Privacy Policy

1. Controller

OpenDucks IT
Barrantes Quispe & Böhnke-Avan GbR
Friedrichstraße 232
10969 Berlin
Germany

Email: info@openducks.org

2. What Data We Process

• Technical access data such as IP address, browser type, operating system, referrer URL, requested pages and time of access.
• Contact data and message contents if you email us or use a contact form.
• Support, abuse or security report contents, including logs, headers, IP addresses and timestamps if you provide them.
• Contract, invoice and service data where a customer relationship exists.
• Cookie or consent data where technically required or explicitly accepted.

3. Purposes

• Providing, securing and improving the website.
• Responding to inquiries, support requests and abuse reports.
• Preparing offers, contracts and managed-service deployments.
• Operating services, preventing misuse and protecting infrastructure.
• Meeting legal obligations and enforcing or defending claims.

4. Legal Basis

• Art. 6(1)(a) GDPR: consent, where we ask for it.
• Art. 6(1)(b) GDPR: contract preparation and performance.
• Art. 6(1)(c) GDPR: legal obligations.
• Art. 6(1)(f) GDPR: legitimate interests, including website security, abuse prevention and communication.

5. Forms, Email and Abuse Reports

When you contact us, we process the information you provide so we can respond. Abuse reports may contain technical evidence and may be shared with affected parties, infrastructure providers or authorities if this is necessary to investigate or stop misuse.

Please avoid sending unnecessary sensitive personal data. If sensitive information is required for a specific case, send only what is relevant.

6. Hosting, Logs and Security

Server logs are processed to provide the website, troubleshoot problems and detect attacks or misuse. Log retention depends on operational needs and legal requirements. We aim to keep retention proportionate and limited.

Security measures may include access controls, encryption where appropriate, backups, monitoring, firewall rules and abuse handling workflows.

7. Recipients and Processors

We do not sell personal data. Data may be processed by hosting providers, form providers, payment providers, email providers or other technical processors where needed to provide our services. Service-specific processors and documents may be listed in the Legal Center.

8. International Transfers

We prefer EU-based infrastructure and providers where practical. If personal data is transferred outside the EU/EEA, we use appropriate safeguards where required by GDPR.

9. Retention

We retain personal data only as long as necessary for the respective purpose, contractual relationship, operational security or legal retention obligation. Contact and support messages are retained as long as needed to handle the request and document the outcome.

10. Your Rights

Under GDPR, you may have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact info@openducks.org.

11. Cookies

We may use technically necessary cookies or local browser storage where required for website or service functionality. Optional analytics or advertising tools, where used, should only run where legally permitted and configured with the appropriate consent or legal basis.

12. Updates

We may update this privacy policy when services, providers or legal requirements change. The latest version is always published here.