1. Data Controller
The controller responsible for data processing on this website is:
Esper Global GmbH
Zu den Beizwiesen 6
36419 Schleid, Germany
Email: sales@esper-global.com
Phone: +49 (0) 6946 994470
Managing Director: Sean Paul Perez
Commercial Register: Amtsgericht Jena, HRB 520370
2. Scope & Applicability
This privacy policy applies to all personal data processed through our website. It covers website visitors, contact form submissions, and project inquiry contacts. This policy addresses obligations under:
- GDPR (EU/EEA)
- TDDDG / DDG (Germany)
- CCPA / CPRA (California, USA)
- PIPEDA (Canada)
- PIPL (China)
- LGPD (Brazil)
Even where we serve business contacts (B2B), individual employees and representatives retain personal data rights under applicable law.
3. Legal Bases for Processing
We process personal data based on the following legal grounds (GDPR Art. 6):
| Processing Activity | Legal Basis |
|---|---|
| Contact & project inquiry forms | Art. 6(1)(b) — pre-contractual steps |
| Server access logs | Art. 6(1)(f) — legitimate interest (security) |
| Email correspondence | Art. 6(1)(b) or Art. 6(1)(f) |
| Legal retention obligations | Art. 6(1)(c) — legal obligation |
4. Data We Collect
4.1 Contact & Project Inquiry Forms
When you submit a form, we collect: name, company name, email address, phone number, country, and your message or project details (product category, specifications, timeline). We do not collect payment information through our website.
4.2 Server & Access Logs
Our hosting infrastructure automatically collects: IP address, timestamp, requested URL, HTTP status code, referrer, and user agent string. This data is stored on servers in Frankfurt, Germany and retained for up to 30 days for security purposes.
5. Purposes of Processing
- Responding to business inquiries and project requests
- Evaluating potential commercial relationships
- Security monitoring and fraud prevention
- Compliance with legal retention obligations (HGB §257, AO §147)
6. Data Sharing & Third-Party Processors
We share personal data only with the following processors, each bound by a Data Processing Agreement (GDPR Art. 28):
| Processor | Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| HostEurope | Server infrastructure | Frankfurt, Germany | DPA (Art. 28) |
We do not sell, rent, or share personal data with advertisers or data brokers.
7. International Data Transfers
7.1 Hosting in the EU
All website data is hosted within the European Economic Area (EEA) in Frankfurt, Germany. No hosting data is transferred outside the EEA.
7.2 Contacts from Non-EU Countries
Form submissions from contacts in the USA, Canada, China, or Latin America are stored on our EU-based servers in Frankfurt. We apply the respective data protection standards of your jurisdiction as outlined in this policy.
8. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Contact / inquiry form data | Duration of relationship + 6 years | HGB §257 |
| Email correspondence | 6–10 years | HGB §257 / AO §147 |
| Server access logs | 30 days | Security |
9. Your Rights
9.1 Under GDPR (EU/EEA)
You have the right to: access your data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and to withdraw consent at any time (Art. 7(3)). You also have the right to lodge a complaint with a supervisory authority.
9.2 Under CCPA/CPRA (California, USA)
California residents have the right to: know what personal information is collected, request deletion, request correction, and opt out of the sale or sharing of personal information. We do not sell personal data. You will not be discriminated against for exercising your rights.
9.3 Under PIPEDA (Canada)
Canadian contacts have the right to access their personal information, challenge its accuracy, and withdraw consent for non-essential processing.
9.4 Under PIPL (China)
Chinese contacts have the right to be informed, access, copy, correct, and delete their data, restrict or refuse processing, and request data portability.
9.5 Under LGPD (Brazil)
Brazilian contacts have the right to confirmation of processing, access, correction, anonymization, data portability, information about third-party sharing, and to revoke consent.
9.6 How to Exercise Your Rights
Send your request to: privacy@esper-global.com
We will respond within: 1 month (GDPR), 45 days (CCPA), or 30 days (PIPEDA). Identity verification may be required.
10. Supervisory Authority
The competent supervisory authority is:
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Thüringen (TLfDI)
Dr. Lutz Hasse
Postfach 900455
99107 Erfurt
Germany
https://www.tlfdi.de
You may also contact the data protection authority in your country of residence.
11. Security Measures
We protect your data through TLS/HTTPS encryption, hosting in ISO 27001-certified infrastructure in Frankfurt, access controls on a need-to-know basis, and regular security assessments.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
13. Children’s Data
This website is directed exclusively at business professionals. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that a minor has submitted data, it will be promptly deleted.
14. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via a prominent notice on our website. The date of the last revision is noted at the top of this page. Previous versions are available on request.