Privacy Policy

Last updated: March 2026

This Privacy Policy explains how The Projekt Company (“we”, “us”, or “our”) collects, uses, and protects personal data when you use the Cluster Fabrik website and services. We are committed to processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

1. Controller

The data controller responsible for processing your personal data is:

The Projekt Company
[Address Placeholder], [City Placeholder], [Country Placeholder]
Email: privacy@theprojektcompany.com

If you have any questions about how we handle your personal data, please contact us at the email address above.

2. Data We Collect

2.1 Contact Form Data

When you submit a contact or demo request form on our website, we collect the following personal data that you voluntarily provide:

  • Full name
  • Email address
  • Company name
  • Your message or enquiry

This data is processed solely for the purpose of responding to your enquiry and, where applicable, for the performance of a contract or pre-contractual measures.

2.2 Cookies and Tracking Technologies

We use strictly necessary cookies that are essential for the operation of our website. We only set non-essential cookies (such as analytics cookies) where you have given your explicit prior consent. For full details on the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

2.3 Server Logs

Our web servers automatically record technical information each time your browser accesses our website. This log data may include:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages accessed and files downloaded

Server logs are retained for a maximum of 14 days and are then automatically deleted. This data is used exclusively for security monitoring, diagnosing technical problems, and ensuring system stability. We do not use server logs to identify individual users.

3. Legal Basis for Processing

We process your personal data only where we have a lawful basis for doing so under Article 6 GDPR:

  • Art. 6(1)(b) GDPR — Contract / pre-contractual measures: Where you contact us to enquire about our services or request a demo, processing your contact form data is necessary to respond to your request and, if applicable, to enter into a contract with you.
  • Art. 6(1)(f) GDPR — Legitimate interests: We process server log data on the basis of our legitimate interest in maintaining the security, integrity, and proper functioning of our systems. This interest is not overridden by your fundamental rights and freedoms.
  • Art. 6(1)(a) GDPR — Consent: Where we set non-essential cookies (such as analytics or marketing cookies), we do so only on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time via our cookie settings.

4. Third-Party Processors

4.1 Formspree Inc. (Contact Form Processing)

Our contact forms are powered by Formspree Inc., a form backend service. When you submit a form on our website, the data you enter is transmitted to and processed by Formspree on our behalf.

Formspree acts as a data processor and processes your data strictly in accordance with our instructions and the Data Processing Agreement (DPA) we have in place with them.

Please note that Formspree is a US-based company and may transfer your data outside of the European Economic Area (EEA). Any such transfers are covered by Standard Contractual Clauses (SCCs) adopted by the European Commission, providing appropriate safeguards for the protection of your personal data.

For more information on how Formspree processes data, please review the Formspree Privacy Policy.

5. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law:

  • Contact form data: Retained for 3 years from the date of last contact, after which it is permanently deleted.
  • Server logs: Automatically deleted after 14 days.
  • Cookie consent records: Retained for 12 months from the date of consent, after which you will be asked to confirm your preferences again.

Where data must be retained for longer periods due to statutory obligations (e.g., tax or commercial law retention requirements), we will retain only the minimum data necessary and restrict its further processing.

6. Your Rights under GDPR

As a data subject under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with supplementary information about how it is processed.
  • Right to rectification (Art. 16 GDPR): You have the right to have inaccurate personal data corrected without undue delay, and to have incomplete data completed.
  • Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data where one of the grounds specified in Art. 17 applies (e.g., the data is no longer necessary for the purposes for which it was collected).
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g., while a dispute about accuracy is being resolved).
  • Right to data portability (Art. 20 GDPR): Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data based on our legitimate interests (Art. 6(1)(f) GDPR). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that our processing of your personal data infringes the GDPR.

To exercise any of these rights, please contact us at privacy@theprojektcompany.com. We will respond to your request within one month. This period may be extended by a further two months in complex or numerous cases, in which case we will inform you of the extension and reasons.

7. Supervisory Authority

You have the right to lodge a complaint with your national data protection supervisory authority. The competent supervisory authority for The Projekt Company is:

[Supervisory Authority Placeholder — e.g. your national Data Protection Authority (DPA)]
[Authority Address Placeholder]
[Authority Website Placeholder]

You may also contact the supervisory authority of your own country of residence or work if it differs from ours.

8. Cookies

We use cookies and similar tracking technologies on our website. For detailed information about which cookies we use, their purpose, duration, and how to manage your cookie preferences, please visit our Cookie Policy.

You can manage or withdraw your cookie consent at any time using the cookie settings panel available on this website.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures take into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing.

All data transmissions between your browser and our website are encrypted using Transport Layer Security (TLS). However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable law.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.

11. Contact for Privacy Matters

For all questions, requests, or concerns related to the processing of your personal data or this Privacy Policy, please contact us at:

The Projekt Company
Email: privacy@theprojektcompany.com

We take data protection seriously and will do our best to address your concerns promptly and thoroughly.