Privacy Policy

Information on data processing in accordance with the EU General Data Protection Regulation (GDPR).

Responsible Party

The responsible party for data processing on this website is:

Kardashev Catalyst UG (haftungsbeschränkt)

Represented by: Simon Orzel (Geschäftsführer)

Amtsgericht Köln, HRB 126993

Trierer Str. 6, 50676 Köln, Germany

Email: simon@nisd2.eu

Data We Collect

When you use our platform, we process the following personal data:

  • Account data: name and email address provided via Google OAuth during sign-in
  • Form submissions: data you enter in compliance requirement forms
  • Uploaded files: evidence documents you upload to the platform
  • Technical data: IP address, browser type, and access timestamps in server logs
Purpose and Legal Basis

We process your data for the following purposes:

  • Providing the NIS2 compliance platform (Art. 6(1)(b) GDPR - performance of a contract)
  • User authentication and account management (Art. 6(1)(b) GDPR)
  • Ensuring the security and integrity of our platform (Art. 6(1)(f) GDPR - legitimate interest)
  • Compliance with legal obligations (Art. 6(1)(c) GDPR)
Third-Party Processors

We use the following third-party services to operate the platform:

  • Google (OAuth): authentication - processes your name and email address for sign-in
  • Amazon Web Services (S3): file storage - stores evidence documents you upload
  • Resend: transactional email - delivers notification and invitation emails
  • xAI: AI-assisted form prefill - processes company information to generate draft form responses
Analytics

We use Umami for website analytics. Umami is self-hosted on our own infrastructure. It does not collect personal data, does not use cookies, and does not track individual users. All data is aggregated and anonymous. No consent is required for this type of analytics.

Cookies

This website only uses technically necessary cookies:

  • Session cookie (NextAuth): required for authentication - expires when you sign out or after the session timeout
  • Locale cookie (next-intl): stores your language preference (EN/DE)

We do not use tracking cookies, advertising cookies, or any third-party cookies. No cookie consent banner is needed because only technically necessary cookies are set.

Your Rights (Art. 15-21 GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15): request information about what data we store
  • Right to rectification (Art. 16): correct inaccurate data
  • Right to erasure (Art. 17): request deletion of your data
  • Right to restriction (Art. 18): restrict processing of your data
  • Right to data portability (Art. 20): receive your data in a machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interest

To exercise any of these rights, contact us at simon@nisd2.eu.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for Köln is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

https://www.ldi.nrw.de

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser's address bar.

Data Retention

Your data is stored as long as your account is active and necessary for the purposes described above. Compliance data (form submissions, evidence, audit trail) is retained for the legally required period. When you delete your account, personal data is removed. Anonymized audit trail entries may be retained.

Changes to This Policy

We may update this privacy policy from time to time. The current version is always available on this page. Last updated: February 2025.