PRIVACY POLICY

The controller responsible for data processing on this website is:

For any privacy-related inquiries, you may contact us securely at office@gottwald.world.

This website is architected for maximum security and performance utilizing a modern React / Next.js frontend. The frontend application is deployed via Vercel Inc., utilizing their global Edge Network (CDN).

Our operational backend logic and secure API framework are hosted on Amazon Web Services (AWS) servers. All relational data is strictly encrypted and maintained within a highly secure PostgreSQL database layer. Routine, encrypted backups of server and application data are strictly maintained to ensure operational continuity and data integrity.

During a visit, our servers (and Vercel's edge network) automatically collect standard technical logs, including IP addresses, timestamps, HTTP status codes, and browser versions. These logs are strictly utilized to prevent DDoS attacks and maintain the platform's structural stability.

When you submit information via our Contact form, Strategic Inquiry form, Careers form, or the GOTT WALD Application form, the data is securely transmitted via our backend API and permanently stored within our strict-clearance PostgreSQL database on AWS.

This data is processed exclusively to evaluate alignments, establish contact, or assess professional capabilities. In addition to database logging, secure email notifications of these submissions are dispatched to our authorized internal personnel exclusively via the Resend API.

Applicant data submitted securely through our forms seamlessly travels to designated HR personnel without the involvement of external Applicant Tracking Systems (ATS). Access to the database and applicant data is strictly limited to authorized personnel holding elevated system clearance. Submissions are dispatched natively via secure email alerts handled by Resend.

In adherence to our strict privacy doctrine, analytics cookies are off by default. We set no analytics cookies and store no identifiers on your device unless you actively opt in.

We use Google Analytics 4 (provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) with Google Consent Mode. Before you opt in, Google Analytics runs in cookieless mode: it loads but sets no cookies and stores no identifiers, transmitting only aggregated, anonymised measurement (legal basis: our legitimate interest in basic, privacy-preserving reach measurement, Art. 6(1)(f) GDPR). If you enable “Analytics” in our cookie settings, Google Analytics additionally uses cookies for fuller, session-based statistics, based on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time by switching Analytics off. We do not use Google Tag Manager, Meta Pixel, Hotjar, or LinkedIn Insight Tags.

We believe your navigation of our infrastructure remains your private prerogative — the choice to share usage data is always yours.

We deploy a proprietary, self-contained Cookie Manager. By default we issue only a single strictly necessary cookie that records your choice in this notice. We set no advertising or behavioral tracking cookies, and no analytics cookies unless you actively enable "Analytics" in the cookie settings.

Your choice is saved as a first-party cookie named gottwald_consent, scoped to this site, with a one-year lifespan and SameSite=Lax. It also records whether you have enabled analytics. No consent data is broadcast to external ad networks. You may review or change it at any time via the "Cookie Settings" trigger in the footer.

Only if you enable "Analytics", Google Analytics 4 (Google Ireland Ltd.) sets first-party cookies — _ga and _ga_<container> — to distinguish visitors and sessions for aggregate, anonymised statistics. They are set solely after your consent (Art. 6(1)(a) GDPR), expire after up to two years, and are not used while analytics is off. Disabling "Analytics" in the cookie settings withdraws consent for future processing.

For all outgoing communications and automated notifications from the website (such as form submission alerts and transactional inquiries), we exclusively utilize Resend as our secure transactional email API infrastructure. We categorically do not utilize external bulk newsletter automation tools.

Our core physical servers are hosted in European-based regions. However, because our architecture utilizes global infrastructure partners—including Vercel (Frontend/CDN), AWS (Backend/Database), and Resend (for transactional emails)—incidental data processing or storage may occur on servers outside the European Economic Area (EEA), including the United States.

In all such instances, we mandate that our infrastructure partners adhere to rigorous data protection standards. Vercel, AWS, and Resend all rely on the Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs), recognizing adequacy decisions where legally required to ensure your data remains deeply secured and compliant with European data protection standards.

We govern data lifecycle through strict minimization rules:

• Contact inquiries & applications: Retained only as long as necessary to facilitate ongoing business dialog or statutory limitations, after which they are thoroughly purged from our PostgreSQL database.
• Server logs: Automatically rotated and erased within standard operational AWS/Vercel cycle timelines (typically 14 to 30 days).
• Consent records: Maintained solely on your local device until you manually clear your browser cache.