Privacy Policy

  1. Controller:

Surenest UG (haftungsbeschränkt)
Topsstraße 25, 10437 Berlin
Germany

Email: help@surenest.de
Phone: +49 1522 8155 641
Represented by: Managing Director (Geschäftsführer), Japveer Singh Arora

  1. No data protection officer has been appointed.

  2. Overview: What data we process and why

We process personal data when you:

  • visit our website,
  • use our questionnaire and calculator tools,
  • create a user account (if available),
  • purchase time-limited access (7/14/30 days),
  • contact us.
  1. Website access / server log files

Each time you access our website, we process:

  • IP address, date/time, and the page accessed,
  • referrer URL, browser/operating system, and (where applicable) device information.

Purposes:
technical provision of the website, security, and troubleshooting/error analysis.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interests in operating and securing the website).

Retention:
Server log files are stored for up to 30 days and then deleted or anonymised. In the event of a security incident, relevant log data may be retained longer for investigation and evidence purposes until the incident has been fully resolved.

  1. Hosting and processing on our behalf
    Our website is hosted by Vercel Inc. (USA). Vercel processes personal data (e.g., IP address and server log files) as a processor under a data processing agreement (Art. 28 GDPR).

International data transfers:
As part of hosting, data may be processed in the United States and/or other third countries. For such transfers, we rely on appropriate safeguards, in particular the EU Standard Contractual Clauses (Art. 46 GDPR). In addition, Vercel is certified under the EU–U.S. Data Privacy Framework.

  1. Cookies and consent management

We use cookies and similar technologies (e.g., local storage) to operate our website and—if you consent—to analyse usage.

Strictly necessary cookies:
These cookies are required for the website to function (e.g., language selection, security features, session management) and to store your cookie preferences.

Legal basis:
Art. 6(1)(f) GDPR; Section 25(2) German TDDDG (where strictly necessary).

Retention:
Session cookies are deleted when you close your browser. Persistent cookies (e.g., to store your language settings and your cookie choices) are stored for up to 12 months.

  1. Use of the questionnaire & educational tool

Data processed:
We process the information you enter into the questionnaire and calculator (e.g., age, life & family situation, financial parameters) and the derived results (e.g., considerations, pros/cons information, and calculation outputs).

Purpose:
To provide the tool features and display the results (pros/cons information and calculations).

Legal basis:
Performance of a contract / provision of the online service requested by you (Art. 6(1)(b) GDPR).

Retention:
We do not store your inputs and results on a long-term basis. Processing takes place only for the duration of the session and to provide the results. For technical reasons, data may be processed briefly in device memory or in temporary server logs and is then deleted.

  1. Special categories of personal data (health data)
    As part of the questionnaire, and only if you consent, we process health-related information, such as whether you have pre-existing conditions, whether your BMI is outside a defined range, and whether you have received psychological/psychiatric treatment within the last 5 years.

Purpose:
To take health-related factors into account when displaying considerations and pros/cons information within the tool.

Legal basis:
Your explicit consent (Art. 9(2)(a) GDPR) in conjunction with consent (Art. 6(1)(a) GDPR).

Retention:
We do not store this information long-term. Processing generally takes place only for the duration of the session / until results are displayed; the data is then deleted.

Withdrawal:
You may withdraw your consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing before withdrawal.

  1. Freemium / Payments / Billing

For paid unlocks (7/14/30-day access) we process:

  • Basic account data: e.g., email address (and name if provided), user/order ID,
  • Contract/transaction data: selected pass, duration, price, payment status, timestamps,
  • Billing data: invoice data (e.g., invoice number, amount, VAT; billing address if used),
  • Payment details are generally processed by the payment provider (e.g., card details); we usually only receive payment confirmations and transaction reference numbers.

Purpose:
Contract performance, payment processing, billing, fraud prevention, and customer support.

Legal basis:
Art. 6(1)(b) GDPR (contract);
Art. 6(1)(c) GDPR (legal retention obligations);
where applicable Art. 6(1)(f) GDPR (fraud prevention / security).

Payment provider:
Stripe (Stripe Payments Europe, Limited, Ireland). Depending on the processing activity, Stripe acts as a processor and/or as an independent controller (e.g., for fraud prevention and regulatory compliance). Please also refer to Stripe’s privacy information.

Retention:
We retain billing and accounting records in accordance with statutory retention periods (typically 6–10 years depending on document type; accounting vouchers such as invoices typically 8 years).

  1. Contacting us
    If you contact us (e.g., by email or via a contact form), we process the data you provide (e.g., name, email address, message content and any attachments). If you use a contact form, technical metadata may also be processed (e.g., time of submission, IP address).

Purpose:
To handle and respond to your request.

Legal basis:
Art. 6(1)(b) GDPR (pre-contract/contract measures, e.g., support or order-related inquiries); otherwise Art. 6(1)(f) GDPR (legitimate interest in handling and responding to inquiries).

Retention:
We generally delete inquiries within 12 months, unless statutory retention obligations apply or longer retention is necessary to establish, exercise, or defend legal claims.

  1. Newsletter
    We do not currently offer a newsletter. If we introduce a newsletter in the future, we will provide details here about the related data processing (in particular double opt-in, email service provider, unsubscribe options, and legal basis).

  2. Analytics / statistics / performance
    We do not use analytics tools (e.g. Google Analytics). Should we introduce analytics tools in the future, we will update this Privacy Policy accordingly.

  3. Recipients / categories of recipients
    We only share personal data where necessary to provide our services, where you have consented, or where we are legally required to do so.

Categories of recipients:

  • Hosting / technical service providers: Vercel (website delivery, server logs).
  • Payment providers: Stripe (payment processing) and, where applicable, banks/card networks involved in executing the payment.
  • Email communications: Namecheap (email service / Private Email) for handling contact inquiries.
  • Public authorities: where legally required (e.g., tax authorities).
  • Professional advisers: e.g., tax or legal advisers where necessary.

Note:
Depending on the provider and processing activity, processing may take place as processing on our behalf (Art. 28 GDPR) or under the provider’s own responsibility (e.g., certain payment and fraud-prevention processing).

  1. Your rights

    Subject to the legal requirements, you have the following rights:

  • access (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR). If you object to direct marketing, we will no longer process your data for that purpose.

You may withdraw consent at any time with effect for the future; withdrawal does not affect the lawfulness of processing before withdrawal. To exercise your rights, please contact us at: help@surenest.de.We may request appropriate proof of identity. Please note that statutory retention obligations (e.g., billing records) may prevent immediate deletion in certain cases.

  1. Right to lodge a complaint with a supervisory authority
    You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

Supervisory authority at our registered seat (Berlin):
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61, 10555 Berlin, Germany
Email: mailbox@datenschutz-berlin.de
Phone: +49 30 13889-0

  1. Automated decision-making / profiling
    We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR). The information and calculations shown in the tool are provided for educational purposes only and do not constitute a binding decision.

  2. Version and changes

Last updated: 26 January 2026
We update this Privacy Policy if our processing activities or legal requirements change. The current version is always available on our website. If we make material changes, we will provide an appropriate notice (e.g., on the website).