GDPR & Data Processing (summary)

FAQs

Development & Additional Services

Roles: for hosting and CRO operations we generally act as a Processor and you remain the Controller.
Lawful basis & consent: you are responsible for maintaining a valid lawful basis and consent (e.g., cookie banner). We’ll implement your decisions in Tag Manager and respect Consent Mode.
Data subject rights: we support access, rectification and erasure requests for data we process on your behalf.
Retention: we retain only what’s necessary for the service and delete upon request or within 30 days after termination, unless law requires retention.

A formal Data Processing Addendum (DPA) and list of sub‑processors are available on request.