LEGAL
GDPR Compliance
Our Commitment to GDPR
Welthause is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679. As a platform headquartered in Germany, data protection is fundamental to how we design, build, and operate our services.
Data Processing Architecture
- Multi-Tenant Isolation: Each customer's data is logically isolated. No cross-tenant data access is possible.
- Role-Based Access Control: 8 hierarchical roles ensure users only access data they are authorized to see.
- Data Minimization: We only collect data necessary for the platform's functionality.
- EU Data Residency: All data is processed and stored within the European Union.
Your Rights Under GDPR
Right of Access (Art. 15)
Request a copy of your personal data we hold.
Right to Rectification (Art. 16)
Request correction of inaccurate personal data.
Right to Erasure (Art. 17)
Request deletion of your personal data.
Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)
Object to processing based on legitimate interest.
Data Processing Agreement (DPA)
We provide a Data Processing Agreement to all customers in accordance with GDPR Article 28. The DPA outlines our obligations as a data processor, including security measures, sub-processor management, and breach notification procedures.
To request a DPA, please contact us.
Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Affected data subjects will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
Supervisory Authority
Our lead supervisory authority is the Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), the data protection authority of the State of Hessen, Germany.