Privacy Policy

Introduction and terms


By operating our website with the URL (hereinafter referred to as “website”), we (MOGWAI LABS GmbH) process personal data. These are treated confidentially by us and processed in accordance with the applicable laws - in particular the Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). With this privacy policy, we would like to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your privacy.


This privacy policy contains technical terms that are in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

Personal data “Personal data” is any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.

Processing Under a “processing” understands Art. 4 No. 2 DSGVO any operation in connection with personal data. This applies in particular to the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.

Responsible and Data Protection Officer


The company responsible for the data processing is:

Am Steg 3
89231 Neu-Ulm (Germany)

Data Protection Officer

Due to our core activity (provision of technical security reviews/penetration tests) and our company size (less than 20 employees), we are not obliged to appoint a data protection officer. For questions and concerns regarding data protection, you can contact us using the aforementioned contact details.

Processing Framework

As a matter of principle, we do not process any personal data within the framework of the website. No cookies are set and no other tracking takes place. Only in the context of a possible e-mail communication or by using the contact form, there is a processing of personal data from you (see section IV.). We only process data from you that you actively provide (esp. by sending e-mails or using the contact form).

Your data will be processed exclusively by us and will not be sold, lent or transferred to third parties. If we use the help of external service providers for the processing of your personal data, this is done within the framework of a so-called order processing, in which we, as the client, am authorized to issue instructions to our contractors. To operate our website, we use an external service provider for hosting. We host our website and email account with the external provider Hetzner at the data center location in N├╝rnberg.

A data transfer to third countries by us in principle does not take place and is also not planned. We will provide information about exceptions to this principle in the processing described below. Any data transfer to third countries is then based on the so-called EU standard contractual clauses.

The processing in detail

Contacts by E-Mail / Contact form

Description of the processing You can contact us via the email addresses or by using the contact form provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

Purpose By providing an e-mail address, we would like to offer a way to contact us. The data transmitted with and in your e-mail will be used exclusively for the purpose of processing and responding to your request.

Legal basis The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the, in number 6.2 named purpose.

Storage period The data will be deleted by us as soon as they are no longer necessary to achieve the purpose of their collection. This is usually the case when the respective communication with you has ended. The communication is ended when it can be inferred from the circumstances that your request has been conclusively clarified. If legal retention periods prevent deletion, deletion will take place immediately after the expiration of the legal retention period.

Security measures

To protect your personal data from unauthorized access, we have provided our website with an TLS certificate. TLS stands for “Transport Layer Security” and encrypts the communication of data between a website and the user’s terminal device. You can recognize active SSL or TLS encryption by a small lock logo that appears on the far left of the browser’s address bar.

Your rights

Data subject rights

With regard to the data processing described above, you are entitled to the following data subject rights:

Information (Art. 15 DSGVO) You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have under the conditions set out in Art. 15 DSGVO a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO.

Correction (Art. 16 DSGVO) You have the right to request from us without undue delay the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.

Deletion (Art. 17 DSGVO) You have the right to demand that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes pursued by us.

Restriction of data processing (Art. 18 DSGVO) You have the right to request that we restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.

Data portability (Art. 20 DSGVO) You have the right, under the conditions listed in Art. 20 DSGVO, to request the surrender of the data concerning you in a structured, common and machine-readable format.

Revocation of Consent (Art. 7 (3) DSGVO) You have the right to revoke your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it has effect for the future. Thus, the processing does not become retroactively unlawful by the revocation of consent.

Complaint (Art. 77 GDPR) If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right before a supervisory authority in the EU Member State of your residence, place of work or the place of the alleged infringement.

Prohibition of automated decision-making/profiling (Art. 22 GDPR) Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data - including profiling. We hereby inform you that we do not use automated decision-making, including profiling, with regard to your personal data.

Right of Objection (Art. 21 DSGVO) If we process personal data of you on the basis of Art. 6 (1) lit. f DSGVO (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - also regardless of a particular situation - you have the right to object at any time to the processing of your personal data for direct marketing.

Status: January 2022