1. Data Controller

Depending on your location, your data controller is:

European Union / EEA / International

PAA CAPITAL (Germany) GMBH
Ludwigsplatz 5
67547 Worms, Germany

Africa / International (Non-EU)

PAA CAPITAL (PTY) LTD
The Hub, iTowers
Gaborone CBD, Botswana

If you have any questions regarding data protection, you may contact us through our secure contact form on the website.

2. Personal Data We Collect

a) Data you provide voluntarily

When you use our website forms or request information, you may provide:

• Name
• Email address
• Company information
• Country
• Message content
• Any optional information you choose to provide

We do not request or accept sensitive information (e.g., identity documents) via the public website.

b) Data collected automatically

When you visit our website, we may automatically collect:

• IP address (anonymised where possible)
• Browser type and version
• Device information
• Pages viewed
• Time spent on pages
• Referring URLs
• Basic cookie data (analytics / functional only)

We do not use invasive tracking pixels (Meta, TikTok, etc.) unless explicitly required and consented.

3. Lawful Basis for Processing (GDPR Article 6)

We process your data based on:

• Legitimate interests
  To operate, secure, and optimise our website.
• Consent
  For analytics cookies (when required), and when you submit a contact form.
• Pre-contractual necessity
  When you request information about our services.

4. How We Use Your Personal Data

We may use your information to:

• Respond to your inquiries
• Provide details about our services
• Improve website performance
• Detect and prevent security issues
• Maintain analytics/statistics

We do not sell or rent personal data.

We do not use automated decision-making on the website.

5. Cookies and Tracking

Our site may use:

• Essential cookies (necessary for security and functionality)
• Analytics cookies (only with user consent)

You can manage cookie preferences via your browser or our cookie banner.

6. Data Sharing

We may share data with:

• Our hosting providers (EU-based)
• Our security partners (firewall, anti-fraud)
• Our analytics provider (consent-based)

We do not share data with advertisers or data brokers.

7. International Transfers

Data may be transferred between our European and African entities as part of internal operations.
Such transfers are protected through:

• Standard Contractual Clauses (SCCs), or
• Equivalent adequacy mechanisms

All infrastructure used for website operations is hosted within the EU.

8. Data Retention

We retain data only as long as necessary:

• Website contact form submissions: up to 12 months
• Analytics data: according to provider retention settings
• Server logs: 30–180 days

9. Security

We employ:

• SSL encryption
• Modern firewall protection
• Intrusion detection
• Strict access controls
• Secure data centers in the EU

However, transmission over the internet can never be 100% secure.

10. Your Data Protection Rights (GDPR)

You have the right to:

• Access your personal data
• Request correction
• Request deletion
• Restrict processing
• Object to processing
• Request portability
• Withdraw consent at any time

Requests can be submitted through our secure contact form.

11. Children’s Privacy

Our website is not intended for users under 16 years old.
We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this policy periodically.
The latest version will always be available on this page.

13. Contact

If you have privacy-related questions, contact us securely via our contact form.