Privacy Policy

Last updated: 25 June 2026

This Privacy Policy explains how TrustReady processes personal data in connection with the website trustready.eu, including inquiries, readiness checks and consultation requests submitted through this website.
TrustReady is currently operated as an early-stage B2B compliance readiness project.

1. Controller

The controller responsible for the processing of personal data under this Privacy Policy is:
Junzhe Dai
Schreinerstr. 24
10247 Berlin
Germany
Email: junzhe@trustready.eu

For any questions regarding this Privacy Policy or the exercise of your data protection rights, you may contact us at the email address above.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

• visits to the website trustready.eu;
• inquiries submitted through website forms;
• readiness checks or consultation requests submitted through the website;
• email communication with TrustReady;
• scheduling and preparation of consultation calls.

This Privacy Policy does not replace any separate data processing agreement, service agreement or project-specific privacy documentation that may apply to future client engagements.

3. Personal data we process

Depending on how you use the website, we may process the following categories of personal data:

3.1 Website access data

When you visit our website, technical data may be processed automatically, including:

• IP address;
• date and time of access;
• requested page or file;
• browser type and version;
• operating system;
• referrer URL;
• technical log and security information.

This data is processed to make the website available, ensure technical stability, detect errors and protect the website against misuse or attacks.

3.2 Inquiry and readiness-check data

If you submit an inquiry, readiness check or consultation request, we may process the information you provide, including:

• business email address;
• company name, if provided;
• company size;
• compliance challenge or inquiry content;
• preferred communication details;
• any additional information you voluntarily submit.

Please do not submit confidential, sensitive or unnecessary personal data through website forms.

3.3 Email and communication data

If you contact us by email or communicate with us in connection with a consultation request, we may process:

• your name and contact details;
• your company or professional role, if provided;
• the content of your message;
• communication metadata;
• follow-up notes necessary to respond to your request.

3.4 Consultation-call data

If you book or request a consultation call, we may process:

• your name and contact details;
• selected time slot;
• company or project information you provide;
• call-related notes necessary to prepare and follow up on the consultation.

If scheduling is arranged through Google services, Google may process scheduling-related data as described in Section 7 below.

4. Purposes and legal bases

We process personal data for the following purposes and on the following legal bases:

4.1 Operating the website

We process technical access data to provide the website, ensure security, prevent misuse and maintain technical functionality.
Legal basis: Art. 6(1)(f) GDPR.
Our legitimate interest is the secure and reliable operation of the website.

4.2 Responding to inquiries and consultation requests

We process inquiry and contact data to respond to your request, assess your needs, schedule calls and provide information about TrustReady.
Legal basis: Art. 6(1)(b) GDPR where the processing is necessary for pre-contractual measures requested by you.
Where the request does not relate to a potential contract, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is responding to business inquiries and communicating with prospective clients or partners.

4.3 Preparing potential client engagements

If you provide information about your company, product or compliance challenge, we may process that information to understand your situation and prepare a possible proposal or next step.
Legal basis: Art. 6(1)(b) GDPR where this relates to pre-contractual measures.
In other cases, the legal basis is Art. 6(1)(f) GDPR.

4.4 Legal compliance and protection of rights

We may process personal data where necessary to comply with legal obligations or to establish, exercise or defend legal claims.
Legal basis: Art. 6(1)(c) GDPR where processing is necessary to comply with a legal obligation.
Legal basis: Art. 6(1)(f) GDPR where processing is necessary to protect our legitimate legal interests.

4.5 Marketing communication

We do not send marketing newsletters without a valid legal basis. If we introduce a newsletter or similar marketing communication in the future, we will provide separate information and, where required, request your consent.
Legal basis: Art. 6(1)(a) GDPR where consent is required.

5. No sale of personal data and no model training

We do not sell personal data.

We do not use personal data submitted through website forms, readiness checks or consultation requests for training AI models.
If AI-supported tools are used internally to assist with drafting, classification or document preparation in a future client engagement, this will be addressed separately in the relevant service terms, data processing agreement or project-specific documentation.

6. Hosting and server logs

Our website is hosted and technically operated using services provided by Amazon Web Services EMEA SARL and/or its affiliates ("AWS").
AWS may process technical access data, including IP addresses, server log data, browser information, access times and security-related information, for the purpose of delivering the website, maintaining technical stability, preventing misuse and ensuring the security of the website.
Where AWS processes personal data on our behalf, AWS acts as a processor within the meaning of Art. 28 GDPR. The processing is governed by AWS's applicable data processing terms.
Where possible, we aim to use AWS regions located within the European Union or the European Economic Area.
Legal basis for the processing of technical access data: Art. 6(1)(f) GDPR.
Our legitimate interest is the secure, stable and efficient operation of this website.

7. Third-party tools and service providers

We use selected third-party service providers to operate the website, manage communication and respond to inquiries. We currently use AWS and Google as our main external service providers for website operation and business communication.

7.1 Amazon Web Services

We use Amazon Web Services for hosting, infrastructure and technical operation of the website. AWS may process technical access data and server log data as described above.

7.2 Google services

We use services provided by Google Ireland Limited and/or its affiliates for business communication and related operational purposes. Depending on the specific interaction, this may include email communication, calendar scheduling, document management or similar business tools.
Google may process personal data such as your name, email address, communication content, scheduling information and related metadata where this is necessary to respond to your inquiry, arrange consultation calls or manage business communication.
Where Google processes personal data on our behalf, the processing is governed by Google's applicable data processing terms.
We do not use Google services to sell personal data or to train AI models on personal data submitted through this website.

7.3 No unnecessary sharing

We only share personal data with AWS, Google or other third parties where this is necessary for the purposes described in this Privacy Policy, where we have a legal basis, or where we are legally required to do so.

8. International data transfers

AWS and Google may process personal data in countries outside the European Economic Area, depending on the specific service, configuration and support access.
Where personal data is transferred to a country outside the European Economic Area, we rely on appropriate safeguards under GDPR Chapter V. These may include an adequacy decision by the European Commission, Standard Contractual Clauses approved by the European Commission, or other legally recognised transfer mechanisms.
We aim to configure our services in a privacy-conscious manner and, where reasonably possible and technically available, to use infrastructure or data locations within the European Union or the European Economic Area.

9. Cookies and similar technologies

Our website may use technically necessary cookies or similar technologies to provide basic website functionality and ensure security.
We do not use non-essential analytics, marketing or tracking cookies unless we have informed you accordingly and, where required, obtained your consent.
If we introduce analytics, marketing pixels or similar tracking technologies in the future, we will update this Privacy Policy and implement an appropriate consent mechanism where required.

10. Retention periods

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.
In general:

• technical server logs are generally deleted or anonymised within 30 days, unless a longer retention period is necessary for website security, troubleshooting or the investigation of misuse or attacks;
• inquiry and readiness-check data that does not lead to further communication or engagement is generally deleted or anonymised after 12 months, unless a longer retention period is necessary for legal, tax or evidentiary reasons;
• communication data relating to inquiries, consultation requests or potential client engagements may be retained for up to 3 years after the end of the relevant communication, unless a longer retention period is necessary for legal, tax, accounting or evidentiary reasons;
• data required for legal, tax, accounting or evidentiary purposes may be retained for the statutory retention periods or, where no specific statutory period applies, for as long as necessary to establish, exercise or defend legal claims.

11. Your rights

Subject to the conditions under the GDPR, you have the following rights:

• the right of access to your personal data;
• the right to rectification of inaccurate personal data;
• the right to erasure of your personal data;
• the right to restriction of processing;
• the right to data portability;
• the right to object to processing based on legitimate interests;
• the right to withdraw consent at any time, where processing is based on consent.

To exercise your rights, please contact us at:
junzhe@trustready.eu

You also have the right to lodge a complaint with a data protection supervisory authority. In Berlin, the competent authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Germany
Website: https://www.datenschutz-berlin.de/

12. Automated decision-making

We do not use automated decision-making within the meaning of Art. 22 GDPR in connection with this website.

13. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration.
However, no website or electronic communication method can be guaranteed to be completely secure. We therefore recommend that you do not submit confidential, highly sensitive or unnecessary personal data through website forms.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, especially if we change the website, introduce new tools or modify how we process personal data.
The current version is always available on this website.