Privacy Policy
Last updated: 27 April 2026
This Privacy Policy explains how Vira Drones ("we," "us," or "our") processes personal data when you visit our website (viradrones.com). It applies in accordance with the European Union General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), and the Swiss Federal Act on Data Protection (Datenschutzgesetz – DSG/nDSG, in force since 1 September 2023).
1. Controller
The data controller responsible for this website is:
Vira Drones
Siemens-Halske-Ring 2
03046 Cottbus, Germany
Email: info@viradrones.com
2. Data Protection Officer
Vira Drones does not currently meet the thresholds that require the mandatory appointment of a Data Protection Officer under Art. 37 GDPR or § 38 BDSG. If you have data protection concerns, please contact us directly at info@viradrones.com.
3. Data We Collect
3.1 Data you provide voluntarily
- Contact information (name, email address, phone number) when you submit an inquiry or contact form
- Email address when you subscribe to our newsletter
- Any other information you choose to include in your message
3.2 Data collected automatically
When you visit our website, our hosting infrastructure automatically records the following data in server log files:
- IP address (anonymised or pseudonymised where technically possible)
- Date and time of the request
- URL requested and referring URL
- Browser type, version, and operating system
- HTTP status code and volume of data transferred
This data is technically necessary to deliver the website and is not linked to any individual user account.
4. Legal Basis for Processing
We process your personal data only where a legal basis exists under Art. 6 GDPR and, where applicable, the nDSG:
- Consent (Art. 6(1)(a) GDPR / Art. 31(1) nDSG) – newsletter subscriptions and any optional marketing communications. You may withdraw your consent at any time (see Section 9).
- Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) – responding to inquiries and requests made before or during a contractual relationship.
- Compliance with a legal obligation (Art. 6(1)(c) GDPR) – retention of data required by applicable law (e.g., commercial and tax records).
- Legitimate interests (Art. 6(1)(f) GDPR) – operation of server logs necessary to detect security threats and maintain website stability, where our interests are not overridden by your rights and freedoms.
5. How We Use Your Data
- Responding to your inquiries and service requests (legal basis: Art. 6(1)(b) GDPR)
- Sending newsletters and marketing communications (legal basis: Art. 6(1)(a) GDPR – consent only; double opt-in procedure applied)
- Operating and securing the website, including fraud prevention (legal basis: Art. 6(1)(f) GDPR)
- Complying with our legal obligations, including statutory retention duties (legal basis: Art. 6(1)(c) GDPR)
6. Cookies and Tracking
Our website currently uses only technically necessary session functionality required to serve pages correctly. We do not use tracking cookies, analytics scripts, or third-party advertising technologies that require your consent under Art. 6(1)(a) GDPR or the German Telecommunications and Telemedia Data Protection Act (TTDSG § 25). Should this change, we will update this policy and obtain your prior consent where required.
7. Data Retention
- Contact and inquiry data – retained for up to 3 years from the last contact, after which it is deleted unless a longer statutory retention period applies.
- Newsletter subscriber data – retained until you unsubscribe, after which it is deleted within 30 days.
- Server log data – retained for up to 14 days and then automatically deleted, unless a security incident requires longer retention for investigation purposes.
- Data subject to statutory retention obligations (e.g., commercial records under § 257 HGB, tax records under § 147 AO) – retained for the statutory period of 6 or 10 years respectively.
8. Disclosure of Data / Recipients
We do not sell your personal data. We share data only in the following circumstances:
- Hosting and infrastructure providers – our website is hosted on infrastructure whose servers are located in the EU/EEA and Switzerland. These providers act as data processors under Art. 28 GDPR and are contractually bound to process data only on our instructions.
- Email service providers – used to deliver transactional and newsletter emails, bound by data processing agreements.
- Legal requirements – we may disclose data if required by law, court order, or to protect the rights and safety of Vira Drones or others.
9. International Data Transfers
Your personal data is stored on servers located in Germany and Switzerland. Switzerland is recognised by the European Commission as providing an adequate level of data protection (Commission Implementing Decision 2000/518/EC, as updated). Where data is transferred to processors outside the EU/EEA and Switzerland, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) or equivalent transfer mechanisms under the nDSG.
10. Your Rights
Under the GDPR, BDSG, and nDSG you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR / Art. 25 nDSG) – to obtain a copy of the personal data we hold about you and information about how we process it.
- Right to rectification (Art. 16 GDPR / Art. 32 nDSG) – to have inaccurate or incomplete data corrected.
- Right to erasure (Art. 17 GDPR / Art. 32 nDSG) – to request deletion of your personal data where the data is no longer necessary, consent is withdrawn, or processing is unlawful.
- Right to restriction of processing (Art. 18 GDPR) – to request that we limit processing of your data in certain circumstances (e.g., while the accuracy of data is contested).
- Right to data portability (Art. 20 GDPR / Art. 28 nDSG) – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object (Art. 21 GDPR) – to object at any time to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
- Right to withdraw consent (Art. 7(3) GDPR) – to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To unsubscribe from our newsletter, use the unsubscribe link in any newsletter email or contact us directly.
To exercise any of these rights, please contact us at info@viradrones.com. We will respond within one month of receipt of your request (Art. 12(3) GDPR).
11. Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:
Germany (Brandenburg) – competent authority for Vira Drones:
Landesbeauftragte für Datenschutz und Akteneinsicht Brandenburg (LDA)
Stahnsdorfer Damm 77, 14532 Kleinmachnow
www.lda.brandenburg.de
Switzerland – Federal Data Protection and Information Commissioner (FDPIC / EDÖB):
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Feldeggweg 1, 3003 Bern
www.edoeb.admin.ch
You may also lodge a complaint with the supervisory authority of your habitual place of residence or place of work within the EU/EEA.
12. Automated Decision-Making and Profiling
We do not carry out automated individual decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR / Art. 21 nDSG).
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.
14. Contact
For any questions or concerns regarding this Privacy Policy or our data processing practices, please contact:
Vira Drones
Siemens-Halske-Ring 2
03046 Cottbus, Germany
Email: info@viradrones.com