Written in plain language. The legally binding German version sits behind a link at the bottom. If you only have two minutes, read the summary below — it covers 95% of what you came for.
The controller for personal data processed via this website (per Art. 4 (7) GDPR) is:
Remote Native GmbH · Joergstr. 29, 80689 München, Germany · privacy@remote-native.com. Full company details on the Imprint page.
Where required under Art. 37 GDPR, our Data Protection Officer can be reached at:
dpo@remote-native.com · Mail: c/o Remote Native GmbH, Joergstr. 29, 80689 München. Please write "DPO" in the subject line for routing.
We try hard to collect as little as possible. Concretely:
Server logs at our EU host (Hetzner, Frankfurt) capture IP address (truncated to /24 within 24 hours), timestamp, requested URL, response code, referrer, and user-agent. These logs exist for security and abuse prevention. Retention: 14 days, then irreversible deletion.
The 12-question diagnostic runs entirely in your browser. Answers are kept in localStorage while you're on the page. Nothing leaves your device until you press "Send me my result", at which point we collect: email, first name, your 12 answers, and a derived score across 6 dimensions.
A two-field form: email + first name. The PDF is sent by email. No tracking pixel in the PDF. We do not silently re-send.
Whatever you put in the email. We answer from a human inbox (Fastmail, EU). Retained per § 257 HGB / § 147 AO when commercially relevant; otherwise deleted after 12 months.
Each type of processing has a named purpose, a legal basis under GDPR Art. 6 (1), and a retention period. The register below is the operative version — if you want it as a PDF, email dpo@remote-native.com.
| Activity | Purpose | Legal basis | Retention |
|---|---|---|---|
| Server logs | Security, abuse prevention, debugging | Art. 6 (1) f Legitimate interest | 14 days |
| Diagnostic submission | Send personal result & benchmark | Art. 6 (1) b Pre-contractual measure | 24 months, then anonymized |
| Ebook delivery | Deliver PDF & (opt-in) follow-up | Art. 6 (1) a Consent | Until withdrawn |
| Sales correspondence | Reply, scope, contract | Art. 6 (1) b Contract / pre-contractual | 6 yrs (§ 257 HGB) |
| Invoicing | Tax & commercial obligation | Art. 6 (1) c Legal obligation | 10 yrs (§ 147 AO) |
| Analytics (opt-in) | Anonymous reach & usage measurement (GA4, Microsoft Clarity) | Art. 6 (1) a Consent · § 25 (1) TTDSG | Until withdrawn / cookie lifetime |
| Marketing (opt-in) | Ad measurement & remarketing (Google Ads) | Art. 6 (1) a Consent · § 25 (1) TTDSG | Until withdrawn / cookie lifetime |
We do not sell, rent, or trade personal data. Analytics and advertising/remarketing run only with your explicit consent (see § 05) — reject, and none of those tags fire. We do not perform any automated decision-making with legal effect under Art. 22 GDPR.
Where we use third parties to process data on our behalf, we operate them under a Data Processing Agreement per Art. 28 GDPR. Current list:
| Processor | What for | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Web hosting, logs, ebook delivery | Falkenstein / Nürnberg, DE | EU only |
| Fastmail Pty Ltd | Email inbox (hello@, privacy@, dpo@) | EU servers (NL) | EU only |
| Stripe Payments Europe Ltd | Founders' Copy purchase only | Dublin, IE | EU only |
| HubSpot CRM | Engagement pipeline notes | Frankfurt, DE (EU data residency) | EU residency |
| OpenAI / Anthropic | Engagement work only · zero-retention APIs · no website data | US | SCC + DPA |
| Google (Analytics & Ads) | Reach measurement (GA4), ad measurement / remarketing — consent only | US | SCC + DPF |
| Microsoft (Clarity) | Aggregated usage analysis — consent only | US | SCC + DPF |
| LinkedIn (Insight Tag) | Ad measurement / remarketing — consent only | Ireland, EU · US | SCC |
If we add a sub-processor, we update this page before data flows to them. The diff is dated below at § 09.
Necessary storage runs without consent — it is strictly required for the site to function (Art. 6 (1) f GDPR · § 25 (2) TTDSG) and sets no third-party or tracking cookies:
rn-theme · rn-lang · localStorage / cookie · your light/dark and EN/DE preference. First-party, no PII.rn-diag-draft · localStorage · stores diagnostic answers in progress so a refresh doesn't lose them. Cleared on submit. First-party.rn-consent · localStorage + cookie (12 months) · records your cookie choices and the timestamp (consent proof). Without it we'd have to ask every visit.Optional, consent-only. The following load only after you accept (Art. 6 (1) a GDPR · § 25 (1) TTDSG), are managed via Google Tag Manager, and are gated by Google Consent Mode v2 — so on rejection they never set a cookie or send data. You can withdraw any time via "Cookie settings" (footer or the panel below); withdrawal is as easy as consent.
_ga, _ga_* up to 24 months._clck (12 mo.), _clsk (1 day), MUID._gcl_* up to 90 days.li_gc, lidc, UserMatchHistory, bcookie up to 6 months.You can clear all of the above by clearing site data in your browser, or withdraw consent below. Nothing on this site requires the optional services to function.
Each category has a defined retention period (see § 03 for the register). Outside the statutory minimums (commercial 6 years, tax 10 years), we delete on the shortest reasonable horizon. After retention, we either delete or irreversibly anonymize. Anonymized statistics may be retained for trend analysis (median diagnostic scores per industry, etc.) but cannot be re-identified.
You have the following rights regarding any personal data we hold about you. To exercise any of them, email privacy@remote-native.com — we respond within one month (Art. 12 (3) GDPR), usually inside a week.
Get a copy of what we hold about you, the purposes of processing, recipients, and retention.
Correct anything inaccurate or incomplete.
"The right to be forgotten" — subject to statutory retention (tax, commercial).
Tell us to pause processing while a dispute is resolved.
Receive your data in a machine-readable format (JSON, on request).
Object to processing based on legitimate interest. We'll stop unless we can demonstrate compelling grounds.
Where processing is based on consent (e.g. ebook follow-up), withdraw it any time. No reason needed.
Lodge a complaint with a supervisory authority — see § 08 below for ours.
For any privacy matter, write to privacy@remote-native.com. For matters directed to the DPO specifically: dpo@remote-native.com.
You also have the right to complain to a supervisory authority. The competent supervisor for our registered office is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) · Promenade 18, 91522 Ansbach · lda.bayern.de · You may also complain to the supervisor of your habitual residence or place of work.
This page is updated when our processing changes. The German version is the legally binding version; the English version is provided for convenience. Material changes are flagged on the homepage for 30 days.
Last updated · 14 Jan 2026 · v3.2 · DE binding · See imprint