Phishgate

Data Protection

Privacy Policy

Last updated: October 2025

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Sellrock UG (haftungsbeschränkt)Kölner Str. 43a90425 NürnbergGermany

Email: [email protected]Phone: +49 (0) 176 61838332

Represented by the Managing Director: Ilayda Kundakcioglu

2. General Information on Data Processing

The protection of your personal data is of particular importance to us. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Personal data is any data with which you can be personally identified, e.g., name, email address, or IP address.

We process your data exclusively on the basis of the statutory provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Collection and Storage of Personal Data as Well as the Type and Purpose of Its Use

a) When visiting the website

When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in so-called server log files. The following information is collected:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer and the name of your access provider

Purpose of processing

The data mentioned is processed to ensure a smooth connection to the website, to evaluate system security and stability, and for administrative purposes.

Legal basis

Art. 6 (1) (f) GDPR (legitimate interest).

b) Registration and use of the Phishgate dashboard

When you create an account for your company, we process your name, business email address, company name, and encrypted credentials in order to provide you with access to the dashboard. For authentication, we use an encrypted session token stored as an HTTP-only cookie.

Legal basis

Art. 6 (1) (b) GDPR (performance of a contract).

c) Use of the Phishgate browser extension

The browser extension only captures URLs that are identified as potential phishing attempts, together with a timestamp and a device identifier. General browsing history is not collected. Events are displayed in your company's dashboard so that authorized administrators can review security incidents.

Legal basis

Art. 6 (1) (f) GDPR (legitimate interest in IT security).

d) Contact form / email contact

If you send us inquiries by email or contact form, your information, including the contact details you provide, will be stored for the purpose of processing the inquiry and in case of follow-up questions.

Legal basis

Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in effective communication).

4. Disclosure of Data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only pass your personal data on to third parties if:

  • you have given your express consent (Art. 6 (1) (a) GDPR)
  • the processing is necessary for the performance of a contract (Art. 6 (1) (b) GDPR)
  • there is a legal obligation (Art. 6 (1) (c) GDPR), or
  • disclosure is necessary to safeguard legitimate interests (Art. 6 (1) (f) GDPR) and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

5. Cookies

Our website partially uses cookies. Cookies do not cause any damage to your device and do not contain viruses. Cookies serve to make our offering more user-friendly, effective, and secure.

Most of the cookies we use are "session cookies" that are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them.

Legal basis

Art. 6 (1) (f) GDPR (legitimate interest in the technically correct and optimized provision of the website) or Art. 6 (1) (a) GDPR (consent for marketing/analytics cookies).

6. Use of Google Fonts (local)

We use locally hosted Google Fonts on this website. No personal data is transmitted to Google.

Legal basis

Art. 6 (1) (f) GDPR (legitimate interest in an appealing presentation of the website).

7. Your Rights as a Data Subject

You have the right to:

  • request information about your personal data stored by us (Art. 15 GDPR)
  • request the correction of inaccurate or the completion of incomplete data (Art. 16 GDPR)
  • request the deletion of your data stored by us (Art. 17 GDPR)
  • request the restriction of processing (Art. 18 GDPR)
  • object to the processing of your data (Art. 21 GDPR)
  • request data portability (Art. 20 GDPR)
  • lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent supervisory authority in Bavaria

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Promenade 18, 91522 AnsbachWeb: https://www.lda.bayern.de

8. Data Security

When you visit the website, we use the widely used SSL/TLS procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser.

9. Currency and Changes to This Privacy Policy

This privacy policy is currently valid and was last updated in October 2025.

Due to the further development of our website or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can view the current version at any time on this website.