Privacy Policy
This statement informs you about the processing of personal data when using sanctinel.com.
1. Controller
Lotzer Digital UG (haftungsbeschränkt)Diepholzer Straße 7, 27751 Delmenhorst, Deutschland
Managing Director: Noah-Jerome Lotzer
Email: info@lotzer.de · Phone: +49 (0) 4221 123 78 64
2. General
We process personal data only to the extent necessary to provide a functional website and our content and services. The legal bases are in particular Art. 6(1)(a) (consent), (b) (contract/pre-contractual measures) and (f) (legitimate interest) GDPR.
3. Hosting & server log files (Cloudflare)
The website and the associated API are operated on the infrastructure of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). On our behalf, Cloudflare processes technical access data (including IP address, date/time, requested URL, browser/device information) to ensure the delivery, security and stability of the service. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation). A data processing agreement pursuant to Art. 28 GDPR is in place with Cloudflare; for transfers to the USA, standard contractual clauses or the EU-US Data Privacy Framework apply.
4. Encryption (SSL/TLS)
For security reasons, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” in the address bar.
5. Bot protection: Cloudflare Turnstile
To protect our forms and screening tools from automated abuse, we use Cloudflare Turnstile. In doing so, technical data (including IP address, interaction and device information) is transmitted to Cloudflare and evaluated. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in preventing spam and abuse).
6. Free screening tools (partner & goods check)
If you enter a name or a goods description into the free screening tools, this input is transmitted to our API in order to carry out the check against the sanctions, insolvency or export-control lists. For traceability (audit), we store the request (search term, time, number of hits) and, to limit usage, temporarily store your IP address. The legal basis is Art. 6(1)(b) and (f) GDPR. Please do not enter more personal data than necessary for the check.
7. AI document screening (upload)
During the optional document upload, the uploaded file is transmitted to our API and forwarded to our processor Anthropic PBC (548 Market St, San Francisco, CA 94104, USA) to extract the business partners it contains. The extracted names are then checked against the lists. Uploaded documents may contain personal data; therefore only upload documents that you are authorized to process. Processing is transient for the purpose of carrying out the check; the file is not stored permanently. The legal basis is Art. 6(1)(b) and (f) GDPR. For the transfer to the USA, standard contractual clauses pursuant to Art. 46 GDPR are in place; content is not processed for training purposes by Anthropic on the basis of the commercial terms of use.
8. Demo request / waiting list
If you register for a demo or the ERP version, we process your email address and the ERP system you specify in order to contact you. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or (a) GDPR (consent). You can object to this use at any time.
9. Recipients & third-country transfers
Recipients of personal data are the named processors (Cloudflare, Anthropic). Where data is transferred to the USA, this takes place on the basis of the European Commission's standard contractual clauses or — where certified — the EU-US Data Privacy Framework. Disclosure to other third parties only takes place where this is legally permitted or necessary for the performance of the contract.
10. Retention period
We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods. Audit and log data are subsequently deleted or anonymized; rate-limit data is automatically removed after a short time.
11. Cookies
We do not use analytics or marketing cookies. Technically necessary data (e.g. through Cloudflare Turnstile) may be processed as part of bot protection; this is required for secure operation.
12. Your rights
You have the following rights vis-à-vis the controller:
- Right of access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent granted, with effect for the future (Art. 7(3) GDPR)
To exercise them, an informal message to info@lotzer.de.
13. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Die Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover.
14. Note on the service
Sanctinel is a screening aid and provides an indication, not legal advice and not a binding official classification. Hits require manual review; the responsible authority in Germany remains the BAFA.
15. Changes
We will amend this privacy policy as soon as changes to processing make this necessary. The version published here applies in each case.
Last updated: June 2026