Privacy Policy

Last updated: April 2026

1. Controller

Agentur für Digitales und Innovation Frank Bartels Erich-Weinert-Str. 51 10439 Berlin, Germany Email: gdpr@thedigitalagency.io

2. Data We Collect

When you use the Business Model Transformation Audit at audit.thedigitalagency.io, we collect: • Email address (only when you request the PDF report) • Industry selection • Company size selection • Role selection • Audit answers (22 questions) • Language preference We do NOT collect data before you actively submit it. Your score is visible without providing an email address.

3. Purpose of Processing

We process your data for the following purposes: • Calculating your personalized readiness score (legal basis: consent) • Generating AI-powered recommendations (legal basis: consent) • Sending you the PDF report via email (legal basis: consent) • Storing your contact in our CRM for follow-up communication (legal basis: consent) You provide explicit consent via the GDPR checkbox before submitting your email.

4. Third-Party Processors

We use the following sub-processors to deliver the service: • Brevo (Sendinblue GmbH, Berlin, Germany) — CRM & contact management. EU-hosted. • Mailjet (Sinch Germany GmbH, Germany) — Email delivery. EU-hosted. • Lemon Squeezy (Lemon Squeezy LLC, USA) — Payment processing for the paid Transformation Blueprint. Handles checkout, invoicing, and VAT. Data Processing Agreement in place. Standard Contractual Clauses (SCCs) apply. • Airtable (Airtable Inc., USA) — Question & result storage. Data Processing Agreement in place. Standard Contractual Clauses (SCCs) apply. • OpenAI (OpenAI LLC, USA) — AI recommendation generation. No personal data is sent to OpenAI — only anonymized answer scores and industry context. Standard Contractual Clauses (SCCs) apply. • MongoDB (via hosting provider) — Local database for submission records. • Hosting provider — Application hosting for audit.thedigitalagency.io. All US-based processors operate under Standard Contractual Clauses (SCCs) as per GDPR Art. 46(2)(c).

5. Data Sent to AI (OpenAI)

When generating recommendations, we send the following to OpenAI: • Your industry category (e.g. "Consulting") • Your company size category (e.g. "11-50") • Your role category (e.g. "Founder") • Your answer scores (numerical values only) • Your aggregated BMC block scores We do NOT send your email address, name, or any other personally identifiable information to OpenAI.

6. Data Retention

Your audit data is stored indefinitely until you request deletion. You may request deletion at any time by emailing gdpr@thedigitalagency.io.

7. Your Rights

Under GDPR, you have the following rights: • Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to withdraw consent (Art. 7(3) GDPR) To exercise any right, contact: gdpr@thedigitalagency.io You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

8. Cookies & Tracking

This application does NOT use cookies for tracking or analytics. We do not use any third-party tracking tools. The only local storage used is for admin authentication tokens (localStorage), which is functional and not used for tracking purposes.

9. Security

All data is transmitted via HTTPS/TLS encryption. Access to personal data is restricted to authorized personnel only. Our sub-processors maintain industry-standard security certifications.

Made with Emergent