Legal & Compliance

GDPR Compliance

SGAMS processes personal data in accordance with Regulation (EU) 2016/679 (GDPR). This page describes our data processing framework.

Last reviewed: January 2026

Data Controller

SGAMS (sgams.de) is the data controller for personal data processed in connection with this website and our engineering engagements. We are registered and operating under German law within the European Union.

For data protection enquiries: [email protected] | Phone: +49 30 2096 4180
Unter den Linden 21, 10117 Berlin, Germany

What Personal Data We Process

We process the following categories of personal data:

  • Contact information provided through the enquiry form (name, email address, organisation name)
  • Technical message content submitted through the enquiry form
  • Website usage data collected through analytics (anonymised IP addresses, page visits, session duration)
  • Client contact information shared during engagement scoping and delivery

We do not process special categories of personal data as defined in GDPR Article 9.

We process personal data on the following legal bases:

  • Enquiry form submissions: Article 6(1)(b) — processing necessary for the performance of a contract or pre-contractual steps at the request of the data subject
  • Website analytics: Article 6(1)(a) — consent, obtained through the cookie consent mechanism
  • Client engagement data: Article 6(1)(b) — processing necessary for the performance of a contract
  • Legal obligations: Article 6(1)(c) — processing necessary for compliance with legal obligations

Retention Periods

Enquiry form data is retained for 24 months from the date of submission, or for the duration of the resulting engagement relationship, whichever is longer. Website analytics data is retained in anonymised form for 26 months. Client engagement data is retained for the period required by applicable commercial and tax law (typically 10 years under German HGB requirements).

International Data Transfers

We do not transfer personal data outside the European Economic Area. Our infrastructure is hosted within the EEA. Where we use sub-processors, we confirm their EEA location before engagement.

Your Rights

Under GDPR, you have the right to: access personal data we hold about you (Article 15); rectification of inaccurate data (Article 16); erasure in defined circumstances (Article 17); restriction of processing in defined circumstances (Article 18); data portability for data provided by you (Article 20); object to processing based on legitimate interests (Article 21).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Supervisory Authority

You have the right to lodge a complaint with the competent supervisory authority. In Germany, the competent authority is the relevant state data protection authority (Landesdatenschutzbehörde) for your federal state, or the Federal Commissioner for Data Protection and Freedom of Information (BfDI).