1. Data Controller

The data controller within the meaning of applicable data protection law is:

Refaktorize LLC

Wyoming, USA

privacy@refaktorize.com

Refaktorize is the controller only for website & communication data, not for customer data processed in projects.

2. Service Delivery & Data Handling (Hybrid Model)

Refaktorize operates a hybrid service model to ensure appropriate data handling:

Mode A: Non-EU / Non-PII Projects

For projects without EU personal data, Refaktorize may provide full-stack delivery including hosting and operation.

Mode B: EU / EU-PII Projects

For projects involving EU personal data, we operate exclusively in client environments. No hosting of EU PII by Refaktorize. We deliver architecture, code, pipelines — clients control their data. No local copies, no data exports to our systems.

3. Role Clarification

In the context of consulting and development projects, Refaktorize processes personal data exclusively as a processor under client instruction.
The respective client always remains the controller.

3. Type of Processing

A) Website & Contact

Purpose: Contact, initiation of business
Data: Name, email, if applicable message
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual)

B) Projects

The processing of personal data in the context of customer projects is carried out exclusively at the instruction of the customer and in the customer's systems unless expressly agreed otherwise.

4. Hosting & Tools

The website is hosted with a hosting provider with server locations within the EU.
There is no systematic transfer of personal data to third countries.

5. Third Country Transfer

A transfer of personal data to third countries does not take place, unless expressly agreed or legally required.

6. Data Processing Agreement (DPA)

A data processing agreement pursuant to Art. 28 GDPR will be concluded with customers if required.

7. Technical & Organizational Measures (TOMs)

Appropriate technical and organizational measures are taken, in particular:

  • Access restrictions according to the principle of least privilege
  • Encryption of data transmissions
  • Separation of customer projects
  • no local storage of production data without approval

8. AI / LLM Usage

There is no use of personal customer data for training AI models.
The use of AI-supported tools is carried out exclusively with anonymized or synthetic data or after express approval by the customer.

9. Data Subject Rights & Deletion

You have the right at any time to:

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection (Art. 21 GDPR)

Inquiries: privacy@refaktorize.com

Exercise Your GDPR Rights

Under GDPR (Art. 15 & 17), you have the right to access or delete your personal data. Submit your request below and we will process it within 30 days.

Your request will be processed within 30 days as required by GDPR. You will receive a confirmation email shortly.