Free Analysis

Privacy Policy

Last Updated: September 2025

1. Data Controller

ReviewOps.co is a service of

MALAAG Holding UG (haftungsbeschränkt)
Moorburg 26a
21439 Marxen
Represented by:
Marco Langhoff (Managing Director)
Contact:
Email: kontakt (at) reviewops.co

To exercise your rights, please contact us using the contact details provided above.

2. General Information

We process your data solely on the basis of the applicable legal provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TDDDG). This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data in the context of using our website.

Personal data is any information relating to an identified or identifiable natural person. As the controller within the meaning of data protection laws, we process your personal data only insofar as this is necessary to provide a functional website as well as our content and services.

Note regarding minors: Persons under the age of 16 should not transmit personal data to us without the consent of their legal guardians.

Note on B2B context:
Our website is aimed exclusively at businesses and their employees (business-to-business). We process personal data of contacts within companies (e.g., names, business email addresses, phone numbers) for the purposes of business initiation, contract execution, and customer support. Processing is based on our legitimate interests in efficient business communications (Art. 6(1)(f) GDPR) or for pre-contractual measures and contract performance (Art. 6(1)(b) GDPR). Data subjects may exercise their rights under Art. 15–22 GDPR at any time by contacting us.

3. Server Logfiles

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

3.1 Scope of processing of personal data

  • Browser type and version
  • Operating system used
  • Referrer URL (previous page visited)
  • Host name of the accessing device
  • Time of the server request
  • IP address (in anonymized form)
  • Amount of data transferred
  • Notification of successful retrieval

3.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. Our legitimate interests are ensuring system security and stability, error analysis, and the administrative optimization of our website.

3.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. The data also helps us optimize the website and ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context.

3.4 Duration of storage

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended.

In the case of storage in log files, deletion occurs after no more than 90 days. Longer storage is possible. In this case, users’ IP addresses are deleted or anonymized so that assignment to the accessing client is no longer possible.

3.5 Right to object and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for users to object.

3a. Hosting and Technical Infrastructure

Our website is hosted by the following service provider:

goneo Internet GmbH
Lindenstr. 41
10969 Berlin
Germany

The hosting provider processes the following data on our behalf:

  • IP addresses of website visitors
  • Access timestamps
  • Pages accessed
  • Browser and device information
  • Data volume transferred

Purpose: Provision, operation, and security of our website

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the reliable, secure, and professional provision of our website.

Location of data processing: Germany / European Union

We have concluded a data processing agreement with the hosting provider in accordance with Art. 28 GDPR to ensure compliant handling of your data.

Further information: https://www.goneo.de/hilfe_kontakt/datenschutz.html

4. Contact Form and Email Contact

You can contact us using our contact form or directly by email. The data will be processed solely for the purpose of handling your inquiry.

4.1 Scope of data processing

If you use the contact form, the following data will be processed:

  • Name
  • Email address
  • Subject
  • Message text
  • Date and time of transmission
  • IP address

4.2 Legal basis for data processing

The legal basis for processing data transmitted via email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

4.3 Purpose of data processing

The processing of personal data from the input form is used solely to handle your contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

4.4 Retention period

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For personal data from the contact form and those sent by email, this is the case when the respective conversation with the user is finished. The conversation is deemed finished when the circumstances indicate that the matter in question has been conclusively clarified.

4.5 Right to object and deletion

The user has the possibility to revoke consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

4.6 Obligation to provide data

Providing your personal data is neither legally nor contractually required and not necessary for the conclusion of a contract. You are not obliged to provide us with this data. However, without your email address, we cannot process your request and respond to you. Providing your name is optional but helps us address you personally in our response.

5. Newsletter

On our website, you can subscribe to a free newsletter. The following data will be transmitted to us in the process:

5.1 Scope of data processing

When subscribing to the newsletter, the following data is collected from you:

  • Email address (required)
  • First and last name (optional)
  • Date and time of registration
  • IP address of the accessing device
  • Consent declaration

5.2 Legal basis for data processing

The legal basis for processing the data after newsletter registration, given the user’s consent, is Art. 6(1)(a) GDPR.

5.3 Purpose of data processing

The collection of the user's email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the used email address.

5.4 Retention period

The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. The user's email address will therefore be deleted immediately if you withdraw your newsletter subscription.

5.5 Right to object and deletion

You can cancel your newsletter subscription at any time. For this purpose, each newsletter email contains a corresponding unsubscribe link. Further information on your right of withdrawal can be found in Section 9 of this Privacy Policy.

5.6 Services used and data transfer

We use the following services to manage our newsletters:

Make.com (Celonis SE, Czech Republic)

Make.com serves as a platform for automating data processing. The data you enter is transmitted to Make.com via a secure connection and processed there. As the Czech Republic is an EU member state, data processing takes place within the European Economic Area under the GDPR.

Google Sheets (Google Ireland Limited)

We use Google Sheets to store newsletter subscribers. The data is stored on Google's servers in the EU. Where data is transferred to third countries (in particular the USA), this is based on the EU Commission’s Standard Contractual Clauses pursuant to Art. 46 GDPR.

We have concluded appropriate data processing agreements with Make.com and Google Ireland Limited in accordance with Art. 28 GDPR to ensure compliant handling of your data.

5.7 Obligation to provide data

Providing your email address is necessary for sending the newsletter. Without your email address, we cannot send you the newsletter. Providing your first and last name is optional.

6. Cookies and Tracking Technologies

6.1 What are cookies?

Our website uses cookies—small text files stored on your device. We distinguish between:

Necessary cookies: Technically required for the operation of the website

Analytics cookies: Help us improve the website (only with your consent)

6.2 Your consent

On your first visit, you can choose in the cookie banner:

“Accept all”: Analytics cookies will be enabled

“Reject all”: Only necessary cookies will be used

Tracking cookies are only set after your consent. You can change your decision at any time.

Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25 TDDDG (consent).

6.3 Necessary cookies

These cookies are strictly necessary for the operation of the website:

Cookie — Purpose — Duration

cookie_consent — Stores your cookie preference — 6 months

session_id — Identifies your session — Session

Legal basis: Art. 6(1)(f) GDPR in conjunction with § 25(2) No. 2 TDDDG (technically necessary).

6.4 Google Analytics (only with your consent)

We use Google Analytics 4 for web analytics. The following data is processed:

Data collected:

Anonymized IP address (last digits removed)

Browser type, operating system, device category

Pages visited, time spent, referrer page

Approximate location (city level only)

Purpose: Improving the website and user experience (statistical analysis only, no advertising)

Cookies:

_ga (2 years): Distinguishing users

_ga_[ID] (2 years): Storing page views

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Third-country transfer (USA): Data is partially processed in the USA. The USA does not have an adequate level of data protection under EU standards. There is a risk that US authorities may access your data (e.g., under FISA Section 702) without you being able to seek legal redress.

Legal basis for the transfer: Your consent (Art. 6(1)(a) GDPR, Art. 49(1)(a) GDPR) and the EU Commission’s Standard Contractual Clauses (Art. 46 GDPR).

Safeguards:

IP anonymization active

Data Processing Agreement with Google

Google Consent Mode v2 implemented

No advertising or remarketing features

Further information:

Google Privacy Policy: https://policies.google.com/privacy

Partner data processing: https://policies.google.com/technologies/partner-sites

6.5 Disable Google Analytics

You have several options:

Reject cookies in the banner (choose “Reject all” on your next visit)

Delete browser cookies (Ctrl+Shift+Del)

Install the browser add-on: https://tools.google.com/dlpage/gaoptout

Contact us: kontakt@reviewops.co

6.6 Manage cookies in your browser

You can manage cookies in your browser at any time:

Chrome: Settings > Privacy and security > Cookies

Firefox: Settings > Privacy & Security > Cookies

Safari: Settings > Privacy > Cookies

Edge: Settings > Cookies and site permissions

Note: If you completely disable cookies, the website may no longer function optimally.

6.7 Further information

More detailed information about data processing by Google Analytics can be found in the Google Analytics Terms of Service (https://marketingplatform.google.com/about/analytics/terms/) and Google’s Privacy Policy (https://policies.google.com/privacy).

9. Your rights as a data subject

You have the following rights regarding your personal data under the GDPR:

a) Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to access the personal data and the information listed in Art. 15 GDPR (e.g., purposes of processing, categories of personal data, recipients, storage period).

b) Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

c) Right to erasure (Art. 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17(1) GDPR applies, e.g.:
- The data are no longer necessary in relation to the purposes for which they were collected
- You withdraw consent and there is no other legal ground for the processing
- You object to the processing and there are no overriding legitimate grounds for the processing
- The data have been unlawfully processed

d) Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain restriction of processing where:
- You contest the accuracy of the personal data (for a period enabling us to verify accuracy)
- The processing is unlawful and you oppose the erasure and request restriction instead
- We no longer need the data, but you require them for the establishment, exercise or defence of legal claims
- You have objected to processing (pending the verification whether our legitimate grounds override yours)

e) Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance, where:
- The processing is based on consent (Art. 6(1)(a) GDPR) or on a contract (Art. 6(1)(b) GDPR), and
- The processing is carried out by automated means

f) Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.
We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

g) Right to withdraw consent (Art. 7(3) GDPR)
If processing is based on your consent, you have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal remains unaffected.

h) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Phone: +49 511 120-4500
Email: poststelle@lfd.niedersachsen.de
Website: https://lfd.niedersachsen.de

Exercising your rights:
To exercise your rights, please contact:
MALAAG Holding UG (haftungsbeschränkt)
Email: kontakt@reviewops.co

We will respond to your request without undue delay and at the latest within one month of receipt.

9a. Automated decision-making and profiling

We do not use automated decision-making including profiling pursuant to Art. 22 GDPR. Your data is not used for automated decisions that produce legal effects concerning you or similarly significantly affect you.

10. Data security and confidentiality

10.1 Technical security measures

We use the common SSL/TLS protocol (Secure Socket Layer / Transport Layer Security) on our website in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock icon in your browser’s address bar.

10.2 Organisational measures

In addition to technical security measures, we implement the following organisational measures to ensure the protection of your data:

  • Access restrictions to personal data to the necessary minimum
  • Regular staff training on data protection
  • Contractual obligations for our service providers to comply with data protection
  • Documentation of all processing activities
  • Regular review and adjustment of security measures

10.3 Data backup and recovery

We carry out regular backups of all relevant data to avoid data loss in the event of system failures. The backups are encrypted and stored in a secure location.

Note on email security: Please note that data transmission on the internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

11. Transfer of data to third countries

Your data will only be transferred to third countries (countries outside the European Union or the European Economic Area) if this is necessary for the provision of our services, required by law, or if you have given us your consent.

In the case of data transfers to third countries without an adequate level of data protection, we ensure an adequate level of protection in accordance with the requirements of the GDPR through appropriate safeguards (e.g., EU Standard Contractual Clauses).

12. Use of social media plugins

We use social media plugins from various providers on our website. These are integrated using the so-called two-click process to best protect visitors to our website.

When you first visit our website, no personal data is transmitted to the providers through the social media elements. Only when you activate the respective plugin is a direct connection established to the servers of the respective provider.

13. Changes to this Privacy Policy

This Privacy Policy is currently valid and was last updated in September 2025.

Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this Privacy Policy. The current Privacy Policy can be accessed and printed at any time on the website at https://www.reviewops.co/datenschutz.

We recommend that you regularly inform yourself about the content of our Privacy Policy.

Last updated: September 2025