Cookie settings: Change privacy settings | History of privacy settings | Revoke consents
secucard GmbH (hereinafter referred to as "secucard" or "we") takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations and in particular the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG") as well as this Privacy Policy.
When you visit this website, various personal data is collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
secucard GmbH
Goethestrasse 6
01896 Pulsnitz (Germany)
Phone: +49 800 73282273
E-mail: info@secucard.com
Represented by Managing Director: Hans-Peter Weber
As a controller within the meaning of data protection, we determine the purposes and means for the processing of personal data described here, alone or jointly with others.
If you have any questions and/or concerns about data protection, you can contact our data protection officer at the following addresses:
Frau Dominika Juszczyk
IBS data protection services and consulting GmbH
Zirkusweg 1
20359 Hamburg
Germany
Email: privacy@secucard.com
When you visit the website, your data will be collected by our IT systems automatically or with your consent. This is mainly technical data (e.g. Internet browser, operating system or time of page access).
The processing is carried out for the purpose of providing our websites on the basis of an overriding legitimate interest in accordance with Art. 6 para.1(f) GDPR. Our legitimate interests are the provision of technically necessary and expressly requested digital services, the guarantee of the security and trouble-free operation of our IT systems as well as the assertion, exercise and defence of legal claims.
When you visit our websites, we collect pseudonymised connection data that is required to display the desired websites (e.g. IP address, referring URL, target page, time stamp) and store this data in connection logs (server log files) on the web server.
You must provide this data, although there is no statutory or contractual obligation to do so. Visiting our websites is not possible, or only possible with restrictions, without providing this information.
If you send us enquiries by email or telephone, the information you provide will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. We do not pass on this data without your consent. The processing of this data is carried out on the basis of Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if this has been obtained; consent can be withdrawn at any time.
The data you provide will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
You are neither contractually nor legally obligated to provide data for contacting us. However, processing your enquiry is not possible without providing certain personal information (mandatory fields), so contacting us cannot take place without providing such details.
The processing is carried out for the purpose of guaranteeing the rights of the data subject on the basis of compliance with legal obligations pursuant to Art. 6 para. 1 (c) GDPR and for the purpose of safeguarding overriding legitimate interests pursuant to Art. 6 para. 1 (f) GDPR. Our legitimate interest is the assertion, exercise and defence of legal claims.
If you contact us to exercise your rights as a data subject, we collect all personal data that you provide to us as part of your request. Alternatively, we may also receive data from third parties if you have authorized someone to assert your rights on your behalf (e.g., representative, lawyer, guardian) or if you have previously contacted other bodies (e.g., Data Protection Officer).
We process this data to ensure your identity, to verify the applicability of the respective rights, to implement your rights and to communicate with you.
There is no statutory or contractual obligation for you to provide your data. However, without certain information that enables us to identify you or to implement your rights, it is not possible—or only possible to a limited extent—to process your request.
At secucard GmbH, only those individuals who are responsible for the processing (e.g., administrators, responsible employee) have access to personal data.
Certain activities are not performed by us directly but by commissioned service providers (including our affiliated companies) acting as processors pursuant to Art. 28 GDPR. These providers are carefully selected, contractually bound, and regularly monitored by us.
In certain individual cases, we pass on personal data to third parties (e.g. legal advisors, auditors, data protection officers, authorities, courts, our affiliated companies) to the extent that this is necessary for the processing and is legally permissible.
Transfers to recipients in third countries outside the EU/EEA or to international organisations only take place to the extent that this is necessary for the respective processing and is legally permissible. In these cases, the transfer is based on an EU adequacy decision or, in the absence of such a decision, on the basis of agreed standard contractual clauses or binding internal data protection rules. If the aforementioned guarantees are not in place, the transfer to third countries outside the EU/EEA is based on an exception pursuant to Art. 49 paragraph 1 GDPR (explicit consent, performance of a contract, assertion, exercise or defence of legal claims).
To ensure compliance with the principle of storage limitation pursuant to Art. 5 (1) lit. e GDPR, we store personal data in a form that permits the identification of data subjects only for as long as necessary for the respective lawful purposes.
We have defined the following retention periods:
Personal data that must be retained under commercial or tax law in accordance with § 147 (Abgabeordnung - German Tax Regulation "AO" and § 257 Handelsgesetzbuch - German Commercial Code - "HGB" will not be deleted before the expiry of 6 or 10 years. Further storage may occur for the establishment, exercise, or defense of legal claims, for example in the case of ongoing tax, audit, or administrative proceedings.
Personal data processed for the establishment, exercise, or defense of legal claims are generally deleted after 3 years (regular limitation period under § 195 Bürgerliches Gesetzbuch - German Civil Code - "BGB"). In certain cases (e.g., claims for damages), the limitation period is 10 or 30 years from the date the claim arises pursuant to § 199 BGB. The maximum retention period is 30 years from the date of the harmful event.
Right of Access
Under the provisions of Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to information in accordance with Art. 15 para. 1 GDPR, including a copy of your data in accordance with Art. 15 para. 3 GDPR, provided that the rights and freedoms of other persons are not impaired. This includes trade secrets, intellectual property rights or copyrights.
The right of access may be restricted or refused pursuant to § 34 BDSG. In such cases, we will inform you of the reasons for the refusal.
Right to rectification
Under the conditions of Art. 16 GDPR, you have the right to demand that we rectify incorrect personal data concerning you without undue delay and, depending on the purpose of the processing, that we complete incomplete data.
Where this is not impossible or does not involve disproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the rectification. In accordance with Art. 19 Sentence 2 GDPR, you have the right to be informed about these recipients.
Right to erasure
Under the provisions of Art. 17 GDPR, you have the right to demand that we delete personal data concerning you without undue delay. We are obliged to delete your data if one of the reasons according to Art. 17 para. 1 GDPR applies.
If we have made data about you public and there is an obligation to delete it, we will take appropriate measures in accordance with Art. 17 para. 2 GDPR to inform other controllers if you have requested the deletion of all links to this data or copies and replications.
Where this is not impossible or does not involve disproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the erasure. In accordance with Art. 19 Sentence 2 GDPR, you have the right to be informed about these recipients.
The right to erasure does not apply under Art. 17 (3) GDPR if the processing of your personal data is necessary for the reasons stated therein. This is particularly the case when data must continue to be stored due to legal retention obligations (Art. 17 (3) lit. b GDPR) or when your data are required for the establishment, exercise, or defense of legal claims (Art. 17 (3) lit. e GDPR).
The right to erasure also does not apply under § 35 (3) BDSG if the storage of your data is required due to statutory or contractual retention obligations. Additionally, the right to erasure may be restricted under § 35 (1) BDSG. In such cases, the processing of your data will be restricted in accordance with Art. 18 GDPR.
Right to restriction of processing
Under the conditions of Art. 18 GDPR, you have the right to request the restriction of processing if one of the conditions listed there applies.
If the processing of your data has been restricted, your data will continue to be stored in accordance with Art. 18 para. 2 GDPR but will only be processed in a different way if you consent to this or if this is done for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
You will be notified before the restriction is lifted. Where this is not impossible or does not involve disproportionate effort, we will notify all recipients to whom we have disclosed your personal data of the restriction. In accordance with Art. 19 Sentence 2 GDPR, you have the right to be informed about these recipients.
Right to data portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller without hindrance from us, provided that the processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and provided that the rights and freedoms of other persons are not adversely affected.
Right to object
Under the conditions of Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data if the processing is based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.
The right to object under Art. 21 (1) GDPR does not apply if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
Regardless of this, you have the right under Art. 21 (2) GDPR to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. In this case, we will no longer process your data for direct marketing purposes.
Withdrawal of consent
If the processing of your personal data is based on your consent pursuant to Art. 6 (1) lit. a GDPR, you have the right under Art. 7 (3) GDPR to withdraw your consent at any time with effect for the future.
Automated Decision-Making under Art. 22 GDPR
Pursuant to Article 22(1) of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects concerning you or similarly significantly affects you.
Right to Lodge a Complaint under Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. You may contact any supervisory authority, in particular in the Member State of your habitual residence, your workplace, or the place of the alleged infringement — including the supervisory authority responsible for us: Sächsische Datenschutz- und Transparenzbeauftragte, Devrientstraße 5, 01067 Dresden, https://www.datenschutz.sachsen.de/.
This Privacy Policy is effective from December, 2025 and replaces all previous versions.
English (UK) 
Deutsch