Privacy Policy
As of: March 2026 | Pursuant to GDPR, BDSG, and TMG
Contents
- Joint Controllers (Art. 26 GDPR)
- Key Elements of the Agreement under Art. 26 GDPR
- Data Protection Officer
- Collection and Processing of Personal Data
- Purposes of Processing
- Legal Bases
- Cookies
- Contact Form
- Disclosure to Third Parties
- Retention Period
- Your Rights
- Data Security
- Changes to this Privacy Policy
1. Joint Controllers (Art. 26 GDPR)
Trust Agents is a joint product of Comma Soft AG and deep-IN GmbH. Both companies jointly determine the purposes and means of processing personal data in connection with this website and are therefore joint controllers pursuant to Art. 26 GDPR.
Comma Soft AG
Pützchens Chaussee 202–204a, 53229 Bonn
Phone: +49 228 9770-0
Email: info@comma-soft.com
Represented by: Benjamin Schulte (Board of Directors)
deep-IN GmbH
Thomas-Mann-Str. 36, 53111 Bonn
Phone: 0162 28 88 848
Email: jean.dickie@deep-in.ai
Represented by: Jean-Christine Dickie (Managing Director)
Central Point of Contact for Data Subjects
Irrespective of the internal allocation of responsibilities, you may exercise your data protection rights against either of the two controllers. The following has been agreed as the central point of contact for all data protection-related enquiries:
Comma Soft AG – Data Protection Officer
Frank Becher
Pützchens Chaussee 202–204a, 53229 Bonn
Email: Datenschutz@comma-soft.com
Phone: +49 228 9770-225
2. Key Elements of the Agreement under Art. 26 GDPR
Comma Soft AG and deep-IN GmbH have entered into an agreement pursuant to Art. 26 para. 1 GDPR regarding their respective responsibilities in the processing of personal data. The key elements of this agreement are summarised as follows:
Responsibilities of Comma Soft AG
- Technical operation and hosting of this website
- Processing of server log files and technical access data
- Receipt and handling of incoming contact enquiries (technical side)
- Fulfilment of information obligations under Art. 13 / 14 GDPR for this website
- Provision and operation of the central point of contact for data subject rights
Responsibilities of deep-IN GmbH
- Editorial design of the website content
- Strategic and ethical consulting services initiated through enquiries
- Processing of personal data in the context of jointly conducted client projects
Joint Responsibility
- Processing of prospective enquiries submitted via the contact form, insofar as these are forwarded to both partners
- Communication with prospective and existing customers of the joint product Trust Agents
The complete agreement pursuant to Art. 26 GDPR can be requested from the Data Protection Officer of Comma Soft AG (Datenschutz@comma-soft.com).
3. Data Protection Officer
Data Protection Officer of Comma Soft AG
Frank Becher
Comma Soft AG, Pützchens Chaussee 202–204a, 53229 Bonn
Phone: +49 228 9770-225
Email: Datenschutz@comma-soft.com
Data Protection Contact of deep-IN GmbH
Jean-Christine Dickie
Am Stadtpark 10, 40699 Erkrath
Email: jean.dickie@deep-in.ai
4. Collection and Processing of Personal Data
When you visit our website, the following data is automatically collected and stored in server log files:
- IP address (anonymised)
- Date and time of access
- URL accessed
- Browser type and version
- Operating system
- Referrer URL (previously visited page)
This data is used exclusively to ensure the technical operation of the website and is deleted after a maximum of 7 days.
Beyond this, we collect personal data only when you voluntarily provide it to us – for example via our contact form.
5. Purposes of Processing
We process personal data for the following purposes:
- Provision and operation of this website
- Responding to enquiries submitted via the contact form
- Initiating and conducting business relationships
- Fulfilment of legal obligations
- Pursuing legitimate interests (e.g. IT security)
6. Legal Bases
The processing of your personal data is carried out on the basis of the following legal grounds under the GDPR:
- Art. 6 para. 1 lit. a GDPR – Consent (e.g. for contact enquiries)
- Art. 6 para. 1 lit. b GDPR – Performance of a contract and pre-contractual measures
- Art. 6 para. 1 lit. c GDPR – Compliance with a legal obligation
- Art. 6 para. 1 lit. f GDPR – Legitimate interests (e.g. IT security, operation of the website)
7. Cookies
This website uses only technically necessary cookies that are required for the proper functioning of the website. No tracking, analytics, or advertising cookies are used.
Technically necessary cookies cannot be deactivated, as the basic functionality of the website cannot be guaranteed without them. They are deleted at the end of the browser session.
You can prevent the storage of cookies by adjusting your browser settings accordingly. Please note, however, that in this case you may not be able to use all functions of this website to their full extent.
8. Contact Form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact information you provide there, will be stored with us for the purpose of processing the enquiry and in the event of follow-up questions.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for which the data was stored ceases to apply (e.g. after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Legal basis for processing: Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to the enquiry) or Art. 6 para. 1 lit. b GDPR (for pre-contractual enquiries).
9. Disclosure to Third Parties
Your personal data will generally not be transferred to third parties, except where:
- You have given your explicit consent (Art. 6 para. 1 lit. a GDPR)
- Transfer is necessary for the performance of a contract (Art. 6 para. 1 lit. b GDPR)
- There is a legal obligation to disclose (Art. 6 para. 1 lit. c GDPR)
- Transfer is necessary for the establishment, exercise, or defence of legal claims
Within the framework of the collaboration between Comma Soft AG and deep-IN GmbH, your enquiry data may be shared with the respective other partner insofar as this is necessary for the processing of your enquiry.
10. Retention Period
We store personal data only for as long as is necessary for the respective processing purpose or as required by statutory retention obligations:
- Server log files: Up to 7 days
- Contact enquiries: Until final processing, maximum 3 years (commercial law retention period)
- Contract data: In accordance with statutory retention periods (up to 10 years)
After the respective periods have elapsed, the data is routinely deleted, provided it is no longer required for the initiation or performance of a contract.
11. Your Rights
Under the GDPR, you have the following rights with respect to us:
To exercise your rights, please contact the central point of contact (see section 1) or the competent data protection supervisory authority:
LDI NRW (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
Kavalleriestr. 2–4, 40213 Düsseldorf
www.ldi.nrw.de
12. Data Security
We use technical and organisational security measures to protect your personal data against accidental or deliberate manipulation, loss, destruction, or unauthorised access.
All data is transmitted in encrypted form via SSL/TLS. Comma Soft AG is certified to ISO 27001 (Information Security) and ISO 9001 (Quality Management), both audited by TÜV Rheinland (as of 2025).
Our security measures are continuously improved in line with technological developments.
13. Changes to this Privacy Policy
We reserve the right to adapt this Privacy Policy to ensure it always meets current legal requirements or to implement changes to our services, e.g. when introducing new services.
The new Privacy Policy will then apply to your next visit. The current version is always available via the "Privacy Policy" link in the footer of this website.