We respect your data. This policy explains what we collect, why, on what legal basis, and what rights you have under the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG). Last updated: 12 May 2026.
Florian Busche (Verto-It), Einzelunternehmer, Germany
Server logs, contact form submissions, and technically essential session data only
None. We do not use Google Analytics, Meta Pixel, or any third-party tracking tools
Access, rectification, erasure, portability, objection — contact us at any time
The entity responsible for the processing of personal data on this website within the meaning of the GDPR is:
For all data protection matters, please contact the controller directly:
Note for operators: Appoint a formal DPO (Art. 37 GDPR) if your processing involves large-scale systematic monitoring or special category data. Update this section accordingly.
This Privacy Policy applies to the website www.verto-it.com and all subdomains operated by SIA Verto-It. It does not apply to third-party websites linked from our site.
This policy governs our collection and use of personal data in connection with the website only. Data processing in the context of individual client engagements is governed by the specific Data Processing Agreement (DPA) concluded with each client pursuant to Art. 28 GDPR.
When you access our website, our web server automatically records the following information in server log files:
Purpose: Ensuring the technical operation, security, and availability of the website; detecting and preventing abuse and attacks.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests of the controller in operating a secure and available website. IP addresses are shortened (last octet removed) after 24 hours and fully deleted after 30 days.
When you use our contact form, we collect the following personal data you voluntarily provide:
Purpose: To respond to your enquiry, assess whether an engagement is suitable, and initiate a potential business relationship.
Legal basis: Art. 6(1)(b) GDPR — processing is necessary for taking steps at your request prior to entering into a contract. Where no contract follows, Art. 6(1)(f) GDPR (our legitimate interest in responding to business enquiries) applies.
Retention: Contact form data is retained for up to 36 months after the last communication, unless a contract is concluded (in which case statutory retention periods apply — typically 10 years under commercial and tax law).
Our website uses only technically essential cookies necessary for the operation of the site. We do not use tracking cookies, advertising cookies, or persistent profiling cookies. For full details, please see our Cookie Policy.
Beyond the above, we only collect data that you actively provide to us — for example, when corresponding with us by e-mail. You are never required to provide personal data to browse this website.
We process personal data on the following legal bases under Art. 6 GDPR:
| Art. 6(1)(a) | Consent — where you have given explicit consent, e.g. for optional cookies or newsletters (none currently active). |
| Art. 6(1)(b) | Contract — where processing is necessary to take pre-contractual steps at your request or to perform a contract. |
| Art. 6(1)(c) | Legal obligation — where we are required by applicable law (e.g. tax or commercial retention obligations). |
| Art. 6(1)(f) | Legitimate interests — for server security, fraud prevention, and responding to business enquiries, unless overridden by your interests or rights. |
We do not sell, rent, or trade personal data. Data may be shared with:
No personal data is transferred to recipients outside the European Economic Area (EEA) without appropriate safeguards as described in Section 7 below.
Verto-It (Florian Busche) is based in Germany (EU/EEA). Website hosting is provided by RyzeHosting (Hauptstraße 43, 2563 Pottenstein, Austria), an EU-based provider. No personal data collected through this website is routinely transferred to countries outside the EEA.
Should an international transfer become necessary in an individual case (e.g. at a client's request), we ensure that appropriate safeguards pursuant to Art. 46 GDPR are in place — such as EU Standard Contractual Clauses (SCCs) — or that a derogation under Art. 49 GDPR applies.
| Server logs | IP addresses anonymised within 24 hours; log files deleted after 30 days. |
| Contact enquiries | Up to 36 months from last contact, unless a contract is formed (then up to 10 years per commercial/tax law). |
| Contract data | 10 years from end of the business relationship (§ 257 HGB, § 147 AO and equivalent Latvian law). |
| Technical cookies | Session cookies expire when the browser is closed. No persistent cookies are set by our server. |
As a data subject, you have the following rights with regard to your personal data:
| Art. 15 GDPR Auskunft |
Right of access — You may request confirmation of whether we process personal data about you, and obtain a copy of that data. |
| Art. 16 GDPR Berichtigung |
Right to rectification — You may request correction of inaccurate or completion of incomplete personal data. |
| Art. 17 GDPR Löschung |
Right to erasure ("right to be forgotten") — You may request deletion of your personal data, subject to legal retention obligations. |
| Art. 18 GDPR Einschränkung |
Right to restriction of processing — You may request that we restrict the processing of your data in certain circumstances. |
| Art. 20 GDPR Portabilität |
Right to data portability — You may receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract. |
| Art. 21 GDPR Widerspruch |
Right to object — You may object at any time to processing based on our legitimate interests (Art. 6(1)(f) GDPR). We will cease processing unless compelling legitimate grounds override your interests. |
| Art. 7(3) GDPR Widerruf |
Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. |
| Art. 22 GDPR Automatisierte Entscheidungen |
Right against automated decision-making — We do not make decisions based solely on automated processing that produce legal or similarly significant effects. |
To exercise any of these rights, please contact: [email protected]
We will respond within one month. This period may be extended by two further months where necessary, in which case we will inform you of the extension within the first month.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or of the alleged infringement.
As the controller is based in Germany, the competent supervisory authority is the data protection authority (Datenschutzaufsichtsbehörde) of the German federal state (Bundesland) in which Florian Busche is registered. You may contact the authority for your own place of residence. A list of all German state authorities is available at:
We implement state-of-the-art technical and organisational measures (TOMs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects individuals, as defined in Art. 22 GDPR.
Our services and website are directed exclusively at business professionals. We do not knowingly collect personal data from persons under the age of 16. If you become aware that a minor has submitted data to us, please contact us at [email protected] and we will delete such data promptly.
This website currently does not embed any third-party services (such as Google Analytics, Google Fonts served from Google servers, YouTube, social media widgets, or advertising networks) that transmit personal data to third parties upon page load.
Should this change in the future, we will update this privacy policy and, where required, obtain your prior consent before activating such services.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The current version is always available at www.verto-it.com/privacy.html. The date of the last update is stated at the top of this page.
For material changes affecting how we process your data, we will take reasonable steps to notify you — for example, by displaying a prominent notice on our website.
Contact our data protection team directly for any questions, subject access requests, or to exercise your rights under the GDPR.
[email protected] →