DATA
PROTECTION

PRIVACY POLICY

Responsible consulting begins with responsible data protection.
‍At BRUSEGROUP, we collect and process personal data strictly according to legal requirements. Which data we collect, why we collect it, and how we protect it – we explain it all here clearly and transparently. Because meaningful consulting is based on trust. And trust begins with transparency.

1. Data Controller

MAISON NARRATIV is a product by BRUSEGROUP.
‍
BRUSEGROUP GmbH
Huyssenallee 52-56
45128 Essen
Deutschland

Managing Directors: Daniela Bruse and Dr. Michael Bruse
Commercial Register: HRB 35980, Amtsgericht Essen
Phone: 0049-172 616 844 4
Email: db@brusegroup.com

2. Data Protection Overview

When you visit our website, we process personal data only as legally permitted under the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG). Personal data means any information that can identify you as an individual.

3. Your Rights

You have the right to:
Access your personal data (Art. 15 GDPR)
Rectify incorrect data (Art. 16 GDPR)
Erase your data ("right to be forgotten") (Art. 17 GDPR)
Restrict processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object to processing (Art. 21 GDPR)
Withdraw consent at any time (Art. 7(3) GDPR)

To exercise these rights, contact us at db@brusegroup.com.
‍
‍Right to Object
(Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing at any time. If you object, we will stop processing your data unless we have compelling legitimate grounds that override your interests.

4. Data We Collect

4.1 Automated Collection

When visiting our website, we automatically collect:
IP address (anonymized)
Date and time of access
Pages visited
Browser type and operating system
Referring website
‍
Legal basis: Art. 6(1)(f) GDPR (legitimate interests in website security and functionality)

4.2 Contact Forms and Email

When you contact us, we process:
Name
Email address
Phone number (if provided)
Message content
‍
Legal basis: Art. 6(1)(f) GDPR (legitimate interests) or Art. 6(1)(b) GDPR (contract fulfillment)

5. Purpose and Duration

We process data only for specific purposes:
Providing and securing our website
Responding to inquiries
Fulfilling contractual obligations

Retention periods:
Server logs: 7 days
Contact inquiries: Until resolved, then per legal requirements
Contract data: 10 years (tax law requirements)

6. Data Recipients

We share data only when necessary with:
Our hosting provider (All-Inkl.com GmbH)
Professional advisors (bound by confidentiality)
Authorities (when legally required)

We do not sell or rent personal data.

7. Hosting

Our website is hosted by ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. We have a data processing agreement ensuring GDPR compliance. Details: https://all-inkl.com/datenschutzinformationen/

8. SSL Encryption

Our website uses SSL/TLS encryption to protect data transmission. You can verify this by the "https://" in your browser's address bar and the lock icon.

9. International Transfers

We do not transfer personal data outside the EU/EEA unless adequate safeguards are in place (e.g., EU Standard Contractual Clauses).

10. Complaints

You may lodge a complaint with the supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW
Postfach 20 04 44
40102 Düsseldorf
Germany

11. Updates

We may update this policy to reflect legal or operational changes. The current version is always available on our website.

Last update: 22 September 2025.