GDPR Information

M3tech GDPR compliance information and data protection details

Effective Date: 2 May 2026

Data Controller

M3tech, located in Europe, is the data controller responsible for the personal data we collect through our website (m3tech.eu) and during the course of providing our services.

What Data We Collect

We collect and process the following categories of personal data:

  • Contact form data: Name, email address, company name, and message content when you contact us through our website.
  • Service engagement data: Information provided during client engagements, such as contact details, billing information, and project-related communications.
  • Website analytics data: We use self-hosted analytics to collect anonymised usage data including page views, referral sources, and general geographic regions. We do not use third-party tracking services such as Google Analytics. No personally identifiable information is collected through our analytics.
  • Communication data: Email correspondence and meeting records related to service delivery and business inquiries.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so, under Article 6 of the GDPR:

  • Consent (Article 6(1)(a)): When you submit our contact form, you consent to us processing the provided data to respond to your inquiry.
  • Contractual necessity (Article 6(1)(b)): Processing necessary to fulfil our contractual obligations, such as delivering services, invoicing, and project communication.
  • Legitimate interest (Article 6(1)(f)): Maintaining website security, improving our services, and communicating with existing business contacts about relevant updates.
  • Legal obligation (Article 6(1)(c)): Where we are required to retain data for tax, accounting, or regulatory purposes.

Data Retention

We retain personal data only as long as necessary:

  • Contact form submissions: Retained for up to 12 months after the inquiry is resolved, then deleted unless a service engagement follows.
  • Client engagement data: Retained for the duration of the engagement plus 3 years after termination, in accordance with commercial and tax retention requirements under German law.
  • Website analytics data: Anonymised analytics data is retained for up to 24 months for trend analysis, then aggregated or deleted.
  • Marketing communications: If you opt in to our communications, your data is retained until you unsubscribe. After unsubscribing, your data is deleted within 30 days.

Your Rights Under GDPR

As a data subject within the European Economic Area, you have the following rights:

  • Right of access (Article 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You can request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You can request deletion of your personal data, subject to legitimate retention requirements (e.g., legal obligations, ongoing contracts).
  • Right to data portability (Article 20): You can request your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21): You can object to processing based on legitimate interest or for direct marketing purposes.
  • Right to restrict processing (Article 18): You can request that we limit how we process your data in certain circumstances.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

Data Processing for Clients

When M3tech provides services to clients, we may process personal data on behalf of the client (acting as a data processor). In such cases:

  • A Data Processing Agreement (DPA) will be executed before any processing begins.
  • We process data only according to the client's documented instructions.
  • We implement appropriate technical and organisational measures to ensure data security.
  • We do not engage sub-processors without prior written authorisation from the client.

If you are an existing or prospective client and require a DPA, please contact us at [email protected].

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS) for all website communications
  • Access controls limiting data access to authorised personnel
  • Regular security reviews of our systems and processes
  • Secure disposal of data when retention periods expire

Cross-Border Data Transfers

M3tech operates within the European Economic Area (EEA). Personal data is stored and processed within the EEA. Where any data transfer outside the EAA is necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Protection Officer

For data protection inquiries, you can reach our Data Protection Officer at:

Email: [email protected]
Subject line: "Data Protection Inquiry"

Supervisory Authority

If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

Changes to This Page

We may update this GDPR information page from time to time. Material changes will be communicated through our website. We encourage you to review this page periodically.

Contact

For any questions about data protection at M3tech, please contact us:

M3tech
Email: [email protected]