Privacy Policy

Last updated: November 7, 2025

Privacy Policy

Privacy Policy for the Use of this Website with AI-Supported Functions
Status:

1. Introduction – Our Handling of Sensitive Information

Welcome to our website. We are pleased that you are interested in our services – and even more pleased that you have found your way to this page. Data protection is not a mere technicality for us, but the core of our self-understanding: we want you to be able to use our digital services safely, knowledgeably, and with confidence. This privacy policy reflects that commitment and provides you with all relevant information in a clear, complete, and transparent manner.

Our website uses, among other things, modern technologies based on artificial intelligence (AI). This includes so-called Large Language Models (LLMs) that can analyse and respond to natural language. These functions make it possible to assist you in real time with questions, topics, or problems – quickly, flexibly, and often very helpfully. To make this possible, text inputs are transmitted to external AI providers that generate the corresponding response and return it to us.

We understand that the nature of your questions may be highly personal – relating to financial difficulties, legal uncertainties, emotional stress, or private situations. Therefore, we treat this information with the utmost care. This means: storing as little as possible, performing no hidden analyses, sharing nothing without explicit notice – and above all, avoiding any misuse.

At the same time, we are realistic: some data transmissions, for example to AI infrastructures outside Europe, cannot be completely avoided for technical reasons. We therefore wish to inform you openly and honestly about possible risks, legal frameworks, your rights, and our protective measures.

You will learn, among other things:

  • which data are processed,
  • how the processing works,
  • which third-party providers may be involved,
  • on what legal basis this occurs,
  • how long your data are stored,
  • what choices you have, and
  • how you can exercise your rights.

Although AI systems are useful, they do not replace personal advice, human empathy, or professional expertise. We see them as supporting tools and integrate them as responsibly as possible. Our goal is that you can always understand when a machine is responding, how the response is generated, and what happens to your input.

2. Controller

The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

Gruner Richter + Partner GmbH
Hohenstaufenring 62
50674 Cologne
Germany
Tel.: +49 221 2888780
E-mail:

A data protection officer has not been appointed. For any questions concerning data protection, you may contact us at any time.

3. Principles of Data Processing

  • Purpose limitation: Data are collected only for clearly defined purposes.
  • Data minimisation: We collect only what is truly necessary.
  • Transparency: You should always be able to understand what happens to your data.
  • Security: We apply technical and organisational measures to protect your data.

Legal bases according to the GDPR are in particular: Art. 6 (1)(a) GDPR – Consent; Art. 6 (1)(b) GDPR – Performance of a contract; Art. 6 (1)(f) GDPR – Legitimate interest (e.g. system security).

4. Technical Access Data

When our website is accessed, our system automatically collects the following information:

  • IP address
  • Date and time of access
  • Accessed page
  • Operating system and browser type
  • Referrer URL (the previously visited page)

These data are technically necessary to display the website and detect attacks. They are anonymised and deleted after no more than 30 days.

5. Use of AI-Based Functions

Our website offers functions that allow you to enter text and receive responses. These are based on large language models (LLMs) operated by external providers. Examples include:

  • OpenAI (USA)
  • Anthropic (USA)
  • Perplexity AI (USA)
  • Aleph Alpha (Germany)
  • Google Cloud / Gemini (worldwide)
  • Amazon Bedrock (USA)
  • Microsoft Azure (worldwide)
  • Cohere (Canada)
  • Mistral (EU)
  • DeepSeek (China)

Which provider is used in a specific case depends on the technical configuration. In every case, your text input is transmitted to the respective service provider, who generates a response that is then returned to our site.

Processed data: Your inputs (e.g. questions, comments); technical information (e.g. language setting, session ID); optional: location data, if transmitted by your device.

Legal basis: Processing occurs only after you actively use the AI function and on the basis of your consent (Art. 6 (1)(a) GDPR). You may withdraw your consent at any time.

Data transfer to third countries: Many providers are based outside the EU. We rely on appropriate safeguards such as Standard Contractual Clauses (SCC), but cannot guarantee an equivalent level of data protection.

Use for training purposes: Our systems are configured so that input data are not used to improve models. If this should occur, it will only do so with your explicit consent.

Storage: We do not store your inputs permanently. Temporary storage may occur for technical reasons (e.g. error analysis or performance optimisation) and is regularly deleted. For information about storage by each AI provider, please refer to that provider’s own privacy policy.

6. Third-Party Content and Embedded Services

Our website may include external content such as fonts (locally hosted or from providers such as Google), videos (e.g. YouTube), maps (e.g. OpenStreetMap), or API services (e.g. for data validation). Such content is loaded only after your explicit consent. In doing so, personal data such as your IP address and browser information may be transmitted to the respective provider.

7. Cookies and Similar Technologies

We use only technically necessary cookies. Analytical or tracking cookies are set only with your explicit permission. Local storage techniques (Local Storage) are used solely to improve user experience.

8. Statistical Tools

To optimise our website, we may use data-protection-compliant analytics tools such as Matomo. Your IP address is anonymised in this process. No data are shared with third parties. Google Analytics is used only if you have given your consent.

9. Handling of Minors’ Data

Our website is not directed at children under 16 years of age. We do not knowingly collect data from individuals under this age, unless parental consent has been obtained.

10. Your Rights under the GDPR

  • Access to stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (“right to be forgotten”) (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7 para. 3 GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)

11. Security Measures

  • Encrypted data transmission (SSL / TLS)
  • Access restrictions at server level
  • Firewalls and monitoring
  • Regular staff training
  • Data backup and recovery concepts

12. Limitations of Automated Systems

Please note that AI-generated content is algorithmically produced and does not constitute individual advice. It is based on probability, not on intent, knowledge, or responsibility. For critical matters, we recommend seeking additional human advice.

13. No Automated Individual Decision-Making

We do not make any decisions that are based solely on automated processing and that produce legal effects or similarly significantly affect you (Art. 22 GDPR).

14. Changes to this Policy

We reserve the right to update this privacy policy if legal, technical, or organisational changes make this necessary. The current version is always available on our website.

15. Final Remarks

Data protection means responsibility – and trust. We hope that this policy has given you a comprehensive insight. If you have any questions or concerns, please contact us at any time.