EfficiU
Privacy Notice
This notice explains how personal data is processed on the EfficiU marketing website,
including the interest registration flow at /api/interest.
Last updated: February 21, 2026
Replace all bracketed placeholders before publishing to production. This includes the legal entity name, address, and contact details.
1. Data Controller
Controller (Art. 4(7) GDPR):
- [LEGAL_ENTITY_NAME]
- [LEGAL_ADDRESS_LINE_1]
- [LEGAL_ADDRESS_LINE_2]
- Email: [PRIVACY_CONTACT_EMAIL]
2. Categories of Data Processed
When you submit the interest form, we process:
- Required:
email,consent,antiBotToken,source - Optional:
fullName,company,message - Server-side metadata: generated submission ID, timestamp, IP address, user-agent, reCAPTCHA score
- Locale selection persisted in browser storage key
efficiu.website.locale
3. Purposes and Legal Bases
| Purpose | Data | Legal basis |
|---|---|---|
| Process your interest request and send product update contact |
email, optional profile fields, consent, source,
submission ID, timestamp
|
Art. 6(1)(a) GDPR (consent) |
| Protect the form against abuse and bots |
antiBotToken, reCAPTCHA score, IP address, user-agent, timestamp
|
Art. 6(1)(f) GDPR (legitimate interests in security and service integrity) |
| Operate and troubleshoot the website/API | Technical request/response data and service telemetry | Art. 6(1)(f) GDPR |
4. Recipients and Processors
- Google Cloud (Cloud Run and Firestore) for hosting and storage in Europe (
europe-west1) - Google reCAPTCHA Enterprise for anti-bot verification
- Authorized internal staff responsible for pre-launch communications
5. International Transfers
Some processing components are provided by Google and may involve transfers outside the EEA/Switzerland. Where applicable, transfers rely on lawful safeguards (for example SCCs) as documented by the provider.
6. Retention
The current implementation stores submissions in Firestore and does not enforce automatic deletion at application level. Data is retained until deleted under internal retention procedures.
Define and insert concrete retention periods here (for example, marketing leads and security records).
7. Your Rights
Subject to applicable law, you may request:
- Access to your personal data
- Rectification of inaccurate data
- Erasure
- Restriction of processing
- Data portability
- Objection to processing based on legitimate interests
- Withdrawal of consent at any time (without affecting prior processing)
Contact: [PRIVACY_CONTACT_EMAIL].
8. Complaint Right
You may lodge a complaint with your local data protection supervisory authority in the EU/EEA, and where applicable in Switzerland.
9. Requirement to Provide Data
email, consent, antiBotToken, and source are required for form submission.
Other form fields are optional.
10. Automated Decision-Making
No solely automated decision-making producing legal or similarly significant effects is performed.