Privacy policy
As of March 2026
§ 1 Data Controller
The controller within the meaning of data protection laws is:
NLTS Global Analytics s.r.o.
Malá 43/6, 301 00 Pilsen, Czech Republic
Managing Director: Frank Drescher, MBA
Email: [email protected]
Company ID: 09262024
Commercial Register: C 39473/KSPL Pilsen
VAT ID: CZ09262024
A data protection officer is not required due to the size of the company.
§ 2 General Information on Data Processing
We generally process our users’ personal data only to the extent necessary to provide a fully functional website and our content and services. The processing of our users’ personal data is generally carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.
Since this offer is specifically aimed at users in Germany (principle of market location), we comply not only with the GDPR but also with the provisions of the German Telecommunications and Digital Services Data Protection Act (TDDDG), in particular Section 25 TDDDG regarding the protection of privacy in relation to terminal equipment.
Data transmission over the Internet (e.g., when communicating via email) may be vulnerable to security breaches. It is not possible to completely protect data from access by third parties. For security reasons, this website uses SSL or TLS encryption.
§ 3 Server Log Files
Every time our website is accessed, our hosting provider automatically records data and information about the accessing computer system in server log files.
Data collected:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access originates (referrer URL)
- Browser used and, if applicable, operating system
- Amount of data transferred
- HTTP status code
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring the smooth operation of the website and defending against attacks).
Retention period: IP addresses are anonymized after 24 hours. Server log files are deleted after 72 hours.
§ 4 Cookies and Consent Management
4.1 Cookies in General
Our website uses cookies. Cookies are small text files that are stored in or by the web browser on a user’s computer system. Cookies do not cause any damage to your device and do not contain viruses.
4.2 Consent Banner
When you first visit our website, a consent banner from an external consent management provider will appear, allowing you to accept or decline the use of various categories of cookies. Your selection will be stored in a cookie in your browser and automatically applied during subsequent visits.
In this process, a connection may also be established with the provider’s servers in the EU in order to document your consent and other statements regarding cookie usage in compliance with data protection regulations.
Legal basis: Article 6(1)(c) of the GDPR (compliance with a legal obligation — obtaining consent required by law); Section 25 of the TDDDG.
4.3 Technically necessary cookies
Technically necessary cookies (e.g., to save your cookie preferences, session cookies) are set without your consent, as they are essential for the website to function.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring the website functions properly); Section 25(2)(2) of the TDDDG (strictly necessary cookies).
4.4 Analytics and Marketing Cookies
By default—without your consent—no analytics or marketing cookies are set. These cookies are only activated after you have given your explicit consent via the consent banner.
Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG (consent). Consent may be withdrawn at any time.
§ 5 Web Analytics (only with consent)
We use a web analytics service to analyze user behavior on our website. The service is integrated via our consent management system. Without your consent, no analytics cookies will be set and no personal user profiles will be created.
If you agree in the consent banner, usage data will be collected and transmitted to the service provider. IP addresses are anonymized before being stored (IP anonymization).
Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG (consent) in cases of active consent; Article 6(1)(f) of the GDPR (legitimate interest) for anonymized reach signals without consent.
Transfers to third countries: United States, based on the EU-U.S. Data Privacy Framework.
Withdrawal: You can withdraw your consent at any time via the consent banner or the "Cookie Settings" link in the footer.
§ 6 Anonymous Audience Measurement
In addition to consent-based web analytics, we use an analytics service for anonymous audience measurement that does not collect personal data, does not store IP addresses, and does not perform browser fingerprinting. Only aggregated, non-personally identifiable access data is collected.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in anonymous audience measurement).
§ 7 Conversion Tracking (Advertising Platforms)
If you arrive at our website via an advertisement (search engine advertising or social media ads), a technical identifier derived from the URL of the page you visited is collected during your session and transmitted to the respective advertising platform on the server side when you submit a request, in order to measure the campaign’s success.
Personal data is pseudonymized before transmission (using the SHA-256 hash algorithm). Advertising platforms do not have access to personal data in plain text.
The following categories of advertising platforms are currently integrated:
- Search engine advertising (providers based in the EU/U.S.)
- Social media advertising (providers based in the EU/U.S.)
Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (consent) in the case of active consent via the consent banner; Art. 6(1)(f) GDPR (legitimate interest in measuring advertising effectiveness) for server-side, pseudonymized conversion tracking without access to end devices.
Transfers to third countries: United States, based on the EU-U.S. Data Privacy Framework.
§ 8 Performance Monitoring
This website uses a service to monitor and optimize website performance. The service collects technical data such as page load times, JavaScript errors, browser type and version, and URLs visited. IP addresses are truncated.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the technical optimization and error-free provision of the website); Section 25(2)(2) of the TDDDG, insofar as access to end devices is technically essential.
Transfers to third countries: the United States, based on the EU-U.S. Data Privacy Framework or the EU Standard Contractual Clauses (SCCs).
§ 9 Fonts (locally hosted)
This website uses fonts that are served locally from our server. No connection is made to external font services when you visit the website.
§ 10 Data Processing in Connection with the Application
When you use our application form to request a SCHUFA self-disclosure report, the following personal data is collected:
- Salutation
- First and last name
- Mailing address (street, house number, ZIP code, city)
- Date of Birth
- Email address (required)
- Phone number (optional)
- Handwritten signature (digital signature)
This data is used exclusively for the purpose of preparing and submitting the request for information to SCHUFA Holding AG in accordance with Article 15 of the GDPR. The data is also processed for invoicing and to send status notifications.
10.1 Payment Processing
We charge a service fee of EUR 29.90 (including 19% VAT) for our services. Payment is due upon receipt of an invoice after the service has been provided. We do not use third-party providers for online payment processing. No payment or banking information is collected via our website.
Legal basis (application data): Article 6(1)(b) of the GDPR (performance of a contract).
Legal basis (payment data): Article 6(1)(b) of the GDPR (performance of a contract) in conjunction with Article 6(1)(c) of the GDPR (legal obligation to retain data).
Retention period: Application data: 30 days after processing is completed. Invoice data: 10 years in accordance with § 147 of the German Fiscal Code (AO).
Section 11: Email Communication
11.1 Transactional emails (service emails)
As part of the contract processing, we send emails containing confirmations, status updates, and notifications regarding your application. These emails are necessary for the performance of the contract.
Legal basis: Article 6(1)(b) of the GDPR (performance of a contract).
11.2 Marketing Emails (with Consent)
If you checked the “Email communication” box on the application form, you will occasionally receive information about our services and related offers via email. You can revoke this consent at any time, for example, by clicking the unsubscribe link in each email.
Legal basis: Article 6(1)(a) of the GDPR (consent). Consent may be withdrawn at any time.
11.3 Communication with Existing Customers
If we have obtained your email address as part of an existing customer relationship, we reserve the right to send you information about similar services via email. You may object to this use at any time without incurring any costs other than the standard transmission fees.
Legal basis: Section 7(3) of the German Unfair Competition Act (UWG) in conjunction with Article 6(1)(f) of the General Data Protection Regulation (GDPR) (legitimate interest).
11.4 Email service providers
We use an external email service provider based in the United States to send transactional emails (service emails, status notifications). Email addresses and message content are processed on this provider’s servers.
Transfers to third countries: United States, based on the EU-U.S. Data Privacy Framework.
11.5 Newsletter Service Providers
We use a separate email service provider based in the European Union (France) to send marketing and newsletter emails. Email addresses and message content are processed on this provider’s servers within the EU.
Transfers to third countries: None (processing within the EU).
§ 12 Contact Form and Contact via Email
When you use our contact form or contact us by email, we collect your name, email address, and the content of your message. This information is used solely to process your inquiry.
Legal basis: Article 6(1)(b) of the GDPR (performance of a contract / pre-contractual measures) or Article 6(1)(f) of the GDPR (legitimate interest in processing user inquiries).
Retention period: 90 days after the request has been fully processed.
Section 12a Live Chat and Customer Support
We use a live chat and support tool on our website that allows you to contact us directly via a chat widget or search our knowledge base.
Data collected: Chat message, name and email address (if provided), IP address, browser type, time of the request.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in efficient customer communication) or Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG (consent), provided that consent is obtained via the consent banner.
Transfers to third countries: the United States, based on the EU Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) of the GDPR.
Section 13 Automated Website Translation
This website uses a service to automatically translate our web content into multiple languages. The provider is based in France (European Union).
Data collected: URL visited, IP address, browser type, language preference, time of access. The service uses cookies to save your language selection.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in providing the website in multiple languages); Section 25(2)(2) of the TDDDG (language selection cookie as technically necessary for the service requested by the user).
Place of processing: European Union.
§ 14 Categories of Recipients
We only disclose personal data if it is necessary for the performance of a contract, if there is a legal obligation to do so, or if consent has been obtained.
| No. | Category | Purpose | Seat | Third-country basis |
|---|---|---|---|---|
| 1 | Hosting and Infrastructure | Hosting, server infrastructure, CDN | EU / USA | EU-U.S. DPF |
| 2 | Email delivery (transactional) | Service emails, status updates | United States | EU-U.S. DPF |
| 3 | Newsletter Distribution | Marketing and newsletter emails | EU (FR) | — |
| 4 | Consent Management | Consent Management | EU (DK) | — |
| 5 | Advertising platforms | Conversion Tracking | EU / USA | EU-U.S. DPF |
| 6 | Web Analytics | Usage Analysis (with consent) | United States | EU-U.S. DPF |
| 7 | Automation | Process Automation | United States | SCCs |
| 8 | Customer Support | Live Chat and Ticket System | United States | SCCs |
| 9 | Translation Service | Multilingual deployment | EU (FR) | — |
| 10 | Billing | Invoicing and Bookkeeping | EU (Germany) | United States (Sub-AV: Email delivery via the EU-U.S. DPF) |
| 11 | Accounts Receivable Management | Debt Collection for Late Payments | EU (Germany) | — |
We have entered into data processing agreements (DPAs) in accordance with Article 28 of the GDPR with all processors who process personal data on our behalf.
§ 15 Rights of the Data Subject
You have the following rights with respect to your personal data:
- Right of access (Art. 15 GDPR): You have the right to request information about your personal data stored by us.
- Right to rectification (Art. 16 GDPR): You have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
- Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data, provided there is no legal basis for retaining it.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request that the processing of your personal data be restricted.
- Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your data on grounds relating to your particular situation, provided that the processing is based on Art. 6(1)(e) or (f) of the GDPR. If your data is processed for direct marketing purposes, you may object at any time without providing a reason.
- Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.
To exercise your rights, please contact: [email protected]
§ 16 Right to File a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
Competent supervisory authority for the data controller:
Office for Personal Data Protection (ÚOOÚ)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
https://www.uoou.cz
You may also contact the supervisory authority in the country where you usually live or work, provided that it is located in an EU or EEA member state.
§ 17 Transfers to Third Countries
To the extent that we use services from providers based in the United States, data transfers are conducted in accordance with the EU-U.S. Data Privacy Framework (DPF), provided that the respective provider is certified under the DPF. For providers without DPF certification, we use EU Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) of the GDPR as the basis for the transfer.
For more details on the individual providers and their transfer criteria, please refer to § 14 (Categories of Recipients).
§ 18 Validity and Changes to This Privacy Policy
This Privacy Policy is currently in effect and is valid as of March 2026.
As our website and services evolve, or due to changes in legal requirements, it may become necessary to amend this Privacy Policy. The most current version is always available at https://selbstauskunft.de/datenschutz/.