·LEGAL
Privacy Policy.
As of: 2026-05 · Information pursuant to Art. 13 and Art. 14 GDPR and § 25 TDDDG. Translation provided for reference only. The German version is legally binding.
As of: 2026-05 · Information pursuant to Art. 13 and Art. 14 GDPR and § 25 TDDDG. Translation provided for reference only. The German version is legally binding.
The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information, please see the further sections of this privacy policy.
Data processing on this website is carried out by the website operator (contact details in Section 2 and the Imprint).
Data is collected partly because you actively provide it to us, for example via the contact form or by email. Other data is collected automatically by the server when you visit the website, primarily technical data such as browser, operating system, or time of access (server log files).
Part of the data serves to ensure error-free provision of the website. Other data, when third-party services are active (see Sections 11 and 12) and with your consent, may be used by these third parties to analyze your user behavior. Automated decision-making within the meaning of Art. 22 GDPR does not take place.
You have the right at any time to information, correction, deletion, restriction of processing, data portability, and objection (see Section 13). You also have the right to lodge a complaint with the competent supervisory authority.
The controller responsible for data processing on this website is:
GermanAI Defense GmbH
Ludwig-Erhard-Straße 16A
61440 Oberursel (Taunus)
Deutschland
Telefon: +49 6171 277 84 54
E-Mail: info@germanaidefense.de
Managing Director: Abdussamed Nazik
We take the protection of your personal data seriously. We treat it confidentially and in accordance with the legal data-protection regulations and this privacy policy. Complete protection of data against access by third parties during transmission over the open internet is not technically possible.
Our website and services are not specifically aimed at children under the age of 16. We do not knowingly process personal data of children within the meaning of Art. 8 GDPR. If we inadvertently learn of data from children, we delete it without delay in accordance with Art. 17 GDPR.
Special categories of personal data pursuant to Art. 9 GDPR (e.g., health, religious, or political data) are not processed as part of our web presence.
Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place on this website. In particular, we do not deploy AI systems on the website that analyze or evaluate visitor input or behavioral data, even though our business itself includes AI-powered security solutions.
We process personal data exclusively on the basis of the GDPR:
Where consent for the storage of cookies or access to the end device is requested, processing additionally takes place on the basis of § 25 (1) TDDDG. Consent can be withdrawn at any time.
Among other tools, we use services from companies based in third countries that are not secure under data-protection law, including US tools. When these tools are active, your personal data may be transferred to these countries and processed there. Please note that no level of data protection comparable to the EU can be guaranteed in data-protection-insecure third countries.
Data transfers to the United States are permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional safeguards in place (e.g., standard contractual clauses). Information about specific transfers can be found in the respective sections below.
In the course of our business, we work with various external bodies. Personal data is only transferred where this is necessary for the performance of a contract, where we are legally obliged to do so, where we have a legitimate interest under Art. 6 (1)(f) GDPR, or where another legal basis permits the transfer. When using processors, personal data is only transferred on the basis of a valid data-processing agreement.
This website is operated on servers within the European Union:
A data-processing agreement (DPA) pursuant to Art. 28 GDPR is in place with the hosting provider.
When you visit our website, our hosting provider automatically stores technical information in server log files:
This data is processed exclusively to secure operation, for error analysis, and to defend against attacks (legal basis: Art. 6 (1)(f) GDPR). The data is not combined with other data sources.
Our website uses so-called “cookies” and comparable technologies (e.g., Local Storage). Cookies are small data packages stored in your browser and serve, for example, to recognize you on a subsequent visit. They have different functions:
Strictly necessary cookies are stored on the basis of Art. 6 (1)(f) GDPR. Where cookies require consent, storage takes place exclusively on the basis of your consent pursuant to Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be withdrawn at any time. You can configure your browser to inform you about cookies being set and to allow cookies only on a case-by-case basis or to exclude them entirely.
For security reasons and to protect the transmission of confidential content, this website uses SSL / TLS encryption. You can recognize an encrypted connection by the “https://” in the address bar and the lock symbol in your browser.
Through our contact form we collect the following data:
Processing takes place on the basis of Art. 6 (1)(b) GDPR insofar as the inquiry relates to the performance of a contract or to pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling requests addressed to us (Art. 6 (1)(f) GDPR) and on your express consent pursuant to Art. 6 (1)(a) GDPR by checking the privacy notice.
The submitted data is used exclusively to process your inquiry and any follow-up questions. We do not share this data with third parties without your consent.
If you contact us by email or phone, your inquiry and the resulting personal data will be stored with us for the purpose of processing your request. We do not share this data without your consent.
The data submitted in the course of your inquiry remains with us until you ask us to delete it, withdraw your consent, or the purpose for storage ceases to apply (typically after the inquiry has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.
If you apply with us – for example, by email to our careers address or via the contact channels in the Careers section – we process the personal data you provide exclusively to carry out the application process.
Processing takes place to conduct the pre-contractual relationship and to decide on the establishment of an employment relationship. The legal basis is § 26 (1) BDSG in conjunction with Art. 88 GDPR and Art. 6 (1)(b) GDPR. If you provide us with data that is not required for the application process (e.g., special categories of personal data under Art. 9 GDPR), processing takes place on the basis of your consent under Art. 9 (2)(a) GDPR or § 26 (3) BDSG.
Your application data is viewed exclusively by persons involved in the application process (management, where applicable HR, line managers). Disclosure to third parties only takes place where this is legally required or necessary for entering into a contract with you.
If you are hired, your data will be transferred into the employment relationship. If you are not hired, your application documents will be deleted no later than six months after the application process ends. This period takes into account the retention periods under the General Equal Treatment Act (AGG). With your consent, we can retain your data longer, for example to add you to our talent pool.
If you sign up for our newsletter or a mailing list, we collect the data entered in the form (at minimum the email address) and use it exclusively to send the requested information. Sign-up takes place via double opt-in: after you enter your email address we send a confirmation email; your data is only processed once you confirm the link.
The legal basis is your consent pursuant to Art. 6 (1)(a) GDPR. You can withdraw this consent at any time with effect for the future, by clicking the unsubscribe link in any newsletter email or by sending an informal notice to info@germanaidefense.de. The lawfulness of processing carried out before withdrawal remains unaffected. After unsubscribing, your data is deleted from the distribution list, unless longer storage is legally required.
You can create a personal user account on this website to manage configurations, requests, and applications centrally. Creating an account is voluntary. All functions of the website (contact form, application, newsletter, configurator) can also be used without an account.
Processing takes place on the basis of your consent (Art. 6 (1)(a) GDPR) and for the performance of pre-contractual measures (Art. 6 (1)(b) GDPR) where the account is used in connection with a specific inquiry or contract initiation. The purpose is the personal management of your requests and configurations, as well as efficient communication with you.
On login, a strictly necessary session cookie (session ID) is set. This cookie is HttpOnly, Secure, and SameSite=Lax. It cannot be read by JavaScript and is only transmitted to GermanAI Defense GmbH’s own server. The cookie is valid for 7 days and is deleted immediately on logout. The legal basis is § 25 (2) no. 2 TDDDG (strictly necessary cookie).
Account data is stored for as long as your account is active. You can delete your account at any time via the account area or by sending an informal email to info@germanaidefense.de. After deletion, personal profile data is removed promptly. Certain data (e.g., application documents, submitted requests) may be retained longer due to legal or contractual retention periods. You will typically be informed of this during the deletion process.
Passwords are stored exclusively as bcrypt hashes. Application files and sensitive content are stored outside the public web root on GermanAI Defense GmbH’s server. Access to account data is exclusively encrypted (HTTPS).
On the Contact and About pages we embed map material from the OpenStreetMap platform. The provider is the OpenStreetMap Foundation (OSMF), St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. When the map loads, your IP address is transmitted to OSMF’s servers so the map material can be loaded.
Use is based on Art. 6 (1)(f) GDPR (legitimate interest in an attractive location display). Where consent has been requested, processing takes place on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. An adequacy decision by the EU Commission under Art. 45 GDPR exists for the United Kingdom. To our knowledge, OpenStreetMap does not set tracking cookies. OSM privacy policy: wiki.osmfoundation.org/wiki/Privacy_Policy.
For reach and usage statistics we use Plausible Analytics (provider: Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia). Plausible collects no personal data, sets no cookies and does not use any cross-device recognition. IP addresses are hashed and discarded after processing, so no conclusions can be drawn about individual users.
Use is based on Art. 6 (1)(f) GDPR (legitimate interest in aggregated reach analysis). Privacy policy: plausible.io/privacy.
You have the following rights against us regarding personal data concerning you:
If data processing is based on Art. 6 (1)(e) or (f) GDPR, you have the right at any time, on grounds relating to your particular situation, to object to the processing of your personal data. This also applies to profiling based on these provisions. If your data is processed for direct marketing, you have the right to object at any time without giving reasons.
Competent supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163, 65021 Wiesbaden
datenschutz.hessen.de
We use technical and organizational security measures to protect your data against accidental or unlawful destruction, manipulation, loss, or unauthorized access. Our security measures are continuously adapted in line with technological developments.
This privacy policy is current as of May 2026. Changes to our website or to legal requirements may make adjustments necessary. The current version is always available on this page.