Skip to main content
GDPR Compliant

Privacy Policy

We take your privacy seriously. This policy explains transparently what data we collect, why we process it, and what rights you have as a data subject under the GDPR.

📅 Last updated: 23 April 2025⚖ī¸ Applies to: nis2dir.euGDPR Article 13 & 14 compliant

1. Overview

This Privacy Policy applies to https://nis2dir.eu ("the Website"). It informs you, as required by Articles 13 and 14 of the General Data Protection Regulation (GDPR, EU 2016/679), about how we process your personal data.

We collect only the data necessary to operate the website and provide our content. We do not sell personal data to third parties.

2. Data Controller

The data controller responsible for processing personal data on this website is:

NameNIS2Dir.eu
Websitehttps://nis2dir.eu
Email[email protected]
Supervisory AuthorityCompetent national Data Protection Authority

3. Personal Data We Collect

3.1 Automatically Collected Data (Server Logs)

When you visit our website, the following data is automatically collected and stored in server log files:

  • IP address (anonymised within 24 hours)
  • Date and time of access
  • URL accessed and referring URL
  • Browser type and operating system
  • Data volume transferred and HTTP status code

This data is processed solely to ensure the secure operation of the website and for error diagnostics. It is not combined with other data sources.

3.2 Data You Provide

In Phase 1 of our website, there are no contact forms or sign-up features. We therefore collect no personal data that you actively provide. Future versions (Phase 2) will update this policy accordingly.

4. Cookies & Tracking Technologies

We use cookies and similar technologies. You can withdraw your consent at any time via the "Cookie Settings" link in the website footer.

CookiePurposeTypeDuration
nis2dir_cookie_consentStores your cookie consent preferenceEssential1 year
NEXT_LOCALEStores your language preference (EN/DE)Essential1 year
__gads, __gpiGoogle AdSense: personalised advertisingAdvertising13 months
IDE, DSIDGoogle DoubleClick: ad conversion trackingAdvertising13 months

5. Google AdSense (Advertising)

This website uses Google AdSense, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense allows us to display advertisements that may be relevant to you.

Google AdSense uses cookies, web beacons, and similar technologies to collect usage data and serve personalised ads. Google may combine this data with information from other Google services.

⚠ī¸ Consent required: AdSense cookies are only loaded if you click "Accept All" in our cookie banner. Non-personalised advertising may still appear if you decline tracking cookies.

Further information: Google's Privacy Policy ¡ Manage ad settings

6. Legal Bases for Processing

Art. 6(1)(b) GDPRPerformance of a contract / provision of the website service
Art. 6(1)(c) GDPRCompliance with legal obligations
Art. 6(1)(f) GDPRLegitimate interests: secure operation, error diagnosis, abuse prevention
Art. 6(1)(a) GDPRConsent: advertising cookies (Google AdSense), withdrawable at any time

7. Data Retention

We retain personal data only as long as necessary for the respective purpose:

  • Server log files: 7 days, then automatically deleted (IP anonymised within 24 hours)
  • Cookie consent records (localStorage): until withdrawn or browser storage is cleared
  • Google AdSense cookies: per Google policy (up to 13 months)

8. International Data Transfers

Data processed via Google AdSense may be transferred to countries outside the European Economic Area (EEA), including the United States. Google LLC is certified under the EU-US Data Privacy Framework (DPF), which was granted adequacy status by the European Commission (Decision 2023/1795).

For all other data processing activities, no transfers to third countries take place.

9. Your Rights as a Data Subject

Under the GDPR, you have the following rights, which you can exercise against us at any time:

Right of access (Art. 15)

You can request information about the personal data we process about you.

Right to rectification (Art. 16)

You can request correction of inaccurate or incomplete data.

Right to erasure (Art. 17)

You can request deletion of your data unless legal retention obligations apply.

Right to restriction (Art. 18)

You can request restriction of processing of your data.

Data portability (Art. 20)

You have the right to receive your data in a structured, machine-readable format.

Right to object (Art. 21)

You can object to processing based on legitimate interests at any time.

Right to withdraw consent (Art. 7(3))

Any consent given can be withdrawn at any time with effect for the future.

Right to lodge a complaint (Art. 77)

You have the right to lodge a complaint with the competent supervisory authority.

To exercise your rights, please contact us by email: [email protected]. We will respond to your request within 30 days.

10. Children

Our website is exclusively aimed at businesses and professionals (B2B). It is not directed at children under the age of 16. We do not knowingly collect personal data from persons under the age of 16.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices or legal requirements. The current version is always available at https://nis2dir.eu/en/privacy. The date of the last update is shown at the top of this page.

12. Contact & Privacy Requests

For privacy-related requests, please contact:

📧 [email protected]

We respond to all privacy requests within 30 days (Art. 12(3) GDPR).

For complaints, you may also contact your national data protection supervisory authority. Find your authority

Last updated: 23 April 2025 ¡ NIS2Dir.eu ¡ This policy was prepared to the best of our knowledge but does not constitute legal advice.