Privacy Policy of CTI CONSULTING GmbH

1. Overview of Data Protection

1.1 The following information explains what happens to your personal data when you visit our website and use the AI-supported chat. Personal data means any information relating to an identified or identifiable individual.
1.2 Data processing on this website is carried out by the website operator. Further details are provided in Section 2.
1.3 When you visit our website, certain technical data is collected automatically. Additional data is processed only if you provide it to us, for example through the contact form, via e-mail, or in the chat.

2. Controller

2.1 The controller responsible for the processing of personal data on this website is:

CTI CONSULTING GmbH
Wilhelmsstraße 2A
34117 Kassel
Germany

2.2 Contact:
E-mail: datenschutz@cti-consulting.de
Telephone: as listed in the imprint (Impressum)

2.3 The controller is the natural or legal person that determines the purposes and means of the processing of personal data.

3. Purposes, Legal Bases and Storage Periods

3.1 Hosting and Server Log Files

Our website is hosted by Raidboxes GmbH, Hafenweg 16, 48153 Münster, Germany. A data processing agreement (Art. 28 GDPR) is in place.

The following data is processed:
– browser type and version,
– operating system used,
– referrer URL,
– hostname of the accessing device,
– anonymised IP address,
– time of server request,
– amount of data transferred,
– access status (e.g. successful, error).

Purpose: stability, security and technical provision of the website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation).
Storage period: log files are deleted automatically after 14 days.

3.2 Cookies and Device Storage

We use only technically necessary storage technologies (e.g. session cookies) required for the proper functioning of the website and the chat.

Legal basis for device storage: § 25(2) No. 2 TDDDG (German Telecommunications and Telemedia Data Protection Act).
Legal basis for subsequent processing: Art. 6(1)(f) GDPR (legitimate interest in secure and technically correct provision of the website).

You may configure your browser to notify you when cookies are set, to allow cookies only in individual cases, or to delete cookies upon closing the browser. Disabling cookies may limit website functionality.

3.3 Contact Form and E-Mail

If you contact us via the contact form or by e-mail, we process the data you provide:

– name,
– company (if applicable),
– e-mail address,
– optionally telephone number,
– subject and message content,
– date and time of the request.

Purpose: processing your request and communicating with you.
Legal basis:
– Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering a contract), or
– Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Storage period: until the purpose is fulfilled; usually deleted 6 months after completion of the request, unless statutory retention obligations apply.

3.4 Web Analytics with Matomo

We use Matomo for web analytics. Matomo is operated on our own servers or in controlled hosting environments. No data is transmitted to third parties for their own purposes.

Processed data includes:
– anonymised IP address,
– date and time of access,
– visited pages and downloads,
– referring website,
– browser and operating system,
– time spent on pages and frequency of visits.

Purpose: audience measurement, performance evaluation, website optimisation.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analysing and improving the website).
Storage period: analytics data is stored for 12 months.

3.5 AI-Supported Chat

The AI-supported chat on our website helps you with questions regarding our services (Enterprise Architecture, SAP/EAM/BPM consulting, process management, Signavio/LeanIX enablement, digitalisation, transformation), our procedures and our company. Responses are generated automatically by AI; errors, inaccuracies or misunderstandings may occur.

Processed data:
– chat messages and content you enter,
– timestamps of interactions,
– technical metadata (e.g. session ID, browser data),
– optional contact details you provide (e.g. name, e-mail, phone).

Purpose:
– responding to your enquiries and communicating with you,
– providing, improving and securing the chat,
– quality assurance,
– preventing misuse or security incidents,
– documentation and traceability (e.g. in case of complaints).

Legal bases:
– Art. 6(1)(b) GDPR, where the enquiry relates to a contractual relationship or its initiation,
– Art. 6(1)(f) GDPR (legitimate interest in effective communication, support and system security),
– Art. 6(1)(a) GDPR for optional purposes such as marketing contact, which requires explicit consent.

For session management, technically necessary device storage (e.g. session cookies) is used.
Legal basis: § 25(2) No. 2 TDDDG.

Processors: technical service providers supporting the chat infrastructure.
Third-country transfers: may occur based on appropriate safeguards (e.g. EU Standard Contractual Clauses). Details available upon request.

Storage period: chat logs are stored for up to 180 days and then deleted or anonymised. Longer storage is possible if required for security investigations or for the establishment, exercise or defence of legal claims.
Use of chat content for model training occurs only with explicit consent.

4. Your Rights

You have the following rights regarding your personal data:

4.1 Right of access (Art. 15 GDPR)
4.2 Right to rectification (Art. 16 GDPR)
4.3 Right to erasure (Art. 17 GDPR)
4.4 Right to restriction of processing (Art. 18 GDPR)
4.5 Right to data portability (Art. 20 GDPR)
4.6 Right to object (Art. 21 GDPR)
4.7 Right to withdraw consent at any time with future effect (Art. 7(3) GDPR)
4.8 Right to lodge a complaint with a supervisory authority

You may exercise your rights by contacting: datenschutz@cti-consulting.de

5. Supervisory Authority

The competent supervisory authority is:

Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Telephone: +49 (0) 611 1408-0
E-mail: poststelle@datenschutz.hessen.de
Website: datenschutz.hessen.de

6. Recipients and Processors

6.1 We use carefully selected service providers for hosting, operation, maintenance, analytics and the chat. All processors are bound by data processing agreements pursuant to Art. 28 GDPR.
6.2 If personal data is transferred to countries outside the EU/EEA, this is done on the basis of appropriate safeguards (such as EU Standard Contractual Clauses). Details are available upon request.

7. Security of Processing

7.1 This website uses SSL/TLS encryption. You can identify an encrypted connection by the padlock icon in your browser and the “https://” prefix in the address bar.
7.2 When SSL/TLS encryption is enabled, data transmitted to us cannot easily be read by third parties.
7.3 We implement appropriate technical and organisational measures to protect your data against loss, destruction, unauthorised access, alteration or disclosure (Art. 32 GDPR).

8. Automated Decision-Making and Profiling

8.1 We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

9. Right to Object (Art. 21 GDPR)

9.1 Where we process data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time on grounds relating to your particular situation.
9.2 In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing serves the establishment, exercise or defence of legal claims.
9.3 Please address objections to: datenschutz@cti-consulting.de

10. Notes on the Chat and Contact

10.1 Chat responses are non-binding and do not constitute legal, tax, financial, organisational or technical advice.
10.2 Any subsequent contact for informational or marketing purposes will only occur with your explicit consent.
10.3 Further details can be found in the website’s Terms of Use, accessible via the footer.

11. Updates and Amendments

11.1 This Privacy Policy is currently valid and dated November 2025.
11.2 Future changes to the website, the chat or legal requirements may make it necessary to amend this Privacy Policy.
11.3 The most recent version can always be viewed and printed on our website.