Legal

Privacy Policy

Last updated: March 2026 · Version 1.0

Summary: Discursa is operated by a freelance professional based in Berlin, Germany. We collect personal data only when you actively contact us or request a demo. We do not sell your data. We do not use tracking cookies. Your data is processed in accordance with the General Data Protection Regulation (GDPR) and German data protection law.

1. Data Controller

The data controller responsible for processing your personal data is:

Zaher Alkaei
operating under the trading name Discursa
[Street address]
[Postcode] Berlin, Germany

Email: info@discursa.io

Discursa is operated on a freelance basis (*freiberuflich*). There is no registered commercial entity at this time.

If you have any questions about this Privacy Policy or the processing of your personal data, please contact us at info@discursa.io.

2. Data We Collect and Why

We process personal data only for specific, legitimate purposes. The table below describes each category of data, its purpose, and the legal basis under Article 6 of the GDPR.

Data category	Purpose	Legal basis (Art. 6 GDPR)	Retention
Demo request form Name, work email, phone number (optional), job title, organisation, country, company size, use case, message (optional)	To respond to your inquiry and assess whether our services are a fit for your needs	Art. 6(1)(b) — pre-contractual measures at your request	24 months from last contact, or until you request deletion
Newsletter subscription Name, work email	To send you Discursa news, research updates, and event invitations	Art. 6(1)(a) — your explicit consent (opt-in checkbox)	Until you withdraw consent / unsubscribe
Email correspondence Email address, message content	To communicate with you about services, contracts, and support	Art. 6(1)(b) — contractual necessity; Art. 6(1)(f) — legitimate interest in maintaining business correspondence	6 years (retention obligation for self-employed persons under § 147 AO)
Contractual data Billing address, VAT number, payment information	To fulfil commissioned engagements and comply with invoicing obligations	Art. 6(1)(b) — contract performance; Art. 6(1)(c) — legal obligation (§ 147 AO)	10 years (German tax retention requirement)
Server logs IP address, browser type, pages visited, timestamp	Ensuring website security and stability; troubleshooting	Art. 6(1)(f) — legitimate interest in operating a secure website	7 days, then deleted automatically

3. Cookies and Tracking

This website does not use analytics cookies, advertising cookies, or any third-party tracking technologies. We do not use Google Analytics, Meta Pixel, or similar services.

No cookie consent banner is displayed because no non-essential cookies are set. If this changes in the future, we will update this policy and implement a compliant consent mechanism before deployment.

4. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We share data only where strictly necessary:

Netlify, Inc. (San Francisco, USA) — website hosting and form submission processing. Netlify acts as a data processor under a Data Processing Agreement. Data is transferred to the USA under Standard Contractual Clauses (SCCs) approved by the European Commission.
Zoho Corporation — email hosting and delivery (Zoho Mail). Zoho acts as a data processor under a Data Processing Agreement. Email data is processed on Zoho's EU servers; no transfer outside the EEA occurs in ordinary use. Zoho's DPA is available at zoho.com/privacy/dpa.html.
Professional advisors — lawyers and accountants bound by professional confidentiality obligations, where required for legal or financial compliance.
Authorities — where we are legally required to disclose data under German or EU law.

5. International Data Transfers

Our website is hosted by Netlify, which may process data in the United States. Such transfers are carried out under Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR, ensuring an adequate level of data protection equivalent to that within the EEA.

All other data processing takes place within the European Economic Area (EEA).

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR)

You may request a copy of the personal data we hold about you, together with information about how it is processed.

Right to rectification (Art. 16 GDPR)

You may request correction of inaccurate or incomplete personal data.

Right to erasure (Art. 17 GDPR)

You may request deletion of your personal data where it is no longer necessary for its original purpose, where you have withdrawn consent, or where we have no legitimate grounds to retain it. Statutory retention obligations (e.g. tax records) may prevent immediate deletion in some cases.

Right to restriction of processing (Art. 18 GDPR)

You may request that we restrict processing of your data under certain circumstances, such as when you contest its accuracy or object to its use.

Right to data portability (Art. 20 GDPR)

Where processing is based on consent or contract and is carried out by automated means, you may request your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR)

You have the right to object at any time to processing based on our legitimate interests (Art. 6(1)(f)). We will then cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent (Art. 7(3) GDPR)

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of the above rights, please contact us at info@discursa.io. We will respond within one month of receiving your request (Art. 12 GDPR).

7. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority. As a company registered in Berlin, our lead supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Friedrichstr. 219, 10969 Berlin
Email: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de

You may also lodge a complaint with the supervisory authority of your place of habitual residence or workplace.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These include TLS-encrypted data transmission, restricted internal access, and use of reputable infrastructure providers.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

9. Links to Third-Party Sites

Our website may contain links to third-party websites (e.g. LinkedIn, social media platforms). This Privacy Policy applies only to discursa.io. We are not responsible for the data practices of third-party sites and encourage you to review their respective privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The date of the most recent revision is shown at the top of this page. We will notify active contacts of material changes by email where possible.

11. Contact

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal data, please contact:

Discursa
Email: info@discursa.io