Effective Date: November 10, 2025
Controller: Oak Security GmbH, Leopoldstr. 31, 80802 Munich, Germany
Email: info@oaksecurity.io
Data Protection Officer (DPO): Not appointed
Solidified is a brand of Oak Security GmbH.
Oak Security GmbH (“Oak Security,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, disclose, and safeguard personal data when you use our website, contact us, request a quote, or schedule a meeting. This Privacy Notice applies globally to all users, and we comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.
When you voluntarily submit information via our contact form or meeting scheduling tool, we may collect:
We do not intentionally collect sensitive personal data. Providing personal data is voluntary, but necessary to respond to your inquiry.
GitHub Pages serves our website as a static site. It does not use tracking cookies or collect analytics data on our behalf. For technical delivery, GitHub may process your IP address and basic browser information in server logs, in line with the GitHub Privacy Statement.
We do not use analytics, advertising, or marketing tracking tools.
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Respond to inquiries, provide quotes, and communicate about projects | Art. 6(1)(b) GDPR (pre-contract/contract) or Art. 6(1)(a) (consent) |
| Schedule and conduct meetings | Art. 6(1)(b) GDPR or Art. 6(1)(a) (consent) |
| Prepare and execute Non-Disclosure Agreements (NDAs) | Art. 6(1)(b) GDPR |
| Maintain business records, improve service quality, defend legal claims | Art. 6(1)(f) GDPR (legitimate interests: efficient client service, record-keeping, legal defense). Balancing test available on request |
| Comply with legal obligations (e.g., tax, commercial retention) | Art. 6(1)(c) GDPR |
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
We do not sell personal data. We only share personal data as necessary with:
All processors act on our documented instructions under a data processing agreement and implement appropriate security measures.
Personal data may be processed outside the EEA/UK by our providers (e.g., GitHub, Google). Transfers are safeguarded by the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, participation in the EU–US Data Privacy Framework, and additional technical/organizational measures. Google LLC may store and process data on servers outside the European Economic Area.
Personal data is retained only as long as necessary:
You may request earlier deletion unless retention is legally required.
We apply appropriate technical and organizational security measures to protect your personal data, including encrypted transmission (TLS), restricted internal access, and secure hosting via GitHub Pages and Google Workspace.
You have the right to access, rectify, erase, restrict processing, object (including to processing based on legitimate interests), and data portability, and to withdraw consent where applicable. Contact: info@oaksecurity.io. You also have the right to lodge a complaint with a supervisory authority.
EU (Germany): Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach, Germany.
UK: Information Commissioner’s Office (ICO), ico.org.uk.
Notice at Collection—Categories we collect: Identifiers (name, email), Commercial information (project details you submit), Internet/technical information limited to essential operation (strictly necessary cookies), Professional or employment-related information you include (e.g., company).
Sources: directly from you; our service providers (Framer/Google) for transmission/hosting.
Purposes: to respond to your request, schedule meetings, perform record-keeping and compliance.
Retention: identifiers and project/scheduling data for active communication + 12 months, or longer if required by law/contract; criteria include statutory periods and limitation periods for legal claims.
Sale/Sharing: we do not sell or share personal information as defined by CPRA, and we do not use or disclose sensitive personal information.
Rights: access, deletion, correction, to know, and to non-discrimination. Submit requests to info@oaksecurity.io.
Verification/Authorized Agents: we will verify your request (e.g., by matching email identity) and accept authorized-agent requests with proof of authorization and your verified request.
Minors: we do not knowingly sell or share data of consumers under 16.
We do not use analytics, advertising, or marketing cookies. Our site may use strictly necessary technical cookies required for secure operation by GitHub Pages and for Google Calendar scheduling. These are essential and not used for tracking behavior.
If you choose to schedule a meeting, your name, email, meeting time, and any notes will be processed by Google Calendar in accordance with the Google Privacy Policy. Oak Security only receives information necessary to conduct the meeting.
Our services are not directed to children, and we do not knowingly collect personal data from children.
Providing contact and project details is optional but necessary for us to respond, provide a quote, or schedule a meeting. If you do not provide it, we may be unable to process your request.
We do not use automated decision-making or profiling.
You have the right to lodge a complaint with our competent authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 27, 91522 Ansbach, Germany
Oak Security GmbH Leopoldstr. 31, 80802 Munich, Germany Email: info@oaksecurity.io
We may update this Privacy Notice from time to time. The effective date at the top will be updated accordingly. Continued use of our website after any changes indicates your acceptance of the updated terms.
Thank you for trusting Oak Security GmbH. Your privacy is important to us, and we are committed to protecting your personal data responsibly and transparently.