Privacy Policy

Last updated: 15 January 2026

Introduction

obsidianforge GmbH ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website or use our services. As a company registered in Germany, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy applies to all personal data we collect through our website, communications, and business relationships. By using our website or services, you consent to the data collection and use practices described in this Privacy Policy.

Data Controller Information

The data controller responsible for your personal data is:

obsidianforge GmbH

Lindenstraße 82

44566 Dortmund, Germany

Registration Number: HRB90421

VAT Number: DE298374651

Email: privacy@obsidianforge.world

Phone: +49 231 926 7463

Data We Collect

We collect various types of personal data to provide and improve our commercial construction services. The data we collect includes information you provide directly to us and information automatically collected when you use our website.

Information You Provide

  • Contact information (name, email address, phone number, postal address)
  • Company or organisation details
  • Project requirements and specifications
  • Communication preferences
  • Any other information you choose to provide in forms or communications

Automatically Collected Information

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on our website
  • Referring website information
  • Cookie and tracking technology data

How We Use Your Information

We process your personal data for various purposes based on different legal grounds under GDPR. The main purposes for which we use your data include providing our construction services, communicating with you, and improving our business operations.

Service Provision

  • Responding to your enquiries and providing quotes
  • Managing construction projects and contracts
  • Providing customer support and technical assistance
  • Processing payments and managing accounts

Communication and Marketing

  • Sending service-related communications
  • Providing updates about our services (with consent)
  • Responding to your questions and feedback
  • Sending relevant business information

Legal and Business Purposes

  • Complying with legal obligations and regulations
  • Protecting our rights and interests
  • Improving our website and services
  • Conducting business analysis and planning

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary for performing contracts and providing services
  • Legitimate Interests: For business operations, security, and service improvement
  • Consent: When you provide explicit consent for marketing communications or cookies
  • Legal Compliance: To comply with applicable laws and regulations

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with trusted service providers and partners who assist us in operating our business, subject to strict confidentiality agreements.

Service Providers

  • Website hosting and technical service providers
  • Analytics services (Google Analytics)
  • Communication and email service providers
  • Payment processing services

Legal Requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data and the purpose for processing.

  • Contact enquiries: Up to 3 years after last contact
  • Customer data: Duration of business relationship plus 7 years for legal compliance
  • Marketing data: Until consent is withdrawn or 2 years of inactivity
  • Website analytics: 26 months (Google Analytics default)

Your Rights

Under GDPR, you have several rights regarding your personal data. You can exercise these rights by contacting us using the information provided below.

  • Right of Access: Request information about how we process your data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data in a structured format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection
  • Secure data storage and backup procedures

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out to us using the following contact information:

Privacy Officer

obsidianforge GmbH

Email: privacy@obsidianforge.world

Phone: +49 231 926 7463

Address: Lindenstraße 82, 44566 Dortmund, Germany

You also have the right to lodge a complaint with the relevant data protection authority if you believe we have not handled your personal data in accordance with applicable law.