TOCAPUS  I  PRICACY STATEMENT

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

TOCAPUS – Special Situation Consulting

(“Company”)

 

The Company can be contacted at:

[client@tocapus.com]

 

Further contact details are available in the legal notice of the website.

 

2. Scope of This Privacy Statement

 

This Privacy Statement applies to all processing of personal data in connection with:

 

the Company’s website

communication with the Company

pre-contractual interactions

engagement processes under separate agreements

 

It does not apply where data processing is governed by separate written engagement agreements containing specific data protection provisions.

 

3. Principles of Data Processing

 

The Company processes personal data in accordance with applicable data protection laws, in particular the GDPR, on the following legal bases:

 

Art. 6(1)(b) GDPR (pre-contractual measures and contract performance)

Art. 6(1)(f) GDPR (legitimate interests)

Art. 6(1)(c) GDPR (legal obligations)

 

Personal data is processed only to the extent necessary for the respective purpose

 

4. Categories of Personal Data

 

The Company may process the following categories of personal data:

 

Identity and contact data (e.g. name, email address)

Communication data (e.g. emails, messages, inquiry content)

Technical data (e.g. IP address, browser type, server logs)

Website usage metadata

 

The Company does not intentionally collect or process special categories of personal data within the meaning of Art. 9 GDPR via the website.

 

Users are advised not to transmit sensitive or confidential information unless expressly required.

 

5. Purposes of Processing

 

Personal data is processed for the following purposes:

operation and provision of the website

responding to inquiries and communications

handling pre-contractual interactions

assessing potential engagements

ensuring IT security and system integrity

compliance with legal obligations

 

6. NDA-Gated Communications (Pre-Engagement Handling)

 

Where users transmit case-specific, non-public, or commercially sensitive information, such information is treated as pre-contractual communication only.

 

The Company is under no obligation to review, analyse, or act upon such information unless a separate non-disclosure agreement (NDA) or engagement agreement has been concluded.

This does not affect statutory obligations under applicable data protection law.

 

7. Legitimate Interests

 

Where processing is based on Art. 6(1)(f) GDPR, the Company’s legitimate interests include:

 

efficient communication and business operation

protection of systems, infrastructure, and proprietary know-how

prevention of misuse of the website

improvement and maintenance of services

 

8. Data Retention

 

Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by applicable statutory retention obligations.

Once the purpose ceases to apply, data is deleted or anonymised in accordance with legal requirements.

 

9. No Obligation to Provide Data

 

Users are not legally or contractually required to provide personal data when visiting the website.

However, certain functionalities (e.g. contact requests) may not be available without providing necessary information.

 

10. Data Security

 

The Company implements appropriate technical and organisational security measures to protect personal data against:

 

unauthorised access

accidental loss

destruction or alteration

unlawful disclosure

 

These measures are continuously reviewed and updated in line with technological developments.

 

11. Recipients of Personal Data

 

Personal data may be disclosed only where necessary to:

 

service providers acting on behalf of the Company (e.g. hosting, IT infrastructure)

professional advisors (e.g. legal, tax, compliance advisors)

public authorities where legally required

 

All recipients are bound by appropriate confidentiality and data protection obligations.

 

12. International Data Transfers

 

Where personal data is transferred to or processed in countries outside the European Economic Area (EEA), such transfers will only take place where appropriate safeguards are in place in accordance with GDPR requirements (e.g. Standard Contractual Clauses or equivalent mechanisms).

 

13. Cookies and Technical Tracking

 

The website currently does not use cookies or tracking technologies that require user consent.

Only strictly necessary technical processes (such as server logs or security-related functionalities, if applicable) may occur to ensure the operation, stability, and security of the website.

The Company does not currently use analytics, marketing, or profiling technologies.

 

The Company reserves the right to implement cookies or similar technologies in the future where necessary for the provision or improvement of services. In such cases, processing will be carried out in compliance with applicable data protection laws, and where legally required, users will be informed in advance and consent will be obtained.

 

14. Data Subject Rights

 

Data subjects have the following rights under the GDPR:

 

right of access (Art. 15 GDPR)

right to rectification (Art. 16 GDPR)

right to erasure (Art. 17 GDPR)

right to restriction of processing (Art. 18 GDPR)

right to data portability (Art. 20 GDPR)

right to object (Art. 21 GDPR)

 

Where processing is based on consent, users may withdraw their consent at any time with effect for the future.

 

Requests should be directed to the contact details provided above.

 

15. Right to Lodge a Complaint

 

Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of their habitual residence or place of work.

 

16. No Automated Decision-Making

 

The Company does not use automated decision-making or profiling within the meaning of Art. 22 GDPR in connection with website usage.

 

17. Relationship to Terms of Use and Engagement Agreements

 

This Privacy Statement operates independently of the Company’s Terms of Use and any separate engagement agreements.

 

Where a written engagement agreement is concluded, such agreement may contain additional or more specific data protection provisions.

 

18. Amendments

 

The Company reserves the right to update this Privacy Statement to reflect legal, technical, or operational changes.

 

The current version is always available on the website.