Privacy Policy (GDPR / TTDSG). Effective date: 09.04.2026
Scope Merge
Youssef Hedhili
Winsstr. 59, 10405 Berlin, Germany
Email: admin@scope-merge.com
Supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin
mailbox@datenschutz-berlin.de | +49 30 13889-0
We process personal data in compliance with the General Data Protection Regulation (GDPR) and the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG). We only collect the data necessary for each purpose and keep it no longer than required.
Data: IP address, browser/device data, timestamps, and server logs
Purpose: Ensure website stability, prevent misuse, monitor performance
Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in secure, functional website)
Retention: 14 to 30 days unless longer retention is required for incidents
Data: Technical identifiers needed to operate the site
Legal basis: §25 (2) TTDSG and Art. 6 (1)(f) GDPR
Retention: Session or up to 12 months
Non-essential cookies (analytics, marketing) are only set after consent via our cookie banner.
Data: Usage data, pseudonymous identifiers, device and browser info
Legal basis: Consent (§25 (1) TTDSG + Art. 6 (1)(a) GDPR)
Provider: Google Ireland Ltd., with transfers to the U.S. under SCCs and the EU-US Data Privacy Framework
Settings: IP anonymized, Consent Mode activated, retention 2 to 14 months
Opt-out: Through cookie banner or browser add-on
Data: Name, email, company, message, metadata
Purpose: Respond to your inquiry or follow up on business interests
Legal basis: Art. 6 (1)(b) GDPR (if pre-contractual), otherwise Art. 6 (1)(f) GDPR
Retention: 12 months after last interaction unless statutory obligation applies
Data: Name, email address, selected time slot, any information you provide in the booking form
Purpose: Schedule and manage consultation calls
Legal basis: Art. 6 (1)(b) GDPR (pre-contractual measures) and Art. 6 (1)(f) GDPR (legitimate interest in efficient scheduling)
Provider: Calendly LLC (USA), data processed under SCCs and the EU-US Data Privacy Framework
Retention: 12 months after the last scheduled appointment unless a business relationship is established
Data: IP address, browser and device information, access logs
Purpose: Hosting and delivery of website content
Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in a reliable, performant website)
Provider: Lovable (hosted in the EU). Data may be processed by sub-processors under SCCs where applicable.
Retention: As determined by server log retention (up to 30 days)
Data: CV, profile information, education, work history, references, salary expectations
Purpose: Assess candidates, connect with clients, maintain talent database
Legal basis: Art. 6 (1)(b) GDPR (for placement process) and Art. 6 (1)(f) GDPR (legitimate interest in staffing services)
Retention: 6 months after application if not hired; longer only with your consent to join our talent pool
Data: Name, email, interactions with emails and campaigns
Legal basis: Art. 6 (1)(a) GDPR (consent)
Opt-out: At any time via unsubscribe link or email to admin@scope-merge.com
Retention: Until withdrawal of consent or 24 months of inactivity