Skip to content
tech reform

Privacy Policy

This English translation is provided for convenience. The German version is legally authoritative.

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):
tech reform GmbH
Niederurseler Allee 8-10
65760 Eschborn
Managing Director: Jeremy Thomas Stein
Email: [email protected]
Phone: +49 6196 9215922

See also our Imprint.

2. General information on data processing

We process personal data only to the extent necessary to provide a functional website and our content and services. Personal data is regularly processed only with consent, unless processing is permitted by statutory provisions.

3. Hosting

This website is operated on tech reform GmbH's own infrastructure. The server infrastructure is located in a data centre operated by netcup GmbH (Karlsruhe, Germany). Data processing takes place exclusively within German data centres (German data sovereignty). The application runs in Docker containers managed by tech reform GmbH itself.

When you visit our website, the web server automatically records server log files:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure and efficient provision of the website). Log files are automatically deleted after 14 days.

4. Content Delivery Network (Cloudflare)

We use the content delivery network (CDN) of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare acts as a reverse proxy between your browser and our web server. Requests are routed via Cloudflare servers to optimise loading speed and protect the website against attacks.

In this context, Cloudflare processes IP addresses and connection metadata. Cloudflare is certified under the EU-U.S. Data Privacy Framework. Further information: Cloudflare privacy policy.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and performant delivery).

5. Web analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics for statistical analysis of website usage. This method works entirely without cookies and without long-term storage of personal data. IP addresses are used only briefly for aggregation and are then discarded. No tracking of individual users takes place.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in statistical analysis to improve our website).

6. Contact form

If you send us an enquiry via the contact form, the data you enter (name, email address, company, message) will be processed and stored to handle your enquiry.

The form data is transmitted exclusively to our own CRM system (Odoo), which is operated on our own infrastructure at netcup (Germany). No data is transferred to external form service providers or to third countries.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in the efficient handling of enquiries). Your contact data will be deleted once your enquiry has been conclusively processed, unless statutory retention obligations apply.

7. Newsletter

You can subscribe to our newsletter via our sign-up form. Registration uses a double opt-in procedure: after entering your email address, you will receive a confirmation email. Your email address is only added to our mailing list after confirmation.

Newsletter subscribers are managed via Odoo (email marketing module), which is operated on our own infrastructure at netcup (Germany). Your data never leaves the German jurisdiction.

The following data is processed: email address, selected topics, time of registration. You can unsubscribe from the newsletter at any time via the unsubscribe link in every issue or by emailing [email protected].

Legal basis: Art. 6 (1) (a) GDPR (consent).

8. Databases and internal services

We use MongoDB and a KERI agent for data processing. Both services are operated exclusively on our own infrastructure at netcup (Germany) and are not accessible from outside. Access is restricted to internal systems of tech reform GmbH.

9. SSL/TLS encryption

For security reasons, this website uses SSL or TLS encryption for the transmission of confidential content. You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock symbol in your browser bar.

10. Embedded YouTube videos

On individual pages (e.g. talks and keynotes), we embed videos via YouTube in privacy-enhanced mode (domain youtube-nocookie.com). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In privacy-enhanced mode, no data is initially transferred to YouTube when the page loads; only when you actively play a video does your browser establish a connection to YouTube or Google servers. Personal data (including your IP address) may be processed in this context and may be transferred to third countries. Further information: Google privacy policy.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the appealing presentation of our content). If you wish to avoid the transfer, do not play the embedded videos.

11. Your rights as a data subject

Under the GDPR, you have the following rights:

  • Access (Art. 15 GDPR) — the right to information about the personal data we process.
  • Rectification (Art. 16 GDPR) — the right to have inaccurate data corrected.
  • Erasure (Art. 17 GDPR) — the right to have your data deleted, unless statutory retention obligations prevent this.
  • Restriction (Art. 18 GDPR) — the right to restrict processing.
  • Data portability (Art. 20 GDPR) — the right to receive your data in a structured, commonly used and machine-readable format.
  • Objection (Art. 21 GDPR) — the right to object to processing based on Art. 6 (1) (f) GDPR.
  • Withdrawal of consent (Art. 7 (3) GDPR) — you may withdraw any consent given at any time with effect for the future.

To exercise your rights, please contact: [email protected].

12. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany
https://datenschutz.hessen.de

13. Validity and amendment of this privacy policy

This privacy policy is currently valid as of July 2026. As our website evolves, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy.

Last updated: July 2026

Stay in the loop

Governance innovation, product updates, and curated reads — no spam, just signal. Pick the topics that matter to you.

Topics

Subscribe to tech reform or ProcesOS and get our Innovation & Excellence feature as a free download.