Privacy Policy

Introduction

This Privacy Policy explains how Sebastian Tagwercher (operating as Tagwercher Security, an independent security consulting practice, hereafter “the consultant”) collects, uses, and protects personal data when you interact with this website or engage the consultant's services.

The consultant operates as an independent consultant currently in transition to a Georgian Individual Entrepreneur registration. Contact details and legal information are provided on the Legal Notice page.

What data is collected

The consultant collects only the personal data necessary to provide consulting services and respond to inquiries:

Contact form submissions: When you fill in the contact form on this website, you provide your name, email address, and the content of your message. This data is sent directly to the consultant's email and is not stored in a database on this website.

Email correspondence: When you email the consultant directly, the email content, sender address, and any attachments are stored in the consultant's email account.

Engagement records: For paid engagements, the consultant retains contracts, invoices, scoping documents, and findings reports as required by tax and professional liability obligations.

Website analytics: This website uses minimal analytics to understand visitor patterns. No personally identifying analytics tracking is performed. No cookies are set for tracking purposes.

Legal basis for processing

Under the EU General Data Protection Regulation (GDPR), the consultant processes personal data on the following bases:

• Performance of a contract (Article 6(1)(b)) for engaged clients
• Legitimate interest (Article 6(1)(f)) for responding to inquiries received via contact form or email
• Legal obligation (Article 6(1)(c)) for retaining records required by tax law

Data retention

Contact form submissions and inquiry emails are retained until the inquiry is resolved or for a maximum of 24 months from the last contact, whichever comes first.

Engagement records (contracts, invoices, reports) are retained for the period required by applicable tax law, typically 7–10 years.

Sensitive findings from security assessments are retained for the duration of the engagement plus 12 months for retest and reference purposes, then deleted unless the client requests longer retention.

Data sharing

The consultant does not sell, rent, or share personal data with third parties for marketing purposes. Personal data may be processed by the following service providers under appropriate data processing agreements:

• Email provider (Proton Mail) for hosting consultant email
• Calendly for scheduling discovery calls (when you book a call, Calendly receives your name and email)
• Vercel for website hosting (technical logs of website visits)

Personal data is not transferred to jurisdictions without adequate data protection unless explicit consent is given.

Your rights under GDPR

If you are located in the EU/EEA or are an EU citizen, you have the following rights:

• Right of access: request a copy of personal data the consultant holds about you
• Right of rectification: request correction of inaccurate data
• Right of erasure (“right to be forgotten”): request deletion of your data
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

To exercise any of these rights, email s.tagwercher@tagwercher.io with the subject “GDPR request.” Requests are typically processed within 30 days.

Contact

For questions about this Privacy Policy or your data, contact:

Sebastian Tagwercher

Email: s.tagwercher@tagwercher.io

For full business contact details, see the Legal Notice page.

Changes to this policy

This Privacy Policy may be updated to reflect changes in legal requirements, business operations, or service providers. The effective date at the top of this page reflects the most recent revision. Material changes will be flagged on the homepage or via direct notice for active clients.