Privacy Policy — Support Helpdesk

Effective May 2026 · International scope · Applies to users worldwide submitting support requests via this helpdesk

1. Data Controller

Berger & Rosenstock GbR (trading as DigitalFreedom)
Dieselstr. 22e, 61231 Bad Nauheim, Germany
Authorized representatives: Marcel R. G. Berger, Jasmin Rosenstock
VAT-ID: DE455096022

General contact: hello@digitalfreedom.co.za
Data protection requests: data-protection@digitalfreedom.co.za

2. Data We Process When You Submit a Ticket

We do not collect: location data beyond IP-derived country, device identifiers, advertising IDs, biometric data, financial data, health data, precise geolocation.

3. Purpose & Legal Basis (GDPR)

Processing ticketArt. 6(1)(b) GDPR — pre-contractual / contractual response to your request
Server logs, securityArt. 6(1)(f) GDPR — legitimate interest in service integrity and abuse prevention
Statutory retentionArt. 6(1)(c) GDPR — German Commercial Code (HGB) / Tax Code (AO) obligations

4. Recipients / Sub-processors

We do not sell, rent, lease, or trade your personal data. No behavioral tracking, no advertising profiles, no third-party analytics scripts, no data brokers.

5. Retention

6. International Data Transfers

7. Your Rights — by Region

7.1 European Union / European Economic Area (GDPR)

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17 — subject to statutory retention), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent at any time with effect for the future (Art. 7(3)), no automated decision-making (Art. 22 — we do not perform any).

To exercise: data-protection@digitalfreedom.co.za

7.2 United Kingdom (UK GDPR + Data Protection Act 2018)

Same rights as under EU GDPR. Complaints can be filed with the Information Commissioner's Office (ICO), ico.org.uk.

7.3 Switzerland (revDSG)

Same rights as under EU GDPR. Complaints can be filed with the Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch.

7.4 California, USA (CCPA / CPRA)

California residents have the right to:

To exercise: data-protection@digitalfreedom.co.za. Verification: we may ask you to confirm your identity by matching the email address on file. We respond within 45 days.

7.5 Other US States (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, etc.)

Substantively equivalent rights to access, delete, correct, and opt out of targeted advertising apply. We do not engage in targeted advertising or sales of personal information. Exercise rights via the data protection contact above.

7.6 Canada (PIPEDA + Quebec Law 25)

Right of access, correction, withdrawal of consent, complaint to the Office of the Privacy Commissioner of Canada (priv.gc.ca). Quebec residents additionally have data portability rights under Law 25.

7.7 Brazil (LGPD)

Rights to confirmation, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent (Art. 18 LGPD). Complaints can be filed with the Autoridade Nacional de Proteção de Dados (ANPD).

7.8 Australia (Privacy Act 1988 + Australian Privacy Principles)

Right to access, correction, and complaint to the Office of the Australian Information Commissioner (oaic.gov.au). We notify you of eligible data breaches in accordance with the Notifiable Data Breaches scheme.

7.9 South Africa (POPIA)

Rights of access, correction, deletion, objection, and the right not to be subject to automated decision-making (Sections 23–25 POPIA). Complaints to the Information Regulator (inforegulator.org.za).

7.10 Japan (APPI), South Korea (PIPA), India (DPDP Act 2023), other jurisdictions

We honor equivalent rights of access, correction, deletion, and complaint in all jurisdictions where applicable local law applies. Contact us via the data protection address above to exercise them.

8. Primary Complaint Authority (Germany)

You can always lodge a complaint with the supervisory authority for the controller's seat:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163, 65021 Wiesbaden, Germany
datenschutz.hessen.de

9. Children's Privacy

This helpdesk is not directed at children under 16 (EU) / under 13 (US under COPPA). We do not knowingly process personal information of children under these ages. If you believe a child has submitted personal information, please contact us at data-protection@digitalfreedom.co.za and we will delete it.

10. No Sale, No Profiling, No Tracking

Universally and across all jurisdictions: we do not sell, rent, lease, or share your personal data for commercial purposes. We do not build advertising or behavioral profiles. We do not engage in automated decision-making (Art. 22 GDPR / Section 24 POPIA / similar provisions in other laws).

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify the competent supervisory authority within 72 hours (GDPR Art. 33), and notify affected users without undue delay when there is a high risk to your rights and freedoms (Art. 34). Equivalent obligations under UK GDPR, POPIA Section 22, Australian Notifiable Data Breaches scheme, and similar laws apply.

12. Changes

This policy may be updated to reflect changes in our processing, applicable law, or sub-processor relationships. The current version is always accessible via this link. We will notify users of material changes by email if they have an active ticket.