Last updated: 29.10.2025

This Privacy Policy explains how NiCode GmbH, Am Markt 5, 03130 Spremberg, Germany ("we," "us," or "NiCode") processes personal data when you visit this website, contact us, interact with our services, or are approached as a B2B prospect.

1. Who we are

Controller: NiCode GmbH, Am Markt 5, 03130 Spremberg, Germany
Represented by: Nick Garreis
Email: nick@nicode.co
Phone: +49 1520 3164747

If you contact us regarding privacy, we will respond without undue delay.

2. Scope

This policy covers:

• Visitors to this website and users of our online contact channels.
• Persons who correspond with us by email.
• B2B contacts that we lawfully approach for direct marketing and meeting booking (see section 7).
• Clients’ data processed as a processor during outreach campaigns (see section 8).

3. Categories of data we process via the website

• Technical data: IP address, device/browser information, date/time, pages viewed, referrer URL, basic error logs.
• Communication data: content of messages you send via forms or email, reply metadata, attachments you choose to share.
• Account/booking data (if used): name, business email, role/title, meeting date/time, calendar link, and notes you provide.
• Newsletter data (if used): email address and subscription preferences.

We do not knowingly target or collect data from children.

4. Purposes and legal bases (GDPR Art. 6)

• Website delivery and security (Art. 6(1)(f) legitimate interests): serve pages, prevent abuse, maintain availability, keep logs for troubleshooting.
• Responding to inquiries (Art. 6(1)(b) pre‑contract; Art. 6(1)(f) legitimate interests for general inquiries).
• Appointment scheduling (Art. 6(1)(b) to perform steps prior to a contract; Art. 6(1)(f) legitimate interests to coordinate meetings efficiently).
• Newsletter (Art. 6(1)(a) consent or, where applicable, § 7(3) UWG for existing customers).
• Compliance (Art. 6(1)(c)): fulfil legal retention, tax, and statutory obligations.

Where we rely on legitimate interests, we balance those against your interests and rights. You can object to processing based on legitimate interests at any time (see section 10).

5. Cookies and tracking

• Essential cookies only by default. If we deploy analytics/marketing cookies or pixels that are not strictly necessary, we will obtain consent via a consent banner (Art. 6(1)(a)).
• Analytics (if used): tool, scope, storage period, and opt‑out options will be described here. Until then, only minimal, essential cookies are used to run the site.

6. Recipients and transfers

• Processors (examples): hosting provider, email provider, contact‑form or helpdesk tool, analytics provider, appointment scheduling tool, and deliverability/outreach tooling for our own campaigns. Each acts under Art. 28 GDPR with documented safeguards.
• Third‑country transfers: if services outside the EEA are involved, we use appropriate safeguards such as Standard Contractual Clauses and assess risk. Details are provided where a specific service is used.

We do not sell personal data.

7. B2B direct marketing and prospecting

For B2B outreach, we process business contact data of decision‑makers from publicly available sources, professional networks, and commercial providers.
Legal basis: Art. 6(1)(f) GDPR in line with Recital 47 (legitimate interest in direct marketing) and the applicable national rules on unsolicited communications.
Data categories: name, business email, role/title, company affiliation, and interaction metadata (e.g., whether emails were delivered/opened/replied).
Your rights: You can object to B2B marketing at any time. Every message includes a simple opt‑out.

Retention: suppression lists are kept as long as necessary to honor opt‑out requests; outreach logs are retained only as long as needed for deliverability and compliance purposes (see also section 9).

8. Processing as a processor for clients

When executing outreach on behalf of clients, we act as a processor under Art. 28 GDPR based on a data processing agreement (DPA/AVV). In that role we follow client instructions, implement technical and organizational measures, and delete or return data after the engagement ends. This website policy does not replace such agreements; it explains our general privacy posture.

9. Retention periods

• Server logs: typically up to 14 days, longer only for incident investigation.
• Contact inquiries: for the duration of the conversation and up to 24 months for follow‑up and documentation, then deletion or archiving where legally required.
• Appointments: until the meeting takes place and any follow‑up is complete, then according to statutory retention if it leads to a contract.
• Newsletter: until you unsubscribe or we discontinue the newsletter.
• B2B outreach operations: suppression lists are stored indefinitely to prevent future contact; deliverability/communication logs may be kept up to 12 months for proof and abuse handling; campaign datasets processed for clients are deleted or anonymized shortly after contract end according to our internal deletion schedule.

10. Your rights

You have the rights of access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests and to direct marketing at any time. You also have the right to withdraw consent with future effect where processing relies on consent.

You may lodge a complaint with your local supervisory authority. We will cooperate with authorities as required by law.

11. Security

We apply appropriate technical and organizational measures including role‑based access control, encryption in transit, least‑privilege principles, vendor due diligence, backup and restore testing, and incident response procedures.

12. Sources of data for prospecting

For B2B outreach, we may collect from public websites, company pages, professional profiles, job postings, event speaker lists, and reputable data providers. Where we have not obtained your data directly, we provide Art. 14 information upon first contact or within a reasonable period, and always include an easy opt‑out.

13. Obligation to provide data

You are not legally required to provide website data. However, we cannot respond to inquiries without basic contact details.

14. Changes to this policy

We update this policy from time to time. The current version is published here with the effective date indicated at the top.

Service‑specific annexes (to be completed if used)

1. Analytics: tool name, provider, country, cookie lifetime, legal basis, opt‑out link.
2. Appointment tool: provider, data categories, legal basis, retention, transfers.
3. Newsletter: provider, double‑opt‑in, legal basis, unsubscribe mechanism.
4. Contact form/helpdesk: provider, fields, retention, transfers.
5. CDN/fonts/third‑party assets: provider, country, data categories, transfers.
6. Live chat: provider, data categories, legal basis, retention.

Version

Policy version: v0.1

Last updated: 29.10.2025

This Privacy Policy explains how NiCode GmbH, Am Markt 5, 03130 Spremberg, Germany ("we," "us," or "NiCode") processes personal data when you visit this website, contact us, interact with our services, or are approached as a B2B prospect.

1. Who we are

Controller: NiCode GmbH, Am Markt 5, 03130 Spremberg, Germany
Represented by: Nick Garreis
Email: nick@nicode.co
Phone: +49 1520 3164747

If you contact us regarding privacy, we will respond without undue delay.

2. Scope

This policy covers:

• Visitors to this website and users of our online contact channels.
• Persons who correspond with us by email.
• B2B contacts that we lawfully approach for direct marketing and meeting booking (see section 7).
• Clients’ data processed as a processor during outreach campaigns (see section 8).

3. Categories of data we process via the website

• Technical data: IP address, device/browser information, date/time, pages viewed, referrer URL, basic error logs.
• Communication data: content of messages you send via forms or email, reply metadata, attachments you choose to share.
• Account/booking data (if used): name, business email, role/title, meeting date/time, calendar link, and notes you provide.
• Newsletter data (if used): email address and subscription preferences.

We do not knowingly target or collect data from children.

4. Purposes and legal bases (GDPR Art. 6)

• Website delivery and security (Art. 6(1)(f) legitimate interests): serve pages, prevent abuse, maintain availability, keep logs for troubleshooting.
• Responding to inquiries (Art. 6(1)(b) pre‑contract; Art. 6(1)(f) legitimate interests for general inquiries).
• Appointment scheduling (Art. 6(1)(b) to perform steps prior to a contract; Art. 6(1)(f) legitimate interests to coordinate meetings efficiently).
• Newsletter (Art. 6(1)(a) consent or, where applicable, § 7(3) UWG for existing customers).
• Compliance (Art. 6(1)(c)): fulfil legal retention, tax, and statutory obligations.

Where we rely on legitimate interests, we balance those against your interests and rights. You can object to processing based on legitimate interests at any time (see section 10).

5. Cookies and tracking

• Essential cookies only by default. If we deploy analytics/marketing cookies or pixels that are not strictly necessary, we will obtain consent via a consent banner (Art. 6(1)(a)).
• Analytics (if used): tool, scope, storage period, and opt‑out options will be described here. Until then, only minimal, essential cookies are used to run the site.

6. Recipients and transfers

• Processors (examples): hosting provider, email provider, contact‑form or helpdesk tool, analytics provider, appointment scheduling tool, and deliverability/outreach tooling for our own campaigns. Each acts under Art. 28 GDPR with documented safeguards.
• Third‑country transfers: if services outside the EEA are involved, we use appropriate safeguards such as Standard Contractual Clauses and assess risk. Details are provided where a specific service is used.

We do not sell personal data.

7. B2B direct marketing and prospecting

For B2B outreach, we process business contact data of decision‑makers from publicly available sources, professional networks, and commercial providers.
Legal basis: Art. 6(1)(f) GDPR in line with Recital 47 (legitimate interest in direct marketing) and the applicable national rules on unsolicited communications.
Data categories: name, business email, role/title, company affiliation, and interaction metadata (e.g., whether emails were delivered/opened/replied).
Your rights: You can object to B2B marketing at any time. Every message includes a simple opt‑out.

Retention: suppression lists are kept as long as necessary to honor opt‑out requests; outreach logs are retained only as long as needed for deliverability and compliance purposes (see also section 9).

8. Processing as a processor for clients

When executing outreach on behalf of clients, we act as a processor under Art. 28 GDPR based on a data processing agreement (DPA/AVV). In that role we follow client instructions, implement technical and organizational measures, and delete or return data after the engagement ends. This website policy does not replace such agreements; it explains our general privacy posture.

9. Retention periods

• Server logs: typically up to 14 days, longer only for incident investigation.
• Contact inquiries: for the duration of the conversation and up to 24 months for follow‑up and documentation, then deletion or archiving where legally required.
• Appointments: until the meeting takes place and any follow‑up is complete, then according to statutory retention if it leads to a contract.
• Newsletter: until you unsubscribe or we discontinue the newsletter.
• B2B outreach operations: suppression lists are stored indefinitely to prevent future contact; deliverability/communication logs may be kept up to 12 months for proof and abuse handling; campaign datasets processed for clients are deleted or anonymized shortly after contract end according to our internal deletion schedule.

10. Your rights

You have the rights of access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests and to direct marketing at any time. You also have the right to withdraw consent with future effect where processing relies on consent.

You may lodge a complaint with your local supervisory authority. We will cooperate with authorities as required by law.

11. Security

We apply appropriate technical and organizational measures including role‑based access control, encryption in transit, least‑privilege principles, vendor due diligence, backup and restore testing, and incident response procedures.

12. Sources of data for prospecting

For B2B outreach, we may collect from public websites, company pages, professional profiles, job postings, event speaker lists, and reputable data providers. Where we have not obtained your data directly, we provide Art. 14 information upon first contact or within a reasonable period, and always include an easy opt‑out.

13. Obligation to provide data

You are not legally required to provide website data. However, we cannot respond to inquiries without basic contact details.

14. Changes to this policy

We update this policy from time to time. The current version is published here with the effective date indicated at the top.

Service‑specific annexes (to be completed if used)

1. Analytics: tool name, provider, country, cookie lifetime, legal basis, opt‑out link.
2. Appointment tool: provider, data categories, legal basis, retention, transfers.
3. Newsletter: provider, double‑opt‑in, legal basis, unsubscribe mechanism.
4. Contact form/helpdesk: provider, fields, retention, transfers.
5. CDN/fonts/third‑party assets: provider, country, data categories, transfers.
6. Live chat: provider, data categories, legal basis, retention.

Version

Policy version: v0.1