With the following information, we would like to provide you, as a “data subject,” with an overview of how we process your personal data and your rights under data protection laws. In principle, you can use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal ba-sis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Sincereal Group Limited. This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can inherently have security vulnerabilities, meaning ab-solute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative methods, such as by telephone or mail.

You, too, can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to offer you some tips on handling your data securely:

• Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
• Only you should have access to the passwords.
• Ensure that you always use your passwords for only one account (login, user, or customer account).
• Do not use the same password for different websites, applications, or online services.
• Especially when using publicly accessible IT systems or those shared with others, it is essential to log out after every login to a website, application, or online service.

Passwords should be at least 12 characters long and chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but rather uppercase and lowercase letters, numbers, and special characters.

The controller within the meaning of the GDPR is:

Sincereal Group Limited
Port Causeway, Birkenhead, Wirral CH62 4TH

Registered office is at 5 New Street Square, London EC4A 3TW

Telephone: +44 1515124700
Email: info@sincereal.group

Representative of the data controller: Thomas Stüpfert

You can contact us directly at any time with any questions or suggestions regarding data protec-tion via email at info@sincereal.group.

Your personal data will not be transferred to third parties for purposes other than those stated below. We will only disclose your personal data to third parties if one of the following applies:

1. You have given us your explicit consent in accordance with Article 6 of the GDPR (Consent).
2. Disclosure is necessary and permitted to protect our legitimate interests in accordance with Article 6 of the GDPR (Legitimate Interest), and it is not assumed that your interests or fundamental rights and freedoms override these interests.
3. We are legally obliged to disclose the data (Article 6 of the GDPR, point c, or corresponding national regulations); or
4. disclosure is necessary for the performance of a contract with you (Article 6 of the GDPR, point b).

For transfers to countries outside the United Kingdom, we use appropriate safeguards to ensure an adequate level of protection. This may include the International Data Transfer Agreement (IDTA) or the addendum to the Standard Contractual Clauses, as well as other mechanisms recommended by the ICO. If no adequacy decision exists and appropriate safeguards are insufficient, in exceptional cases, the data subject’s consent or another legal exception may be used as a legal basis. Further information on international data transfers and the safeguards we use can be found in the ICO guidance (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/?q=dpa).

5.1 SSL/TLS Encryption

This website uses SSL/TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that “https://” appears in the browser’s address bar instead of “http://” and by the padlock icon in your brows-er’s address bar.

We use this technology to protect the data you transmit.

5.2 Data Collection When Visiting the Website

When you use our website for purely informational purposes, without registering, otherwise providing us with information, or consenting to processing that requires consent, we only collect data that is technically essential for providing the service. This is typically data that your browser transmits to our server (“in so-called server log files”). Our website collects a range of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the server’s log files. The following data can be collect-ed:

1. browser type and version used,
2. operating system used by the accessing system,
3. the website from which an accessing system reached our website (referrer),
4. the subpages accessed on our website by an accessing system,
5. the date and time of access to the website,
6. a shortened internet protocol address (anonymized IP address), and
7. the internet service provider of the accessing system.

We do not draw any conclusions about your identity from this general data and information. Rather, this information is needed to:

1. deliver the content of our website correctly,
2. optimize the content of our website and the advertising for it,
3. ensure the continued functionality of our IT systems and the technology of our website, and
4. provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.

We therefore use this collected data and information for statistical analysis and to improve data protection and data security within our company, ultimately ensuring the highest possible level of protection for the personal data we process. The anonymous server log file data is stored separately from any personal data provided by a data subject.

The legal basis for processing your personal data is Article 6(1)(f) of the UK GDPR in con-junction with the Data Protection Act 2018. Our legitimate interest arises from the purposes of data collection and processing mentioned above; these interests are balanced against your interests, fundamental rights, and freedoms and prevail only to the extent that this does not result in a disproportionate infringement of your rights.

5.3 Hosting by IONOS

We host our website with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter referred to as IONOS).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on IONOS servers.

The use of IONOS is based on Article 6(1)(f) of the UK GDPR (legitimate interest) in conjunction with the Data Protection Act 2018. Our legitimate interest lies in ensuring the most reliable presentation, provision, and security of our website. In this balancing of interests, we have taken your interests, fundamental rights, and freedoms into account and have implemented appropriate technical and organizational measures to minimize potential risks to your rights.

We have concluded a Data Processing Agreement with IONOS in accordance with Article 28 of the UK GDPR. This contractual agreement legally binds us to ensure that IONOS processes the personal data of our website visitors exclusively according to our documented instructions and in compliance with the requirements of the UK GDPR and the Data Protection Act 2018. The agreement contains, in particular, provisions regarding the purpose and duration of processing, the type of data processed, the categories of data subjects, technical and organizational measures, and subcontracting arrangements.

Further information on IONOS’s data protection policy can be found at: https://www.ionos.de/terms-gtc/terms-privacy.

No cookies are used.
We only use one technically necessary cookie on our website. No other cookies are used. There-fore, you will not see a cookie notice, and no consent for the use of cookies will be obtained.

7.1 Application Management / Job Portal

We collect and process the personal data of applicants for the purpose of carrying out the application process. Processing may also be carried out electronically, in particular if application documents are submitted to us by email or via a form provided on the website. If we enter into an employment or service relationship with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no contract is concluded, the application documents will generally be deleted six months after notification of the rejection, unless we have another legitimate interest that precludes deletion. Such a legitimate interest could, for example, be the defense against claims arising from the Equality Act 2010.

The legal basis for processing your data is Article 6(1)(b) of the UK GDPR (performance of a contract or in order to take steps prior to entering into a contract). Where special categories of personal data (e.g., health data) are processed, we additionally base the processing on the relevant requirements of the UK Data Protection Act 2018 (e.g., the conditions for processing in the employment context).

7.2 Enquiries by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the UK GDPR (performance of a con-tract or implementation of pre-contractual measures), insofar as your inquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective and proper handling of enquiries addressed to us.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, statutory retention periods – remain unaffected.

You can subscribe to our company’s newsletter on our website. The specific personal data transmitted to us when you subscribe to the newsletter is determined by the input form used.

We regularly inform interested parties, customers, and business partners about our offers and relevant information via newsletter. The newsletter can only be received if:

1. you have a valid email address, and
2. you have registered to receive the newsletter.

To verify the email address, you initially provided for the newsletter, we send a confirmation email using the double opt-in procedure. This confirmation serves to ensure that you, as the owner of the email address, have authorized the receipt of the newsletter. Double opt-in is a proven method for documenting your consent; the use of the DOI procedure is recommended in practice to comply with the requirements of the UK GDPR and the relevant regulations for elec-tronic communications (PECR).

When you register, we also store the IP address assigned by your Internet Service Provider (ISP) to the device you used at the time of registration, as well as the date and time of registra-tion. This information serves to ensure traceability and protects us legally, for example, to inves-tigate potential misuse of your email address.

The personal data collected during newsletter registration is used exclusively for sending the newsletter and for directly related purposes (e.g., informing you about changes to the newsletter offerings or technical adjustments to the service). Where necessary, we will inform subscribers about service-related changes via email. Personal data collected in connection with the newsletter service will only be shared with third parties in the cases specified in this privacy policy (e.g., with data processors) and only in compliance with data protection regulations.

You can unsubscribe from our newsletter at any time. You can also withdraw your consent to the storage and use of your personal data for newsletter distribution at any time. Each newsletter email contains a clearly labelled unsubscribe link for this purpose (e.g., “Unsubscribe from newsletter”). Alternatively, you can notify us of your withdrawal by other means. After with-drawal or cancellation, we will process your data in accordance with the deletion and retention periods specified in this privacy policy.

The processing of data for the purpose of sending newsletters is based on your consent (Art. 6 para. 1 lit. a GDPR). Additionally, the provisions of the Privacy and Electronic Communica-tions Regulations (PECR) must be observed for electronic marketing messages. Insofar as we process data to protect legitimate interests (e.g., for fraud prevention or to ensure the operation of the service), we rely on Art. 6 para. 1 lit. f GDPR; in such cases, we have carried out a bal-ancing of our interests against your rights and implemented appropriate safeguards.

We may use service providers for sending and the technical operation of the newsletter service. We have data processing agreements with these service providers in accordance with Art. 28 GDPR. These agreements ensure that the service providers process personal data only accord-ing to our instructions and in compliance with the GDPR.

To communicate with you on social networks and inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by your visit, in accordance with Article 26 of the GDPR.

We are not the original provider of these pages but merely use them within the scope of the options offered to us by the respective providers.

Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Using these platforms may therefore involve data protection risks for you, as exercising your rights, e.g., to access, erasure, or objection, could be more difficult, and processing on social networks is often carried out directly by the providers for advertising purposes or to analyse user behaviour, without our being able to influence this. If the provider creates user profiles, cookies are often used, or your usage behaviour is associated with your own social network member profile.

The described processing of personal data is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a modern manner and to inform you about our services. If you are required to give your consent to data processing as a user to the respective providers, the legal basis is Article 6(1)(a) of the GDPR in conjunction with Article 7 of the GDPR.

Since we have no access to the providers’ data, we advise you to assert your rights (e.g., to in-formation, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data on social networks is listed below for each social network provider we use:

9.1 LinkedIn

(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

10.1 Right to Confirmation

You have the right to request confirmation from us as to whether or not personal data concern-ing you is being processed.

10.2 Right of Access (Article 15 GDPR)

You have the right to obtain, at any time and free of charge, information about which personal data concerning you is being processed, for what purposes, to which recipients this data may have been disclosed, how long the data will be stored (or the criteria used to determine that period), and other information specified in Article 15 GDPR. You also have the right to obtain a copy of the personal data being processed.

10.3 Right to Rectification (Article 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

10.4 Erasure (Article 17 GDPR)

You have the right to request the erasure of your personal data if one of the grounds listed in Article 17 GDPR applies and the processing or storage is no longer necessary. If statutory retention obligations or other legal reasons preclude erasure, we will inform you accordingly.

10.5 Restriction of Processing (Article 18 GDPR)

You have the right to request the restriction of the processing of your personal data if the legal requirements for this are met (e.g., the accuracy of the data is contested, the processing is unlawful, but you object to erasure and request restriction instead).

10.6 Data Portability (Article 20 GDPR)

You have the right to receive the personal data you have provided to us, which is processed automatically, in a structured, commonly used, and machine-readable format. You may also re-quest that this data be transmitted directly to another controller, where technically feasible, provided that the processing is based on your consent (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR) or on the performance of a contract (Article 6(1)(b) GDPR) and the processing is carried out by automated means. The transmission must not adversely affect the rights and freedoms of other persons.

10.7 Right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) (processing in the public interest) or Article 6(1)(f) GDPR (processing necessary for the performance of a task carried out in the public interest). Under the UK GDPR (legitimate interest), you have the right to object to the processing of your personal data. This also applies to profiling based on these provisions. If you object, we will no longer process the data in question unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

You can object at any time to the processing of your personal data for direct marketing purpos-es; in this case, we will no longer process the data for these purposes. This also applies to any related profiling.

Where personal data is processed for scientific, historical, or statistical purposes, you may object to this processing on grounds relating to your particular situation, unless the processing is nec-essary for the performance of a task carried out in the public interest.

When using information society services (e.g., online services), you may also exercise your right to object by automated means, where technically feasible.

10.8 Withdrawal of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

10.9 Complaint to a supervisory authority

You have the right to lodge a complaint with the competent supervisory authority. In the United Kingdom, the competent supervisory authority is the Information Commissioner’s Office (ICO).

We process and store your personal data only for the period necessary to achieve the purpose of storage or as required by the legal regulations to which our company is subject.

If the purpose of storage ceases to apply or a prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

The criterion for the duration of personal data storage is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, unless it is still required for contract fulfilment or initiation.

This Privacy Policy is currently valid and was last updated in January 2026.

Due to the further development of our websites and services or due to changes in legal or regu-latory requirements, it may become necessary to amend this Privacy Policy. The current privacy policy can be accessed and printed at any time on the website at “sincereal.group/data-protection-privacy/”.

This privacy policy was created by Great Oak Datenschutz GmbH & Co. KG with the support of the data protection software: GO DSM.