PartnerScope

Privacy Policy

Last updated 2026-04-21

This policy explains how EM Consulting, Inhaber Elshan Musayev ("PartnerScope", "we") processes personal data in connection with the PartnerScope website (partnerscope.eu) and the PartnerScope third-party AI risk assessment service. It is written to meet our obligations under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

1. Controller / Verantwortlicher

EM Consulting, Inhaber Elshan Musayev, Lichtentaler Str. 33, 76530 Baden-Baden, Germany. Contact: privacy@partnerscope.eu. Full statutory disclosure in our Impressum.

As a single-person undertaking, we are not required to appoint a data protection officer under § 38 BDSG. Data-protection inquiries are handled directly by the controller at the address above.

2. Categories of data we process

CategoryExamplesSource
Account and contact Name, work email, employer, role You — via the Free Snapshot form, /get-started, or direct email
Assessment input Vendor domain, questionnaire answers, uploaded documents You — during an assessment
Billing Invoice address, VAT ID, payment timestamps You and our payment processor (Stripe)
Technical IP address, user-agent, request logs, timestamps Automatically, when you use the site / API
Marketing (only if you opt in) Email address and campaign tags You — via explicit consent

3. Purposes and legal basis

  • Providing the service (account creation, running assessments, delivering reports) — Art. 6(1)(b) GDPR (performance of contract).
  • Free Snapshot lead magnet (scoring the snapshot and emailing results) — Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(a) GDPR (consent for the result email).
  • Billing and accounting — Art. 6(1)(c) GDPR (legal obligation under German tax and commercial law, in particular § 147 AO and § 257 HGB).
  • Security and abuse prevention (request logs, rate limiting, anti-fraud) — Art. 6(1)(f) GDPR (legitimate interest in running a secure service).
  • Marketing emails — Art. 6(1)(a) GDPR and § 7 UWG (consent). Every marketing email includes a one-click unsubscribe link.

4. Retention

  • Free-Snapshot leads: 90 days, then deleted or anonymised.
  • Assessment reports: validity period (90 days for Starter, 180 days for Pro) + 12 months of reference retention, then deleted on request.
  • Billing and tax-relevant records: 10 years (statutory retention under § 147 Abs. 3 AO and § 257 Abs. 4 HGB).
  • Business correspondence (Handelsbriefe): 6 years (§ 257 Abs. 4 HGB, § 147 Abs. 3 AO).
  • Server request logs: 30 days.
  • Marketing list: until you unsubscribe.

5. Recipients and sub-processors

We share personal data only with processors that help us deliver the service. Every processor is bound by a GDPR-compliant Data Processing Agreement (Art. 28 GDPR). The current list is public and kept up to date at /legal/sub-processors. Typical recipients:

  • Stripe Payments Europe, Ltd. (payment processing)
  • Resend Inc. (transactional email)
  • Our EU hosting provider (application and database hosting)
  • Competent German authorities where we are required to disclose by law

6. International transfers

Our primary infrastructure and data stores are hosted in the European Union. Where a sub-processor transfers data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (Art. 46(2)(c) GDPR) and apply supplementary measures where required (Transfer Impact Assessment per EDPB Recommendations 01/2020).

7. Your rights

Under Arts. 15–22 GDPR and §§ 34–35 BDSG, you have the right to (a) access your data, (b) rectify it, (c) request erasure, (d) request restriction, (e) data portability, and (f) object to processing based on legitimate interest. Where processing is based on consent (Art. 6(1)(a) GDPR), you may withdraw consent at any time without affecting the lawfulness of processing before the withdrawal.

To exercise any of these rights, email privacy@partnerscope.eu. We respond within the GDPR statutory period (one month, extendable by two further months for complex cases per Art. 12(3) GDPR).

8. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for EM Consulting is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
Königstraße 10a
70173 Stuttgart
Germany
Website: baden-wuerttemberg.datenschutz.de

You may also file with the supervisory authority of the EU member state where you live or work.

9. Cookies and tracking

The marketing site uses strictly necessary cookies only and does not set any advertising or cross-site tracking cookies; § 25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, formerly TTDSG) consent is therefore not required. If we add analytics in future (e.g. a privacy-respecting, cookieless tool), we will update this policy and, where applicable, obtain § 25 Abs. 1 TDDDG consent before rollout.

10. Automated decision-making

The PartnerScope scoring is model-assisted: automated checks and scoring produce a draft risk profile, but every Pro and Enterprise report is reviewed by a human analyst before delivery. Starter reports are delivered without individual analyst review and are explicitly marketed as such — they do not produce legal or similarly significant effects on any data subject and therefore fall outside Art. 22(1) GDPR.

11. Changes

We update this policy when our processing activities change. Material changes are announced by email to registered customers at least 30 days before they take effect.

This policy is a first, good-faith draft. Have it reviewed by qualified German/EU data-protection counsel before relying on it in contract negotiations or audits.