Privacy Policy

Last Updated: 18 November 2025

1. Introduction

This Privacy Policy describes how Avantwerk ('we', 'us', or 'our') collects, uses, and discloses your information in connection with your use of our website and services. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner, in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

2. Our Role: Data Controller and Data Processor

We act as a 'Data Controller' for the personal data we collect from you when you create an account, browse our website, or communicate with us. We act as a 'Data Processor' for the data you upload or store within our platform ('Customer Data'). In this role, we only process your Customer Data on your behalf and in accordance with your instructions.

3. Information We Collect

A. Information You Provide to Us:

This includes personal data you provide when you register for an account (name, email, company name), process payments (billing information, processed by our third-party payment processors), or contact support.

B. Information We Collect Automatically:

We collect certain information automatically as you navigate the platform, such as your IP address, browser type, device information, and usage data (features used, pages visited). We use cookies and similar tracking technologies to collect this information.

C. Information We Process on Your Behalf (Customer Data):

This is any data you store in our platform, such as your own customers' contact details, communications, and files within the CRM. You are the Data Controller for this data, and we only process it as instructed by you.

4. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services; to process transactions and send you related information; to respond to your comments, questions, and requests; to monitor and analyze trends, usage, and activities; and for marketing purposes, where we have your consent.

5. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. We will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with third-party service providers (sub-processors) that help us operate our platform, such as cloud hosting providers (e.g., AWS), payment processors (e.g., Stripe), and analytics tools. We have Data Processing Agreements in place with these providers. We may also disclose your information if required by law.

7. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. For transfers of data from the EEA, UK, and Switzerland, we rely on appropriate safeguards such as the Standard Contractual Clauses (SCCs) to ensure your data is protected.

8. Your Data Protection Rights under GDPR

You have the right to access, correct, update, or request deletion of your personal data. You can also object to processing, ask us to restrict processing, or request portability of your personal data. You can exercise these rights by contacting us. You also have the right to complain to a data protection authority about our collection and use of your personal data.

9. Data Security

We use appropriate technical and organizational measures to protect the personal data that we collect and process. These measures are designed to provide a level of security appropriate to the risk of processing your personal data, and include encryption of data at rest and in transit, access controls, and regular security assessments.

10. Data Retention

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). We will securely delete or anonymize your information when we no longer have a legitimate business need to process it.