CB

CBAM-OK

CBAM per importatori

Privacy Policy

1. Privacy at a Glance

General Information

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice of this website.

How do we collect your data?
Your data is collected when you provide it to us. This could be data you enter in a contact form or during registration. Other data is collected automatically or with your consent when you visit the website through our IT systems. This is mainly technical data (e.g., internet browser, operating system, or time of page access).

2. Responsible Party

The responsible party for data processing on this website is:

RADOM UG
Telemannstr. 2
60323 Frankfurt am Main
Germany

E-Mail: support@cbam-ok.eu

Data Protection Officer

Due to the company size, the appointment of a Data Protection Officer is currently not legally required. For privacy-related questions, please contact: support@cbam-ok.eu

3. Data Collection on Our Website

Cookies

Our website uses cookies. Cookies are small text files stored on your device. They do not cause any damage. We distinguish between technically necessary cookies and optional cookies for analytics and marketing.

You can adjust your cookie settings at any time via our cookie banner or change them in your browser settings.

Technically Necessary Cookies

These cookies are essential for the operation of the website. This includes session cookies for authentication and cookies to store your cookie preferences.

Analytics Cookies

With your consent, we use analytics cookies to understand how visitors use our website. This helps us improve the website.

Server Log Files

The provider of these pages automatically collects and stores information in server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

Registration and User Account

You can create a user account on our website. The following data is collected:

  • Name
  • Email address
  • Password (stored encrypted)

Registration is required to conclude a contract with us (Art. 6 para. 1 lit. b GDPR). Your data will be stored for the duration of the contractual relationship.

4. Third-Party Services

Azure OpenAI (CBAM Classification)

For AI-assisted classification, plausibility checks, and preparation of CBAM-relevant import data, we use Azure OpenAI by Microsoft. Product descriptions, HS/CN code notes, supplier information, and other import-related content may be transmitted to the Azure OpenAI service. This may include personal data, in particular:

  • Names of contact persons at suppliers, importers, or business partners
  • EORI numbers, company data, and supplier references
  • Product, quantity, customs, and emissions data
  • Product descriptions, countries of origin, and process notes

Processing takes place on Microsoft's Azure servers in Sweden (EU). According to Microsoft's data protection terms for Azure OpenAI, your data is not used to train AI models and is not stored by Microsoft. Data transmission is encrypted via HTTPS.

Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Data center: Sweden (EU)
Legal basis: Contract fulfillment (Art. 6 Abs. 1 lit. b DSGVO)
Data Processing Agreement (DPA): Concluded pursuant to Art. 28 GDPR as part of the Microsoft Product Terms
Privacy Policy: https://privacy.microsoft.com/privacystatement

Stripe (Payment Processing)

We use Stripe for payment processing. When making a payment, your payment data is transmitted directly to Stripe. We do not store complete credit card data.

Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland
Legal basis: Contract fulfillment (Art. 6 Abs. 1 lit. b DSGVO)
Privacy Policy: https://stripe.com/privacy

5. Data Processing for Our Service

Uploaded and Entered CBAM Data

When you upload or enter import, product, supplier, or emissions data, it is processed on our servers. The following data may be processed:

  • Import and consignment data (date, quantity, goods description, origin)
  • HS/CN codes, EORI numbers, and supplier references
  • Names of companies, suppliers, and contact persons

This data is processed to provide our service (CBAM workflow, classification, and declaration preparation). The legal basis is contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage Duration

Uploaded and entered CBAM working data as well as declaration drafts are automatically deleted after 90 days by default, unless statutory retention obligations apply. Soft-deleted records are permanently purged from our systems after a further 30 days. You can manually delete your data at any time in your account settings.

After deleting your account, all personal data is immediately and irrevocably deleted.

Automated Decision-Making

We use AI services (Azure OpenAI, data center Sweden/EU) to support HS/CN code classification, CBAM scope checks, and plausibility checks for emissions and product information. This involves processing the content described in Section 4. This processing is based on Art. 6(1)(b) GDPR (contract performance). You can manually correct or discard AI suggestions at any time.

6. Your Rights

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your stored data at any time.
  • Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
  • Erasure (Art. 17 GDPR): You can request the deletion of your data, unless legal retention obligations apply.
  • Restriction (Art. 18 GDPR): You can request the restriction of processing.
  • Data Portability (Art. 20 GDPR): You can receive your data in a common format.
  • Objection (Art. 21 GDPR): You can object to the processing of your data.
  • Withdrawal of Consent (Art. 7 para. 3 GDPR): You can withdraw your consent at any time.

To exercise your rights, you can contact us using the contact details provided in the legal notice.

Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority of your federal state or the federal state where our company is based is responsible.

The supervisory authority responsible for us is: Hessian Commissioner for Data Protection and Freedom of Information, Postfach 3163, 65021 Wiesbaden

7. Data Security

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser's address bar changing from "http://" to "https://" and the lock symbol in your browser bar.

Your data is stored on servers in Germany. We employ technical and organizational measures to protect your data.

8. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.

Last updated: February 2026