PRIVACY POLICY

The controller responsible for data processing on this website is:

For any privacy-related inquiries, you may contact us securely at office@gottwald.world.

This website is architected for maximum security and performance utilizing a modern React / Next.js frontend. The frontend application is deployed via Vercel Inc., utilizing their global Edge Network (CDN).

Our operational backend logic and secure API framework are hosted on Amazon Web Services (AWS) servers. All relational data is strictly encrypted and maintained within a highly secure PostgreSQL database layer. Routine, encrypted backups of server and application data are strictly maintained to ensure operational continuity and data integrity.

During a visit, our servers (and Vercel's edge network) automatically collect standard technical logs, including IP addresses, timestamps, HTTP status codes, and browser versions. These logs are strictly utilized to prevent DDoS attacks and maintain the platform's structural stability.

When you submit information via our Contact form, Strategic Inquiry form, Careers form, or the GOTT WALD Application form, the data is securely transmitted via our backend API and permanently stored within our strict-clearance PostgreSQL database on AWS.

This data is processed exclusively to evaluate alignments, establish contact, or assess professional capabilities. In addition to database logging, secure email notifications of these submissions are dispatched to our authorized internal personnel exclusively via the Resend API.

Applicant data submitted securely through our forms seamlessly travels to designated HR personnel without the involvement of external Applicant Tracking Systems (ATS). Access to the database and applicant data is strictly limited to authorized personnel holding elevated system clearance. Submissions are dispatched natively via secure email alerts handled by Resend.

In adherence to our strict privacy doctrine, we do not employ invasive third-party analytics or behavioral tracking suites. This platform does not utilize Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, or LinkedIn Insight Tags.

We believe your navigation of our infrastructure remains your private prerogative.

We deploy a proprietary, self-contained Cookie Manager. We issue only a single strictly necessary cookie, used to record your acknowledgment of this notice. We do not set performance, analytics, advertising, or behavioral tracking cookies of any kind.

Your acknowledgment is saved as a first-party cookie named gottwald_consent, scoped to this site, with a one-year lifespan and SameSite=Lax. No consent data is broadcast to external ad networks. You may review this cookie at any time via the "Cookie Settings" trigger in the footer.

For all outgoing communications and automated notifications from the website (such as form submission alerts and transactional inquiries), we exclusively utilize Resend as our secure transactional email API infrastructure. We categorically do not utilize external bulk newsletter automation tools.

Our core physical servers are hosted in European-based regions. However, because our architecture utilizes global infrastructure partners—including Vercel (Frontend/CDN), AWS (Backend/Database), and Resend (for transactional emails)—incidental data processing or storage may occur on servers outside the European Economic Area (EEA), including the United States.

In all such instances, we mandate that our infrastructure partners adhere to rigorous data protection standards. Vercel, AWS, and Resend all rely on the Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs), recognizing adequacy decisions where legally required to ensure your data remains deeply secured and compliant with European data protection standards.

We govern data lifecycle through strict minimization rules:

• Contact inquiries & applications: Retained only as long as necessary to facilitate ongoing business dialog or statutory limitations, after which they are thoroughly purged from our PostgreSQL database.
• Server logs: Automatically rotated and erased within standard operational AWS/Vercel cycle timelines (typically 14 to 30 days).
• Consent records: Maintained solely on your local device until you manually clear your browser cache.