Last updated: April 2026
Agentur für Digitales und Innovation Frank Bartels Erich-Weinert-Str. 51 10439 Berlin, Germany Email: gdpr@thedigitalagency.io
When you use the Business Model Transformation Audit at audit.thedigitalagency.io, we collect: • Email address (only when you request the PDF report) • Industry selection • Company size selection • Role selection • Audit answers (22 questions) • Language preference We do NOT collect data before you actively submit it. Your score is visible without providing an email address.
We process your data for the following purposes: • Calculating your personalized readiness score (legal basis: consent) • Generating AI-powered recommendations (legal basis: consent) • Sending you the PDF report via email (legal basis: consent) • Storing your contact in our CRM for follow-up communication (legal basis: consent) You provide explicit consent via the GDPR checkbox before submitting your email.
We use the following sub-processors to deliver the service: • Brevo (Sendinblue GmbH, Berlin, Germany) — CRM & contact management. EU-hosted. • Mailjet (Sinch Germany GmbH, Germany) — Email delivery. EU-hosted. • Lemon Squeezy (Lemon Squeezy LLC, USA) — Payment processing for the paid Transformation Blueprint. Handles checkout, invoicing, and VAT. Data Processing Agreement in place. Standard Contractual Clauses (SCCs) apply. • Airtable (Airtable Inc., USA) — Question & result storage. Data Processing Agreement in place. Standard Contractual Clauses (SCCs) apply. • OpenAI (OpenAI LLC, USA) — AI recommendation generation. No personal data is sent to OpenAI — only anonymized answer scores and industry context. Standard Contractual Clauses (SCCs) apply. • MongoDB (via hosting provider) — Local database for submission records. • Hosting provider — Application hosting for audit.thedigitalagency.io. All US-based processors operate under Standard Contractual Clauses (SCCs) as per GDPR Art. 46(2)(c).
When generating recommendations, we send the following to OpenAI: • Your industry category (e.g. "Consulting") • Your company size category (e.g. "11-50") • Your role category (e.g. "Founder") • Your answer scores (numerical values only) • Your aggregated BMC block scores We do NOT send your email address, name, or any other personally identifiable information to OpenAI.
Your audit data is stored indefinitely until you request deletion. You may request deletion at any time by emailing gdpr@thedigitalagency.io.
Under GDPR, you have the following rights: • Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to withdraw consent (Art. 7(3) GDPR) To exercise any right, contact: gdpr@thedigitalagency.io You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection (Berliner Beauftragte für Datenschutz und Informationsfreiheit).
This application does NOT use cookies for tracking or analytics. We do not use any third-party tracking tools. The only local storage used is for admin authentication tokens (localStorage), which is functional and not used for tracking purposes.
All data is transmitted via HTTPS/TLS encryption. Access to personal data is restricted to authorized personnel only. Our sub-processors maintain industry-standard security certifications.
Made with Emergent