Privacy Policy

Privacy Policy (Status: July 21, 2025)

Person responsible

S a b i n e   B l e s s i n g
E i s e n a c h e r   W e g   5
6 5 9 3 1   F r a n k f u r t   a m   M a i n
E-mail: info(@)the-requirements-engineering(.)com
Imprint: the-requirements-engineering.com/imprint

Overview of processing

Types of data processed

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication and procedural data
  • Protocol data

Categories of affected persons

  • Communication partners
  • Users

Purposes of processing

  • Communication
  • Security measures
  • Reach measurement
  • Organizational and administrative procedures
  • Feedback
  • Profiles with user-related information
  • Provision of our online offer and user-friendliness
  • Information technology infrastructure

Legal bases

  • Consent (Art. 6(1)(a) GDPR)
  • Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR)

German national regulations: BDSG, including special rules on data subject rights, profiling, and transmission.

Swiss DSG note: This notice also applies under Swiss data protection law. Terms follow GDPR for clarity but retain their original Swiss legal meanings.

Security measures

Includes technical and organizational measures (TOMs), such as:

  • TLS/SSL encryption (HTTPS)
  • IP masking
  • Access control
  • Privacy by design/default

Data transfers

Personal data may be shared with service providers. We ensure lawful processing and contracts.

International transfers: Only under adequacy decisions (e.g., DPF), SCCs, or explicit consent.

Storage and deletion

Retention follows legal requirements:

  • 10 years: tax/accounting records
  • 8 years: invoices
  • 6 years: business correspondence
  • 3 years: legal claims

Rights of data subjects

You may:

  • Object (Art. 21)
  • Withdraw consent (Art. 7)
  • Access, rectify, erase, or restrict data (Art. 15–18)
  • Request portability (Art. 20)
  • Complain to a supervisory authority (Art. 77)

Provision of our online services and web hosting

Data processed: usage, meta/communication, protocol, and content data
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Web hosts:

Use of cookies

We use cookies:

  • For functionality, analytics, and user preferences
  • Based on user consent (Art. 6(1)(a)) or legitimate interest (Art. 6(1)(f))

Cookie management:
Via Real Cookie Banner by devowl.io
Privacy info: https://devowl.io/rcb/data-processing/

Cookie tools:

Change privacy settings Privacy settings history Revoke consents

Blogs and user contributions

User comments and content may involve processing of:

  • IP address, name, contact, and contribution content

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Spam protection:
Handled via Antispam Bee, which supports local filtering without data transfer to third countries.

Gravatar profile pictures:
Displayed by matching hashed email addresses with the Gravatar service.
Service provider: Aut O’Mattic A8C Ireland Ltd.
Privacy: https://automattic.com/privacy – DPF certified

Users can avoid Gravatar by not using their Gravatar-associated email.

Contact and request management

Includes contact forms, emails, social media, and user interactions.
Legal basis:

  • Contract performance (Art. 6(1)(b) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)

Web analytics and optimization

Google Analytics 4:

  • Pseudonymous tracking
  • IP masking enabled
  • No raw IP logging
  • Consent-based

Google Tag Manager:

  • Used only for managing tracking tags
  • No user profiling

Legal basis: Consent (Art. 6(1)(a)), with additional IP masking

Opt-out: https://tools.google.com/dlpage/gaoptout

Plugins and embedded content

Plugins used for UX, speed, SEO, and functionality:

  • Yoast SEO – SEO optimization
  • Antispam Bee – Comment spam filtering
  • Asset CleanUp, Flying Scripts – Speed optimization
  • Bellows Accordion Menu, Easy Table of Contents – Navigation enhancements
  • Select Contact Form 7, Select Converter for Media – Form and media processing
  • Local Google Fonts – Fonts served from local server
  • WP Super Cache – Site caching

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) or consent

draw.io / diagrams.net

We integrate diagrams created with draw.io (also known as diagrams.net) into our online offering. When embedded via script, draw.io content is loaded from external servers. This means that the user’s IP address is transmitted to the provider in order to display the diagram. If consent is not given, draw.io is blocked via the Real Cookie Banner tool and content is not displayed.

  • Service provider: JGraph Ltd., 6 Dyers Buildings, London, EC1N 2JT, United Kingdom
  • Website: https://www.diagrams.net
  • Privacy Policy: https://www.diagrams.net/doc/privacy
  • Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR)
  • Purposes of processing: Provision of our online offer and user-friendliness
  • Types of data processed: IP address, technical metadata
  • Storage and deletion: According to diagrams.net’s own policies; we do not retain this data directly

Supervisory Authority
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Roßnagel
Gustav-Stresemann-Ring 1
65189 Wiesbaden

Scroll to Top
WordPress Cookie Plugin by Real Cookie Banner