, § 257 HGB)
  • Correspondence and project files: deleted after statutory retention periods, unless longer retention is required for legal defense or legitimate interests
  • Technical access data (e.g. server logs): typically deleted automatically after 7–30 days, unless further retention is required for security or evidentiary reasons

6. Hosting and Web Analytics

This website is hosted by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA. Squarespace provides the infrastructure, server hosting, and content management system.

  • A Data Processing Agreement pursuant to Art. 28 GDPR has been concluded with Squarespace.
  • Squarespace may engage sub-processors and transfer data to the United States.
  • Data transfers are safeguarded by the EU–U.S. Data Privacy Framework (DPF) (Art. 45 GDPR). Where the DPF does not apply, transfers rely on the Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR).

Further information: Squarespace Privacy Policy

If analytics tools are used (e.g. Squarespace Analytics or Matomo with IP anonymization), they are configured in a privacy-compliant manner. No personal data is shared with third-party advertising networks.

7. Data Transfers to Third Parties and Third Countries

We disclose personal data to third parties only if:

  • you have given your explicit consent (Art. 6(1)(a) GDPR),
  • the disclosure is required for contractual performance (Art. 6(1)(b) GDPR),
  • a legal obligation exists (Art. 6(1)(c) GDPR), or
  • the disclosure is based on legitimate interests and lawful (Art. 6(1)(f) GDPR).

Third-country transfers: United States (Squarespace hosting) via DPF or SCCs; Switzerland (Proton Drive) under adequacy decision (Art. 45 GDPR). No further third-country transfers take place.

8. Rights of Data Subjects

You have the following rights under the GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing based on Art. 6(1)(e) or (f) (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3), with effect for the future)
  • Right to lodge a complaint with a supervisory authority (Art. 77)

In Germany: The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Graurheindorfer Straße 153, 53117 Bonn.

You may exercise your rights at any time by contacting us via the contact details listed under “Controller”.

9. Data Security

In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures (TOMs) to protect personal data against loss, destruction, unauthorized access, alteration, or disclosure, including:

  • Role-based access controls and strict authorization management
  • Password-protected and encrypted devices (e.g. full-disk encryption, strong password policies)
  • Data minimization and confidentiality principles
  • Encrypted communication channels (TLS/HTTPS; encrypted email; VPN for remote access)
  • Regular software updates, system monitoring, and backups
  • Access restricted to the controller or authorized processors under confidentiality obligations

All devices used for processing are handled with care, secured against unauthorized access, and regularly maintained.

10. Cookies and Consent Management

We use cookies and similar technologies to ensure the functionality, security, and usability of this website.

  • Technically necessary cookies: § 25(2) TTDSG and Art. 6(1)(f) GDPR (legitimate interests)
  • Non-essential cookies (e.g. analytics, embedded third-party content): § 25(1) TTDSG and Art. 6(1)(a) GDPR (consent)

Consent is obtained and managed via the CCM19 Consent Management Platform (Papoo Software & Media GmbH, Bonn, Germany).

Further information: CCM19 Privacy Policy

11. Updates to this Policy

We reserve the right to update this Privacy Policy in the event of legal, technical, or organizational changes. The current version is always available on this website.

12. Data Storage and Local Processing

  • Cloud Storage (Proton Drive): We use Proton Drive (Proton AG, Geneva, Switzerland) for secure cloud-based storage and remote access to files, including project documents, correspondence, and records. Switzerland benefits from an EU adequacy decision (Art. 45 GDPR).
  • Local Processing: Project-related data is processed locally using Microsoft Office (offline use) and LaTeX (offline use). No automatic transfer of personal data to Microsoft or other third parties occurs.
  • Device Security: All devices are password-protected, encrypted, regularly updated, and protected with security software. Access is restricted solely to the controller.