Privacy Policy

This Privacy Notice provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing

1. The Data Controller for personal data

The Data Controller for personal data processed by us is DS9:

Deep SEARCH 9 GmbH
Strohloch 1
72275 Alpirsbach

DS9 uses personal data of users of our products who signed up or were enrolled by our clients for the usage of our products to keep them informed about changes of services and to provide information that we deem necessary or that we are legally obliged to provide. In this case license- and hosting-contracts with our clients are the ‘Legal Basis’ for the processing of personal data.

DS9 will also become a Data Controller if it collects additional personal data directly from a Data Subject, if they expressed interest in our products and services.
This includes data that is being collected by setting cookies when users visit our website. These cookies will be used for the purpose of optimizing the website and to provide users with the best content about our services and products.
In these circumstances DS9 will be acting under a ‘Legitimate Interest’ to legally process the data to inform Data Subjects about our products and services.

DS9 also acts as Data Controller for any personal data held regarding its own employees or employees of subcontractors or suppliers, and legally processes this data under its employment conract or subcontractor- / supplier-contract with those Data Subjects or their employers.

2. Your Rights

As a Data Subject you have rights under the GDPR:

  • The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to
  • The right of access; this is your right to see what data is held about you by a Data Controller
  • The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way
  • The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed
  • The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected
  • The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format
  • The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing
  • Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing


DS9 will always fully respect your rights regarding the processing of your personal data, and has provided below the contact details which you can use if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR.

If you wish to delete cookies we collected for you on our website, you can click this button.

Remove cookies

3. Contact Details

You can contact DS9 by e-mail at or by phone at +49 7441 5203680 or by mail at the address provided above.

4. Data Protection Principles

DS9 has adopted the following principles to govern its collection and processing of Personal Data:

Personal Data shall be processed lawfully, fairly, and in a transparent manner.

The Personal Data collected will only be those specifically required to contact Data Subjects and to fulfill contractual obligations. Such data may be collected directly from the Data Subject or provided to DS9 via its employer. Such data will only be processed for that purpose.

Personal Data shall only be retained for as long as it is required to fulfill contractual requirements, or to provide statistics to our clients who provided us with the Personal Data.

Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.

A request of a Data Subject to execute its rights under the GDPR as listed in section 3 above must be put in writing.

Personal Data shall only be processed based on the legal basis explained in section 2, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent.

If the Data Subject has provided Consent to the processing of personal data or if such Consent was provided by the employer of the Data Subject in order to allow the employee to login and use the services provided by DS9, then this consent may be withdrawn at any time (but may then result in an inability to fulfill certain services).

DS9 will not use personal data for any automated decision making.

5. Transfers to Third Parties

To fulfill the contractual obligations with our clients, DS9 may have to transfer data that is being processed on behalf of the client to the client for further processing.

Personal Data shall not be transferred to a country or territory outside the European Union (EU) unless the transfer is made to a country or territory recognised by the EU as having an adequate level of Data Security, or is made with the consent of the Data Subject, or is made to satisfy the Legitimate Interest of DS9 in regard to its contractual arrangements with its clients.

Appendix – Terms and Definitions

Personal Data:
According to article 4 of the GDPR ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

According to article 4 of the GDPR ‘Processing’ means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.