Privacy Policy
Last updated: June 11th, 2026
This Privacy Policy explains how BAM! GmbH (“BAM! GmbH”, “we”, “us” or “our”) collects, uses and protects personal data when you visit or use our website cureous.me.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable German data protection laws.
1. Controller
The controller responsible for the processing of personal data on this website is:
BAM! GmbH
Gesellschaft mit beschränkter Haftung
Registered in Erfurt, Germany
Commercial Register: HRB 524621, Amtsgericht Jena
Email: hello@cureous.me
2. Personal Data We Collect
We only collect the personal data that you voluntarily provide to us, for example when you contact us through our website, email, form or other communication channel.
This may include:
Name
Email address
Phone number
Any additional information you choose to include in your message
We do not intentionally collect special categories of personal data, such as health data, biometric data, religious beliefs, political opinions or similar sensitive information.
3. Purposes of Processing
We process your personal data for the following purposes:
To respond to your inquiries
To communicate with you regarding your request
To provide information about our company, products, services or business activities where requested
To maintain internal records of communications
To comply with applicable legal obligations
To protect our rights, business interests and website security
4. Legal Basis for Processing
Depending on the nature of your request, we process your personal data on one or more of the following legal bases under Article 6 GDPR:
Article 6(1)(b) GDPR — Contract or pre-contractual steps: where processing is necessary to respond to your request before entering into a contract or business relationship.
Article 6(1)(f) GDPR — Legitimate interests: where processing is necessary for our legitimate interest in communicating with website visitors, responding to inquiries, operating our website and managing our business relationships.
Article 6(1)(c) GDPR — Legal obligation: where processing is necessary to comply with legal, regulatory, accounting or tax obligations.
Article 6(1)(a) GDPR — Consent: where we specifically ask for your consent, for example for optional communications or activities that require consent.
Where processing is based on consent, you may withdraw your consent at any time with effect for the future.
5. Retention Period
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
In general:
Contact inquiries are retained for as long as necessary to respond to and manage the request.
Business-related correspondence may be retained for the duration of the business relationship and, where applicable, for statutory retention periods.
Data required for legal, tax or accounting purposes may be retained for the legally required period.
Once personal data is no longer required, we will delete it or anonymise it unless further retention is legally required or permitted.
6. Recipients of Personal Data
We do not sell personal data.
Personal data may be shared only where necessary with:
Internal personnel responsible for handling inquiries
IT, hosting, website, email or technical service providers
Legal, tax, accounting or compliance advisers
Public authorities, courts or regulators where legally required
Where we use service providers, we take appropriate steps to ensure that they process personal data in accordance with GDPR requirements.
7. International Data Transfers
Where possible, we process personal data within the European Union or European Economic Area.
If personal data is transferred outside the EU/EEA, we will ensure that appropriate safeguards are in place, such as an adequacy decision by the European Commission, Standard Contractual Clauses or another lawful transfer mechanism under the GDPR.
8. Cookies and Technical Data
This Privacy Policy is based on the assumption that cureous.me does not use analytics, advertising cookies, tracking pixels, newsletter tools or similar marketing technologies.
However, our website hosting provider may process certain technical data automatically when you access the website, such as IP address, browser type, device information, date and time of access and server log data. This processing is generally necessary to display the website, ensure technical functionality, maintain security and prevent misuse.
If we introduce analytics, advertising cookies, tracking technologies, embedded third-party content or newsletter tools in the future, we will update this Privacy Policy and, where required, request consent through an appropriate cookie banner.
9. Your Rights
Under the GDPR, you may have the following rights regarding your personal data:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time, where processing is based on consent
Right to lodge a complaint with a supervisory authority
These rights may be subject to legal conditions and limitations.
To exercise your rights, please contact us at:
hello@cureous.me
10. Right to Object
Where we process your personal data based on legitimate interests under Article 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless processing is necessary for the establishment, exercise or defence of legal claims.
11. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.
For companies established in Thuringia, the competent supervisory authority is generally:
Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
Postfach 900455
99107 Erfurt
Germany
Email: poststelle@datenschutz.thueringen.de
Website: www.tlfdi.de
You may also contact the supervisory authority in the EU member state of your habitual residence, place of work or place of the alleged infringement.
12. Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
However, no website, email system or online transmission is completely secure. We therefore encourage you not to send sensitive or confidential information through unsecured communication channels.
13. No Automated Decision-Making
We do not use your personal data for automated decision-making, including profiling, within the meaning of Article 22 GDPR.
14. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, technical or business changes.
The latest version will always be available on cureous.me.