Skip to content
Herfindahl Herfindahl
Menu

Privacy Policy

Last updated: 31 Aug 2025

This Privacy Policy explains how Herfindahl ("Herfindahl", "we", "us") collects and processes personal data when you visit our website or contact us. We operate in Europe and process personal data in accordance with the EU General Data Protection Regulation (GDPR).

Data Controller

Herfindahl is the controller for personal data collected via this site. If you have questions or requests about this Policy or your personal data, contact us at [email protected].

What We Collect

  • Contact data: name, email address, company, and the content of your message when you email us.
  • Technical data: IP address, browser type, device information, and basic server logs for security and reliability.
  • Cookies: our site uses only essential cookies required to serve pages; we do not run advertising or behavioral analytics. Loading web fonts may connect to third-party CDNs (e.g., Google Fonts) which receive your IP address to deliver the font files.

Purposes and Legal Bases

  • Provide and secure the website (Art. 6(1)(f) GDPR — legitimate interests).
  • Respond to inquiries when you contact us (Art. 6(1)(b) GDPR — pre-contractual steps, or Art. 6(1)(f) GDPR — legitimate interests).
  • Legal compliance and to exercise or defend legal claims (Art. 6(1)(c)/(f) GDPR).

Sharing and Processors

We may share personal data with service providers that help us operate our website and communications (e.g., hosting, email). These providers act as processors under contractual obligations and only process personal data on our instructions.

International Transfers

Where personal data is transferred outside the EEA/UK (for example, to cloud or CDN providers), we rely on appropriate safeguards such as the EU Standard Contractual Clauses and comparable UK mechanisms, where required.

Retention

We keep personal data only as long as necessary for the purposes above. Typical periods include: inquiry correspondence for up to 24 months and basic server logs for up to 30 days, unless a longer period is required by law or necessary to establish, exercise, or defend legal claims.

Your Rights

Under the GDPR you may have the right to access, rectify, erase, or restrict processing of your personal data, the right to data portability, and the right to object to processing. You also have the right to lodge a complaint with your local supervisory authority. To exercise your rights, contact [email protected].

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction.

Changes

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date.