elve solutions

Privacy Policy

Last updated: 25.01.2026

This Privacy Policy explains how elve solutions (“we”, “us”, or “our”) collects, uses, discloses and protects personal data when you visit our website https://elve-solutions.com/(the “Website”) and when you contact us.

We are established in Germany and our Website is hosted in Germany. However, our services are directed primarily at users located in the United States. This Privacy Policy is intended to meet the transparency requirements of the EU General Data Protection Regulation (“GDPR”) to the extent applicable, as well as major US privacy laws (including, where applicable, the California Consumer Privacy Act as amended by the CPRA, “CCPA/CPRA”).

This Privacy Policy is not a contract and does not create any legal rights or obligations beyond those already provided by applicable law.

1. Controller and Contact Details

The data controller responsible for processing personal data in connection with this Website is:

elve solutions
Ben Kiemel
Adress
Germany

Email: ben@elve-solutions.com

We have not appointed a Data Protection Officer (DPO) because we are not legally required to do so.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our Website;
  • Individuals who contact us using the contact form or by email; and
  • Prospective customers and business partners who use our Website to learn about and request our services.

It does not apply to processing of personal data in the context of delivering our services under a separate contract (e.g. when you become a client); such processing may be subject to additional or separate privacy notices or contractual terms.

3. Categories of Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

  1. Basic contact and identification data
  • Name
  • Business / company name
  • Email address
  1. Communication data
  • Content of messages you send via the contact form or by email
  • Date and time of communication
  • Our responses to you
  1. Technical and usage data (server logs and analytics)
  • IP address (in server logs, and transiently for analytics)
  • Date and time of access
  • Accessed URLs and files
  • Referrer URL (if provided by your browser)
  • Browser type and version, operating system, device information
  • Approximate location (country) based on IP address For analytics we use the WordPress plugin “Burst Statistics – Privacy-Friendly Analytics for WordPress” (“Burst”). According to Burst’s documentation, it does not store IP addresses or user agent strings in its database, and no analytics data is sent to third parties; all analytics data remains on our own WordPress installation.
  1. Administrative and accounting data
  • For those who become customers: identification and contact details necessary for invoicing and accounting (e.g. name, company name, address, tax-related information), and records of services provided.

We do not knowingly process special categories of personal data (such as health data, religious beliefs, etc.) via this Website.

4. How We Collect Personal Data

We collect personal data in the following ways:

  • Directly from you when you:
  • Submit the contact form;
  • Communicate with us by email or other channels.
  • Automatically when you:
  • Access and use our Website, in which case server logs and analytics data are generated automatically by our hosting infrastructure and analytics tools.

We do not obtain personal data about you from third-party data brokers.

5. Purposes and Legal Bases of Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases for processing your personal data:

5.1 Website provision and server logs

Purpose:
To provide the Website, ensure its stability and security, prevent misuse, and enable basic troubleshooting and performance monitoring.

Data processed:

  • Technical and usage data (as described above) stored in server log files and system logs.

Legal basis:

  • Our legitimate interests (Art. 6(1)(f) GDPR) in providing a secure and reliable Website, detecting and preventing fraud and misuse, and ensuring IT security.

Retention:
Server logs are generally stored for up to 30 days and then deleted or anonymized, unless longer storage is required in specific cases (e.g. to investigate a security incident).

5.2 Contact form and email communication

Purpose:
To respond to your inquiries, provide information about our services, and initiate or perform a contract.

Data processed:

  • Name
  • Business / company name
  • Email address
  • Content of your message and any other information you choose to provide.

The contact form data is forwarded directly to us by email and is not stored as separate entries in WordPress beyond what is technically necessary for email delivery.

Legal basis:

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), where your request relates to entering into or performing a contract with us; and
  • Our legitimate interests (Art. 6(1)(f) GDPR) in responding to general inquiries and maintaining business relationships.

Retention:
We generally retain inquiries and related correspondence for at least 1 year after the last interaction, and longer where necessary to establish, exercise or defend legal claims (e.g. up to applicable statutory limitation periods), or to comply with statutory retention obligations.

5.3 Analytics (Burst Statistics)

Purpose:
To analyze how our Website is used (e.g. visitor numbers, popular pages, time spent on pages) in order to improve our content, user experience and technical performance, while respecting user privacy.

Data processed:

  • Anonymized or pseudonymized usage data recorded by Burst, such as page views, sessions, approximate location (country), and referrers.
  • According to Burst’s documentation, IP addresses and full user agent strings are processed transiently to derive analytics information but are not stored in Burst’s database, and analytics data is not sent to third parties; all analytics data remains on our server.

Where we use Burst in a cookieless configuration, it tracks visits without storing information in your browser.

Legal basis:

  • Our legitimate interests (Art. 6(1)(f) GDPR) in obtaining privacy-friendly statistics about the use of our Website in order to improve and manage our online presence, provided that your interests or fundamental rights and freedoms do not override these interests.

Retention:
Analytics data is stored for the period necessary for statistical evaluation and improvement of the Website. We periodically review whether older analytics data is still needed and delete or anonymize it when it is no longer required.

5.4 Accounting, invoicing and compliance

Purpose:
To manage our customer relationships, issue invoices, maintain accounting records, and comply with tax and other legal obligations.

Data processed:

  • Basic contact and identification data of customers and business partners;
  • Contract-related and invoicing information.

Legal basis:

  • Performance of a contract (Art. 6(1)(b) GDPR); and
  • Legal obligations (Art. 6(1)(c) GDPR), especially under commercial and tax law; and
  • Legitimate interests (Art. 6(1)(f) GDPR) in efficient administration of our business and defense of legal claims.

Retention:
Data relevant for accounting and taxation is generally retained for the statutory retention periods (often 6–10 years under German law).

6. No Comments, User Accounts, or Marketing Newsletters

  • Our Website does not allow the creation of user accounts or profiles for visitors.
  • We do not operate a newsletter or direct marketing subscription via this Website at this time.
  • We do not use third-party tracking pixels (e.g. Facebook Pixel, LinkedIn Insight Tag) or advertising networks (e.g. Google Ads) on this Website.
  • We do not use remarketing or retargeting tools.

7. Cookies and Similar Technologies

Our Website is built with a standard WordPress installation and a standard theme. We do not intentionally deploy cookies or similar tracking technologies for advertising or cross-site profiling.

Where Burst Statistics is configured to use cookieless tracking, it can operate without storing cookies or equivalent identifiers in your browser.

If, at any time, we introduce additional cookies or change our use of cookies (for example, to support new features or services), we will update this Privacy Policy and, where legally required, implement an appropriate consent mechanism.

8. Recipients and Categories of Recipients

We only share personal data where necessary for the purposes described above, or where we are legally obliged to do so. Categories of recipients include:

  1. Hosting provider
  • Our Website is hosted by Powernetz, with servers located in Germany. In this context, Powernetz acts as our data processor and may have access to technical and usage data (e.g. server logs) in order to provide hosting and related services.
  1. IT service providers
  • Service providers and consultants who support us in maintaining and operating our IT infrastructure and the Website (e.g. backup and security services) may occasionally have access to data to the extent necessary to perform their tasks, under appropriate confidentiality and data processing agreements.
  1. Email and communication providers
  • Providers who handle our email traffic and related services.
  1. Accounting, tax, and legal advisors
  • Our tax advisors, accountants, or legal counsel may receive customer-related data and invoice information where required for accounting, taxation, and legal advice.
  1. Other recipients where legally required
  • Public authorities, courts, and law enforcement agencies, where this is necessary to comply with legal obligations or to establish, exercise or defend legal claims.

We do not sell or rent personal information to third parties.

9. International Data Transfers

Our Website is hosted in Germany and Burst Statistics stores analytics data on our own WordPress installation.

However, some of our service providers or partners (e.g. email or project management tools, accounting or CRM systems) may be located outside the European Economic Area (EEA), including in the United States.

Where we transfer personal data to such recipients, we take appropriate safeguards as required by applicable law, such as:

  • Relying on adequacy decisions of the European Commission (where available); and/or
  • Entering into contracts based on the European Commission’s Standard Contractual Clauses (SCCs) or equivalent measures.

You may contact us for more information on the specific safeguards in place.

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for the establishment, exercise or defense of legal claims.

In particular:

  • Server logs: typically up to 30 days, unless longer storage is necessary in an individual case (e.g. for the investigation of security incidents).
  • Contact and communication data: at least 1 year after completion of the request or the end of our communication, longer where necessary for legal purposes.
  • Accounting and tax-related data: retained for the statutory retention periods (often 6–10 years).
  • Analytics data (Burst): retained for statistical analysis for a reasonable period consistent with our legitimate interests; older data is deleted or anonymized when no longer needed.

When we no longer need personal data for the purposes described, we will delete or anonymize it, unless we are legally required to retain it.

11. Your Rights Under the GDPR (EU / EEA Residents)

To the extent the GDPR applies to our processing of your personal data, you have the following rights (subject to the conditions and exceptions established by law):

  1. Right of access
    You have the right to obtain confirmation as to whether we process personal data about you, and to request access to that personal data and certain related information.
  2. Right to rectification
    You have the right to request the correction of inaccurate personal data about you and to have incomplete data completed.
  3. Right to erasure (“right to be forgotten”)
    You have the right to request the deletion of personal data about you, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent (if consent was the legal basis).
  4. Right to restriction of processing
    You may request that we restrict processing of your personal data under certain conditions (e.g. while we verify the accuracy of data or assess an objection).
  5. Right to data portability
    In certain cases, you have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.
  6. Right to object
    You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on our legitimate interests (Art. 6(1)(f) GDPR). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
  7. Right to withdraw consent
    Where we rely on your consent for processing, you have the right to withdraw that consent at any time with future effect. This will not affect the lawfulness of processing prior to withdrawal.
  8. Right to lodge a complaint
    You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

You can exercise your rights by contacting us at: ben@elve-solutions.com.
We will respond to your request as soon as reasonably possible and in accordance with applicable law, and in any case without undue delay.

12. Additional Information for US Residents (Including California)

Even though we are established in the EU, our services are directed primarily at individuals in the United States. Depending on your state of residence, you may have specific rights under state privacy laws (for example, under the CCPA/CPRA for California residents), such as:

  • The right to know what categories of personal information we collect, the purposes for which we use it, and the categories of recipients;
  • The right to access specific pieces of personal information we have collected about you;
  • The right to request deletion of your personal information, subject to certain exceptions (e.g. where retention is required by law);
  • The right to correct inaccurate personal information;
  • The right, in some cases, to opt out of certain uses or disclosures of personal information, such as the “sale” or “sharing” of personal information for cross-context behavioral advertising.

Sales and sharing of personal information:
We do not sell personal information as that term is generally understood, and we do not knowingly “share” personal information for cross-context behavioral advertising as defined in the CCPA/CPRA.

To exercise your rights under applicable US state laws, or to request more information, you may contact us at ben@elve-solutions.com.
We may need to verify your identity before acting on certain requests, in order to protect your information.

You may also be able to designate an authorized agent to act on your behalf, subject to applicable legal requirements.

13. Security

We use appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

These measures include, among others:

  • Hosting the Website with a reputable provider (Powernetz) in Germany;
  • Using TLS/HTTPS encryption to secure data transmission between your browser and our server;
  • Restricting access to personal data to those persons who need it for the purposes described and who are bound by appropriate confidentiality obligations; and
  • Regular updates and maintenance of our WordPress installation and server environment, as far as reasonably possible.

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. However, we continuously strive to implement industry-standard measures to protect your data.

14. Children’s Privacy

Our Website and services are primarily directed at adults. We do not knowingly collect personal data from children under the age of 16 without appropriate parental consent, and we do not target our services specifically at minors.

If you believe that a child has provided us with personal data without appropriate consent, please contact us and we will take steps to delete such data as required by applicable law.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities, in the Website’s functionality, or in applicable legal requirements.

When we make material changes, we will indicate this by updating the “Last updated” date at the top of this document and, where appropriate, provide additional notice (e.g. by posting a prominent notice on the Website).

We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.

16. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our processing of your personal data, or if you wish to exercise your data protection rights, you can contact us at:

elve solutions
Ben Kiemel
Adress
Germany

Email: ben@elve-solutions.com