Privacy Policy

Last updated: April 18, 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

ZICSS LLC
Johannes Zimmerer
1209 Mountain Road PL NE STE N
Albuquerque, NM 87110, USA
E-Mail: llc-anfrage@zicss.de

2. General Information on Data Processing

The protection of your personal data is important to us. We process personal data only to the extent necessary to provide a functional website and our content and services.

Although ZICSS LLC is based in the USA, this offering is directed at users in the European Economic Area (EEA), and we therefore comply with the requirements of the GDPR (Art. 3(2) GDPR — marketplace principle).

3. Representative in the European Union

As a general rule, controllers not established in the EU are required under Art. 27(1) GDPR to designate a written representative in the Union.

The designation of a representative in the Union is currently being prepared and will be completed by 30 September 2026 at the latest. Until such designation is complete, please direct all inquiries regarding the processing of your personal data to the email address listed below or to ZICSS LLC's postal address.

This privacy policy will be updated once the designation is complete; the representative will then be named with full contact details. For questions about the processing of your data you can reach us at any time at llc-anfrage@zicss.de.

4. Hosting

This website is hosted on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

When you visit our website, the server automatically records so-called server log files. These contain:

  • Your (anonymised) IP address
  • Date and time of the request
  • Page accessed / name of the file retrieved
  • Data volume transferred
  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of the web server).

Retention period: Server log files are automatically deleted after 14 days.

Server location: Nuremberg, Germany (EU). No transfer of your data to third countries takes place through the hosting.

5. Cookies

This website uses no cookies. Neither first-party cookies nor third-party cookies are set or included.

6. External Resources

All resources (fonts, stylesheets, scripts) are served locally from our server. No external services (such as Google Fonts, Google Analytics, Facebook Pixel, etc.) are integrated. When you visit our site, your browser exclusively connects to our server.

7. Contact by E-Mail

When you contact us by e-mail, your details (name, e-mail address, content of the enquiry) are stored for the purpose of processing your request.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Retention period: Your data will be deleted once the enquiry has been fully processed and no statutory retention obligations apply.

8. Customer Portal and Contract Processing

When you use our services (LLC formation, IRS Form Generator), we process the data you provide for the purposes of contract performance. This includes in particular:

  • Name and address
  • E-mail address
  • Passport / identity document information (for LLC formation)
  • EIN (Employer Identification Number)
  • Business data (revenues, transactions) for the IRS Form Generator — users enter data, the tool generates forms, and users review, sign, and submit them independently
  • Payment data (processed directly with the payment service provider)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Retention period: We store your contract data for the duration of the business relationship and thereafter in accordance with statutory retention obligations (up to 10 years after the end of the contract pursuant to § 147 AO, § 257 HGB).

9. Disclosure of Data to Third Parties

To fulfil our contractual obligations, we work with the following service providers:

  • Northwest Registered Agent LLC (USA) — For LLC registration, we transfer the necessary formation data to Northwest Registered Agent. This is required for the performance of the contract (Art. 6(1)(b) GDPR). The transfer of data to the USA is based on Art. 49(1)(b) GDPR (performance of a contract).
  • IRS (Internal Revenue Service) (USA) — For the EIN application and the submission of IRS forms, the required data is transmitted to the US tax authority. This takes place exclusively on behalf of and at the request of the customer.
  • Hetzner Online GmbH (Germany) — Hosting provider. Processing exclusively in Germany (Nuremberg).

Beyond this, no disclosure of your data to third parties takes place, unless we are legally obliged to do so.

10. Transfer of Data to the USA and CLOUD Act

ZICSS LLC is headquartered in the USA. Following the ruling of the Court of Justice of the European Union of 16 July 2020 (Schrems II, Case C-311/18), the USA is considered a third country that does not provide a level of data protection equivalent to EU law.

Current case law (as of 09/2025): By judgment of 3 September 2025 (T-553/23, Latombe v. Commission), the General Court of the European Union confirmed the validity of the EU–U.S. Data Privacy Framework (DPF). Furthermore, the Higher Regional Court of Karlsruhe, by decision of 7 September 2022 (15 Verg 8/22), clarified that a “latent access risk” arising solely from a provider’s U.S. affiliation, without concrete evidence, is insufficient to assume an impermissible third-country transfer. Decisive factors are the specific contractual and technical safeguards as well as the actual data flow.

We expressly point out that US authorities may, on the basis of the CLOUD Act (Clarifying Lawful Overseas Use of Data Act, 18 U.S.C. § 2713) and comparable legislation, require the disclosure of data stored by US companies or under their control — regardless of where the data is physically stored.

Specific data is transferred to the USA for contract performance (LLC formation with Northwest Registered Agent, EIN application with the IRS, submission of IRS forms). The legal basis for this transfer is Art. 49(1)(b) GDPR (necessity for the performance of a contract or pre-contractual measures at the request of the data subject).

Risk minimisation: The website itself is hosted within the EU (Hetzner, Nuremberg). No cookies, analytics, or tracking services are used. Data transfers to the USA occur only to the extent commissioned by the customer and strictly necessary for order fulfilment. We implement appropriate technical and organisational measures to protect your data (encrypted transmission, access restrictions, regular security updates).

11. Your Rights

You have the following rights with regard to your personal data:

  • Access (Art. 15 GDPR): You may request information about the data we hold about you.
  • Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
  • Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
  • Restriction (Art. 18 GDPR): You may request the restriction of processing.
  • Data portability (Art. 20 GDPR): You may receive your data in a commonly used format.
  • Objection (Art. 21 GDPR): You may object to the processing of your data.

To exercise your rights, please contact: llc-anfrage@zicss.de

12. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You may contact the supervisory authority of your place of residence, your place of work, or the place of the alleged infringement.

An overview of the German state data protection authorities can be found on the website of the Data Protection Conference: datenschutzkonferenz.de

13. SSL/TLS Encryption

For security reasons, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the padlock symbol in your browser bar.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to keep it in line with current legal requirements or to reflect changes to our services. The current version is always available on this page.