The Trust Protocol
At PRIVALOR AG, confidentiality is not a policy—it is an architectural principle. We operate under German and EU regulatory frameworks to ensure that every interaction with our digital presence mirrors the discretion of a private vault.
This document outlines precisely how we collect, process, and protect the limited data required to serve you. We do not trade in attention; we manage capital. The distinction is clear in our data stewardship.
The Minimalist Data Footprint
We subscribe to a "data minimization" philosophy. Unlike consumer platforms that hoard behavioral traces, PRIVALOR AG collects only what is strictly necessary to fulfill our contractual obligations and maintain digital security.
When you visit privalor-ag.com, we do not deploy retargeting pixels or invasive tracking cookies. The telemetry we utilize is anonymized, aggregated for security analysis, and purged according to strict retention schedules mandated by financial compliance standards.
Privacy Terminology
- Data Controller
- The entity determining the purpose and means of processing—us, PRIVALOR AG.
- Legal Basis
- Art. 6 (1) lit. b GDPR (Contract Necessity) and lit. f (Legitimate Interest).
- Profiling
- We do not engage in automated decision-making or profiling for marketing purposes.
- Third-Party Transfers
- Data is hosted within the EU. No transfer to unsafe third countries occurs.
Evidence: Our server logs retain IP addresses for a maximum of 7 days solely for DDoS mitigation. We utilize PLEO integration for secure invoice processing, ensuring financial data never mixes with web telemetry.
Operational Trade-offs
The Friction of Anonymity
Downside: We do not store browsing history or cookie profiles, which prevents personalization of content for return visitors.
Mitigation: We rely on clear navigation architecture and service-specific landing pages to guide you directly to relevant information without surveillance.
Strict Consent Requirements
Downside: Functional integrations (like secure contact forms) require explicit consent layers, adding a click-step for the user.
Mitigation: We implement granular, clear toggles managed by the site's global cookies.* plugin, ensuring no dark patterns in consent collection.
Technical Security vs. Latency
Downside: High-grade encryption and security headers (CSP, HSTS) can occasionally trigger compatibility warnings on legacy enterprise firewalls.
Mitigation: We maintain a strict allowlist of compatible user agents and provide a dedicated support channel for whitelisting access to privalor-ag.com.
Your Rights Under GDPR
You possess absolute authority over your personal data. PRIVALOR AG recognizes the following rights, exercisable at any time via info@privalor-ag.com:
- 1 Right of Access: Obtain a copy of the data we hold about you.
- 2 Right to Rectification: Correct inaccurate information immediately.
- 3 Right to Erasure: Request deletion of data when it is no longer necessary.
- 4 Right to Restriction: Limit processing during dispute resolution.
Technical Safeguards
We view security as a layered defense strategy. Our infrastructure is hardened against modern threats, ensuring that the confidentiality of your interaction with PRIVALOR AG remains intact.
- TLS 1.3 Encryption (End-to-End)
- Web Application Firewall (WAF) configured for financial services
- Regular penetration testing by independent auditors
- Database encryption at rest (AES-256)
- Strict access control protocols (Zero Trust Architecture)
Questions about this policy?
Our Data Protection Officer monitors compliance continuously. For urgent matters regarding data privacy, please reach out directly. We respond within 24 hours on business days.
Policy Updates
We reserve the right to update this privacy policy to reflect changes in legal requirements or our data processing practices. Significant changes will be highlighted on the homepage for 30 days. The latest revision date is listed below.