Privacy notice

Ellunium AI Solutions GmbH (Ellunium) - Independent AI consulting practice for SMEs.

Managing directors & controller: Vassil Dimov, Fabian Denker

Ellunium AI Solutions GmbH

Altrottstraße 31

69190 Walldorf, Germany

Phone: available on request (please reach out via email to avoid spam calls).

Email for privacy enquiries: kontakt@ellunium.de

Data Protection Officer: Vassil Dimov (contact: dimov@ellunium.de)

Register court: Amtsgericht Mannheim.

Registration number: HRB 757037.

VAT ID (Section 27a UStG): DE – pending issuance.

These notices apply to https://www.ellunium.de and the services offered there (website visits, sample-report requests, email contact, and appointment booking).

Embedded third-party services (e.g., Microsoft Bookings) are governed by their own privacy notices.

When you access the website, we process technical access data that is required to deliver and secure the site.

• IP address, date/time, requested page/file, HTTP status, referrer, user agent.
• Purposes: website delivery, error analysis, performance monitoring, IT security, and abuse prevention.

We process the data you submit through the sample-report form to deliver the requested PDF report.

• Sample-report requests store your email address, selected language, originating IP address, timestamp, and a unique token to deliver the report and enforce basic rate limits.
• Download links are validated server-side and expire automatically after a limited time.
• Lead-request data is stored in Supabase.
• FICO sample report emails are sent through our Microsoft 365 mail infrastructure via Microsoft Graph.
• If configured by us, we may also post an internal delivery notification containing the recipient email to a Microsoft Teams channel.

If you contact us by email or in the course of business communication, we process your details to handle your request.

• We process, for example, name, email address, company, phone number, and message.
• Communication runs through our Microsoft 365 infrastructure.

We use Microsoft Bookings for scheduling. The service loads only when you open the booking modal or follow the booking link.

• Microsoft acts as an independent controller for the data entered there.

We use a mix of necessary and consent-based technologies on the website.

• Vercel Speed Insights helps us measure technical performance and web-vital quality.
• Vercel Web Analytics loads only after your consent and provides aggregated page metrics.
• The LinkedIn Insight Tag loads only after your marketing consent for campaign measurement.
• We store your privacy choices locally so they can be remembered on future visits.
• We use a locale cookie for language routing and, with your preferences consent, we also store your preferred language in localStorage.

Depending on the processing activity, we rely on the following GDPR legal bases:

• Art. 6(1)(b) GDPR to process sample-report requests and respond to business enquiries.
• Art. 6(1)(f) GDPR for website operations, server logs, performance monitoring, IT security, abuse prevention, and business communication.
• Art. 6(1)(a) GDPR if you opt into optional preferences, analytics, or marketing.
• Sec. 25(1) TTDSG for optional storage, analytics, and marketing on your end device.
• Sec. 25(2) TTDSG where access to end devices is strictly necessary to provide the website and language routing.

We only share data with selected service providers that support service delivery:

• Supabase (EU data center) stores sample-report lead requests under a DPA.
• Vercel hosts the website (Frankfurt region, eu-central-1/fra1) and provides Speed Insights plus Vercel Web Analytics.
• Microsoft 365 provides our email infrastructure; Microsoft Graph is used for transactional FICO sample report emails.
• If configured by us, Microsoft Teams may receive internal delivery notifications.
• Microsoft Bookings loads on demand; Microsoft is an independent controller for data entered there.
• LinkedIn receives data only if you consent to marketing and the Insight Tag loads.

Some providers may transfer data to third countries, in particular the United States, for example Microsoft, Vercel, or LinkedIn.

Where applicable, we rely on appropriate safeguards such as EU Standard Contractual Clauses and/or participation in the EU-US Data Privacy Framework, where available.

We process personal data only as long as required for the respective purpose.

• Sample-report request data is deleted or anonymized on request or when no longer needed for service delivery.
• Communication data is stored until your request is completed and in line with statutory retention requirements.
• Server log data is typically deleted after a short period, at the latest after 30 days.
• Rate-limit metadata may be retained as long as necessary to detect abuse and prevent repeated misuse.
• LocalStorage entries remain in your browser until you delete them or clear browser storage.

Required fields are marked in our forms. Without this information we cannot send the requested sample report or handle your inquiry.

We do not perform solely automated decisions with legal or similarly significant effects.

You have the right to access, rectification, deletion, restriction of processing, and data portability.

You can object to processing based on Art. 6(1)(f) GDPR at any time and withdraw consent with effect for the future.

Please email kontakt@ellunium.de so we can identify your record and handle your request. We usually respond within three days.

You also have the right to lodge a complaint with the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information, Königstraße 10a, 70173 Stuttgart, Germany (https://www.baden-wuerttemberg.datenschutz.de/).

Of course you can always contact us first via kontakt@ellunium.de and we will seek to resolve any issue promptly.