Privacy Policy
MICHELLE FLECHNER, trading as CrediaBusiness ("CrediaBusiness", "we", "us" or "our"), respects your privacy. This Privacy Policy explains what information we collect when you interact with us, how we use it, and the rights you have under German and European Union data protection law.
1. Data we collect
1.1 Data you provide directly
When you request a consultation, submit a contact form or become a client, we process the contact details you supply — commonly your name, business email, organisation and role. For paying engagements we additionally hold billing details supplied by your finance function.
1.2 Data collected automatically
When you visit our website, our servers automatically record standard technical fields: IP address, browser type, operating system, referrer URL, pages viewed and access times. This information is used solely for security monitoring, error diagnostics and aggregated usage analytics.
1.3 Client-supplied working material
If you engage our advisory services, you may share documents, notes or planning material with us. Such content is treated as confidential and handled under the terms of the engagement letter you sign with us.
2. Purposes of processing
- To provide, maintain, secure and improve our services.
- To answer inquiries and deliver contracted consulting work.
- To detect, prevent and investigate security incidents or misuse.
- To comply with legal, regulatory and tax obligations under German law.
Client working material is never used to train models exposed to other clients without explicit written authorisation.
3. Legal bases under GDPR
Where the EU General Data Protection Regulation (Regulation (EU) 2016/679) applies, we rely on: (a) performance of a contract with you, (b) legitimate business interests in operating a secure professional practice, (c) compliance with our legal obligations, and (d) your consent, where consent is the appropriate basis.
4. Data sharing
We do not sell personal data. We share it only with:
- Service providers (hosting, secure storage, payment processing) acting on our behalf under written data-processing agreements.
- Professional advisers (auditors, lawyers, tax advisers) on a strict need-to-know basis.
- Public authorities where required by binding legal process under German or EU law.
- Successors in the context of a business transfer, subject to equivalent privacy commitments.
5. Security
We apply administrative, technical and physical safeguards appropriate to the sensitivity of the data we hold. These include encrypted transport (TLS 1.2+), encrypted storage of confidential client material, role-based access, and periodic security reviews. No system is ever perfectly secure, and we cannot guarantee absolute security.
6. Retention
Personal data is retained only for as long as necessary to provide our services, comply with our legal obligations, resolve disputes and enforce our agreements. Automatically-collected technical logs are typically kept up to 12 months. Client working material is kept for the duration of the engagement plus a further 30 days, unless a longer period is agreed in writing.
7. Your rights
Under GDPR you have the right to access, rectify, erase or export your personal data, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. To exercise any of these rights, please contact us at the address below. You also have the right to lodge a complaint with the competent supervisory authority (in our case, the Landesbeauftragte für Datenschutz und Informationsfreiheit NRW).
8. International transfers
Our infrastructure is primarily located within the European Union. Where a service provider processes data outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism recognised under GDPR Chapter V.
9. Children
Our services are directed exclusively at professionals. We do not knowingly collect data from individuals under 18. If you believe a minor has provided data to us, please contact us so we can remove it.
10. Updates to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or through a notice on our website. The "Last updated" date at the top of this page always reflects the latest revision.
11. Contact
Privacy enquiries and rights requests should be directed to:
MICHELLE FLECHNER — Attn: Privacy
Jungholzweg 16 B
53340 Meckenheim
Germany