Privacy Policy

1. Privacy at a Glance

This privacy policy informs you about which personal data is processed when visiting this website. The website serves exclusively to provide information about the existence of sesoria Capital GmbH. There are:

• No registration or logins
• No newsletters or forms
• No cookies or tracking tools
• No social media plugins
• No interaction possibilities except email

When visiting the website, technically necessary server log files are created that contain information such as your IP address. Contact is only possible via email. If you send us an email, your data will be used exclusively to process your request and subsequently deleted, unless there are legal retention obligations.

2. Controller for Data Processing

sesoria Capital GmbH
Regensburger Str. 336
90480 Nuremberg

Phone: +49 911 - 88995357
Email: info@sesoria.com

3. Collection and Storage of Personal Data

3.1 Website Visit

When accessing this website, your browser automatically transmits the following information, which is stored in server log files:

• IP address of the requesting device
• Date and time of access
• Name and URL of the retrieved file
• Website from which access occurs (referrer URL)
• Browser type and operating system

This data serves the purpose of ensuring the stability and security of the website. The legal basis is Art. 6 Para. 1 lit. f GDPR (legitimate interest). The storage is carried out by our hosting service provider Netlify for 30 days. No further storage or use takes place.

3.2 Email Communication

When you contact us by email, we store your email address and all other information you provide to process your request.

• Legal basis: Art. 6 Para. 1 lit. b GDPR (contract initiation/fulfillment) or Art. 6 Para. 1 lit. f GDPR (legitimate interest in processing your request).
• Storage: Your data will be deleted once your request has been fully processed, unless legal retention obligations (e.g., according to § 257 HGB) require longer storage.
• Security: Please note that unencrypted emails are not completely protected from access by third parties.

4. Hosting & Security

4.1 Hosting

This website is hosted at Netlify Inc., 2325 3rd Street, Suite 215, San Francisco, CA 94107, USA. Netlify processes technical user data (e.g., IP addresses, website accesses) also in the USA. The processing is based on our legitimate interest in a secure and efficient provision of our website pursuant to Art. 6 Para. 1 lit. f GDPR.

Netlify participates in the EU-US Data Privacy Framework, which ensures the secure transfer of personal data from the EU to the USA. Additionally, Netlify ensures through the use of standard contractual clauses approved by the EU Commission (Art. 46 Para. 2 and 3 GDPR) that your data is processed in accordance with EU data protection standards.

Netlify also offers a data processing agreement pursuant to Art. 28 GDPR, which forms the data protection legal basis of our business relationship with Netlify. You can find more detailed information in the:

• Netlify's Privacy Policy
• Data Processing Agreement with Netlify
• Information on the EU-US Data Privacy Framework

4.2 Email Communication

Our email communication takes place via Amazon WorkMail, a service of Amazon Web Services Inc. ("AWS"), operated in the EU-West-1 (Ireland) region. By selecting this region, our email data (e.g., email addresses, content data) is primarily stored and processed within the European Union.

The processing of email data is based on a data processing agreement pursuant to Art. 28 GDPR as well as our legitimate interest in reliable, efficient, and secure email communication pursuant to Art. 6 Para. 1 lit. f GDPR.

While the primary processing occurs in the EU, AWS as a US-based company may still have access to data for limited purposes like technical support. For such cases, AWS ensures compliance with European data protection standards through the use of standard contractual clauses approved by the EU Commission pursuant to Art. 46 Para. 2 lit. c GDPR and through additional technical and organizational measures. Further information can be found at:

• AWS Privacy Policy
• AWS GDPR Compliance

4.3 SSL Encryption

This website uses SSL encryption for security reasons, recognizable by the "https://" and the lock symbol in your browser bar.

5. Rights of Data Subjects

You have the following rights according to GDPR. To exercise these rights, you can contact us at any time at the following email address: info@sesoria.com. We reserve the right to verify your identity.

• Information (Art. 15 GDPR): You can request confirmation of whether personal data is being processed.
• Rectification (Art. 16 GDPR): If your data is incorrect, you can request a correction.
• Erasure (Art. 17 GDPR): You can request the deletion of your data, unless there are legal retention obligations.
• Restriction of processing (Art. 18 GDPR): You can have the processing of your data restricted.
• Data portability (Art. 20 GDPR): You can request that we provide your data in a structured format.
• Objection (Art. 21 GDPR): You can object to the processing of your data.

If you believe that your data has been processed unlawfully, you can lodge a complaint with the responsible data protection supervisory authority:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

6. Additional Information

We do not use automated decision-making or profiling. This privacy policy is currently valid and was last updated in March 2025.