Privacy policy

For legal interpretation, the German version of this Document is legally binding. This English translation is provided for convenience only and is a result of automated processing.

Controller within the meaning of the GDPR and the TDDDG

Klar Insights GmbH
Marktstr. 18
80802 Munich
Germany

Represented by managing directors: Cillié Burger, Adrian Maximilian Rast & Frank Birzle

Contact to data protection officer

Maren Wienands
Maren Wienands Consulting
E-mail: [email protected]

General provisions

The protection of your personal data is important to us. In the following, we inform you about the handling of your data that is collected when you visit our website. Your data is processed in accordance with the statutory data protection regulations.

If the type and scope of the data collected and processed differs between our website and our platform, these differences are set out separately in the respective document.

Data Subject Rights

Data Subject Rights under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this data and further information and a copy of the data in accordance with the legal requirements.

Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.

Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw your consent at any time with effect for the future.

Complaint to the supervisory authority: You have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully. The address for the competent supervisory authority is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (address: Promenade 18, 91522 Ansbach, telephone: +49 (0) 981 180093-0).

To exercise your rights, please contact our data protection officer.

Lawfulness of the processing

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data.

Automated individual decision-making, including profiling

Klar does not use automated individual decision-making or profiling within the meaning of Art. 22 GDPR.

Transfer of personal data

As part of the processing of personal data, it may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

General information on data storage and deletion

The storage period of personal data depends on the corresponding statutory retention periods and the purpose of the processing. As soon as the statutory retention period ends or the purpose of processing no longer applies, the personal data will be deleted unless it is required for the fulfilment or initiation of a contract. Justified deviations may occur in the context of individual processing procedures, to which we will inform you separately.

Visiting and using the website

For Klar, a hosting service provider collects data about every access to the server on which this service is located (so-called server log files). The access data includes:

We have concluded an Data Processing Addendum with our hosting service provider. This contract ensures that the service provider processes the data in accordance with the GDPR and guarantees the protection of the rights of the data subjects.

Webflow

We use the following service provider to host our servers:

Categories of personal data: IP address, e-mail address, first name, surname, address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

Service provider: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103
Website: https://webflow.com
Privacy policy: https://webflow.com/legal/privacy
Data Processing Addendum: https://webflow.com/legal/dpa
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

Contact form

Visitors to our website can use our contact form at https://www.getklar.com/contact to contact us directly with any questions.

The data controller is Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany. The data protection officer is Maren Wienands,[email protected].

The data collected in the contact form (name, e-mail address, company, phone number and the content of the message) will only be processed to deal with your enquiry. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR (performance of contract or to take steps prior to entering into a contract)

The recipient of the data is our service provider Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103
Website: https://webflow.com
Privacy policy: https://webflow.com/legal/privacy
Data Processing Addendum: https://webflow.com/legal/dpa
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The data collected in the contact form will only be stored for as long as is necessary to process your enquiry and no statutory retention periods prevent deletion.

The provision of personal data in the contact form is voluntary, but necessary for processing your enquiry.

Automated individual decision-making or profiling does not take place when using the contact form.

Job applications

We are happy to receive your application by e-mail to [email protected] to start the application process. In addition, we also offer the opportunity to apply directly for vacancies via different recruitment platforms.
After receiving your application, we will send a confirmation of the receipt of your application documents by e-mail.
The data provided during the application process (usually name, e-mail address, address, CV, certificates, nationality, religious affiliation, telephone number) will be processed exclusively for the purpose of processing your application.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR in conjunction with
Section 26 (1) sentence 1 BDSG (Federal Data Protection Act) (fulfillment of contract or employment-related purposes).

After completion of the application process, the data will be stored for up to six months. Your data will be deleted after six months at the latest. In the event of a legal obligation, the data will be stored in accordance with the applicable regulations.

As an applicant, you have the right to object to the processing of your personal data at any time by sending an email to [email protected]. In such a case, the application can no longer be considered. All personal data stored in the course of electronic applications will be deleted in this case.

Newsletter

Intuit Mailchimp

We use the Mailchimp service for our newsletter.
The newsletter is only sent if a user has registered and confirmed their email address or if a contractual relationship already exists. A user can unsubscribe at any time using the link provided in each newsletter.

Categories of personal data: E-mail address
Legal basis: For interested parties: Consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. For customers: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with § 7 para. 3 UWG.
If we base the sending of a newsletter on the legal basis of legitimate interest, you have the right to object to the processing in accordance with Art. 21 GDPR.

Service provider: Intuit Mailchimp, 405 N Angier Ave. NE, Atlanta, GA 30308 USA
Website: https://mailchimp.com/de/
Privacy policy: https://www.intuit.com/privacy/statement/
Data Processing Addendum: https://mailchimp.com/de/legal/data-processing-addendum/
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

EComUnity from beehiv

We use the EComUnity service from beehiv to keep you up to date on our events and other e-commerce-related activities.
The newsletter will only be sent if a contractual relationship already exists with us.
A user can unsubscribe at any time via the link provided in each newsletter.
Categories of personal data: Surname, first name, e-mail address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with Art. 7 para. 3 UWG; you have the right to object to processing in accordance with Art. 21 GDPR.
Service provider: beehiiv Inc, 228 Park Avenue # 2329976, New York, New York 10003
Website: https://www.beehiiv.com/
Privacy policy: https://www.beehiiv.com/privacy

Providers and services used in the course of business activities

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers ("services") in compliance with legal requirements. Their use is based on our interests in proper, lawful and efficient business processing, the improvement of our service quality and the optimisation of our business processes. These services help us to process data securely and effectively, improve communication channels, maintain customer relationships and continuously optimize our services. They are carefully selected to comply with data protection requirements and to ensure the confidentiality, integrity and availability of data.

Use of cookies

Klar uses the well-known technology of so-called cookies. These are small files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, etc.). Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other harmful software. They store information relating to the specific end device that uses them. This allows us to gain indirect knowledge of your identity.
Two types of cookies are used on this website: Session cookies, which are related to a single session, and persistent cookies, which remain stored on your end device for longer periods of time.

Most of the cookies used on this website are so-called first party cookies.
These are placed directly by Klar or its service providers and are used exclusively by them. However, third-party cookies may also be used to track user behaviour.

You have the option of deactivating the storage of cookies in your browser. You can find more information about these settings in the documentation or help section of your browser.

Please note, however, that you may not be able to use some parts of the website or certain functions, or only to a limited extent, if you refuse the use of cookies.

The specific cookies used when using this website are described below.

Technically necessary cookies

Cookies are used on this website that are necessary to provide the site without disruption. These technically necessary cookies are already stored on your end device when you access the website. Unfortunately, it is not possible to use the website without these cookies, which are listed below. If personal data is processed in connection with these cookies, this is done in accordance with Art. 6 Para. 1 S.1 lit. f) GDPR. The trouble-free display of the website constitutes a legitimate interest within the meaning of this provision. A balancing of interests has shown that the interests of the users in excluding this data processing do not outweigh the legitimate interests. The following technically necessary cookies are used on this website

__cf_bm

This cookie is required for the transmission of our contact form. It is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires after 30 minutes. Learn more about Cloudflare cookies.

__cfuvid

This cookie is required for the transmission of our contact form. It is set by HubSpot's CDN provider based on their rate limit policy. It expires at the end of the session. Learn more about Cloudflare cookies.

Cloudflare

We use the services of Cloudflare Germany GmbH (Rosental 7, 80331 Munich, Germany) to manage our domains, DDOS protection and many other services.

Categories of personal data: IP address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany
Server location: Germany, USA
Website: https://www.cloudflare.com/
Privacy policy: https://www.cloudflare.com/
Data Processing Addendum: https://www.cloudflare.com/de-de/cloudflare-customer-dpa/
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

Google Fonts

Google Fonts makes it possible to use fonts on your own website without having to store them on your own server. The fonts are loaded via a Google server when the website is loaded, whereby user data, including the user's IP address, is transferred to Google.

Categories of personal data: IP address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Server location: EU
Website: https://www.google.com/intl/de_de/business/
Privacy policy: https://policies.google.com/privacy
Data Processing Addendum: https://cloud.google.com/terms/data-processing-addendum/

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

Google Tag Manager

With the user's consent, we deliver our JavaScript snippets via Google Tag Manager.

Categories of personal data: Online identifiers (including cookie identifiers) and IP addresses
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Server location: EU
Website: https://www.google.com/intl/de_de/business/
Privacy policy: https://policies.google.com/privacy
Data Processing Addendum: https://cloud.google.com/terms/data-processing-addendum/

The processing of the data required to achieve the stated purposes is to be categorised as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

Technically unnecessary cookies

In addition to technically necessary cookies, we also use technically unnecessary cookies and pixels on this website to enable us to analyse the surfing behaviour of our website visitors. For example, the following data is stored and processed:

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Cookies, pixels and other tracking technologies that are not technically necessary are automatically deleted after a specified period, which may vary depending on the tracking method. If we integrate third-party cookies or pixels and similar tracking technologies into our website, we will inform you of this separately below.

Google Analytics

If you have given your consent, we use Google Analytics 4 on this website, a web analytics service provided by Google LLC. The controller for users in the EU, the EEA and Switzerland is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognise which content users have accessed within one or more usage processes, which search terms they have used or interacted with our online offering.

During your visit on the website, your user behaviour is recorded in the form of "events". Events can be

It is also recorded:

Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: City (and the city's inferred latitude and longitude), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU traffic, the IP address data is used exclusively for this derivation of geolocalisation data before it is immediately deleted. It is not logged, is not accessible and is not used for other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing.

On behalf of the operator of this website, Google will use this information to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after a maximum of 3 months. The maximum lifetime of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR and § 25 para. 1 sentence 1 TDDDG.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking

a. Do not give your consent to the setting of cookies or
b. download and install the browser add-on to deactivate Google Analytics HERE.

You can also revoke your consent to the setting of cookies by clicking on the following link.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Categories of personal data: Online identifiers (including cookie identifiers), IP addresses and device identifiers, identifiers assigned by the customer
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Server location: EU
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Privacy policy: https://policies.google.com/privacy
Data Processing Addendum: https://business.safety.google/adsprocessorterms/
Appropriate safeguards: Data Privacy Framework (DPF)

The processing of the data required to achieve the stated purposes is to be categorised as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

The following cookies are set by Google Analytics:

_ga

This cookie is used to distinguish individual users. The standard expiry time is 2 years. In browsers, the storage period for own cookies is limited. If a visitor does not return before a maximum of 400 days (Chrome) or a maximum of 7 days (Safari) have elapsed, they are deleted.

_ga_ <container-id>:

This cookie is used to store the session status. The standard expiry time is 2 years. Browsers limit the storage period for their own cookies. If a visitor does not return before a maximum of 400 days (Chrome) or a maximum of 7 days (Safari) have elapsed, they are deleted.

Microsoft Clarity

Microsoft Clarity is a session recording and heat mapping service provided by Microsoft Corporation. We are constantly endeavouring to improve our software for our customers and use Clarity for quality control of recently introduced functions.

Categories of personal data: IP address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Microsoft Corporation, One Microsoft Way, Redmond, USA
Server location: Germany
Website: https://www.microsoft.com/de-de/
Privacy policy: https://www.microsoft.com/de-DE/privacy/privacystatement
Data Processing Addendum: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=18

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

HubSpot / HubSpot Analytics

We use Hubspot software for customer relationship management (CRM) and also use it to analyse our website activities.

Categories of personal data: First name, surname, e-mail address
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Hubspot, Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141, USA
Website: https://www.hubspot.com/
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Data Processing Addendum: https://legal.hubspot.com/dpa
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

Intercom

We use Intercom for our support chat. Intercom is a service for the management of knowledge base articles and for communication via chat and e-mail, which is offered by Intercom R&D Unlimited Company or by Intercom Software UK Limited.
Intercom Messenger can use trackers to recognise and track user behaviour.

Categories of personal data: Data transmitted when using the service, e-mail address, tracker, Universally Unique Identifier (UUID), usage data
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Intercom R&D Unlimited Company, 124 St Stephen's Green, Dublin 2, Ireland
Server location: USA
Website: https://www.intercom.com/
Privacy policy: https://www.intercom.com/legal/privacy
Data Processing Addendum: https://www.intercom.com/legal/data-processing-agreement
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

LinkedIn

We use functionalities of the LinkedIn Insight Tag marketing plugin from LinkedIn.
The LinkedIn Insight tag helps us measure interactions on our website, such as filling out a form or downloading content after an advert has been viewed or clicked on.

Categories of personal data: URL, referrer URL, shortened or hashed IP address, device and browser properties (user agent) and timestamp
Legal basis: Consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR
Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://about.linkedin.com/?trk=homepage-basic_footer-about
Privacy policy:https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Data Processing Addendum: https://www.linkedin.com/legal/l/dpa
Appropriate safeguards: standard contractual clauses

Meta Events Manager (Meta Pixel)

We use the functionality of Facebook's Meta Events Manager to operate so-called conversion tracking, i.e. a mapping of user processes from interaction with the advert to the conclusion of a purchase (conversion). The Meta Events Manager helps us to measure interactions on our website and derive actions for our company.

Categories of personal data: URL, referrer URL, shortened or hashed IP address, device and browser properties (user agent) and timestamp
Legal basis: Consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Website: https://www.meta.com/de/
Privacy policy: https://www.facebook.com/privacy/policy/?entry_point=about_fb
Data Processing Addendum: https://www.linkedin.com/legal/l/dpa
Appropriate safeguards: EU-US Data Privacy Framework**,** https://www.facebook.com/privacy/policies/data_privacy_framework

YouTube

We include YouTube videos on our website to highlight our products and business partners and to provide external content. The personal data collected differs depending on the situation and the existence of the user's own YouTube account.

Categories of personal data without logging in to YouTube: Browser and device settings, interaction of apps, operating system, mobile network, activities on YouTube during the active session, location data
Categories of personal data with registration on YouTube: Name, e-mail address, password, date of birth, uploaded videos and photos, written mails, payment information, profile picture, telephone number
Legal basis: Consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Server location: EU
Website: https://www.youtube.com/
Privacy policy: https://policies.google.com/privacy?hl=de
Data processing agreement: https://www.youtube.com/t/terms_dataprocessing
Appropriate safeguards: standard contractual clauses, https://business.safety.google/adsprocessorterms/sccs/

Zapier

We integrate Zapier on our website. Zapier is a service offered by Zapier, Inc. for the automation of work processes, which facilitates the automated flow of data between (third-party) services.
Categories of personal data: Browser and device settings, operating system, location data
Legal basis: Consent pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service Provider: Zapier, Inc. 548 Market St. #62411, San Francisco, CA 94104-5401
Server location: USA
Website: https:https://marketingplatform.google.com/intl/de/about/analytics/
Privacy policy: https://zapier.com/privacy
Data Processing Addendum: https://zapier.com/legal/data-processing-addendum
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The processing of the data required to achieve the stated purposes is to be categorised as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

TYPEFORM

We integrate Typeform on our website to provide appealing and interactive forms or surveys.

Categories of personal data: Browser and device settings, operating system, location data
Legal basis: Consent pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: TYPEFORM SL C/ Can Rabia 3-5, 4th floor, 08017 - Barcelona (Spain)
Server location: EU /USA
Website: https://www.typeform.com/de
Privacy policy: https://admin.typeform.com/to/dwk6gt
Data Processing Addendum: https://admin.typeform.com/to/dwk6gt
Appropriate safeguards: EU-US Data Privacy Framework & standard contractual clauses

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

jsDelivrCDN

We integrate jsDelivr on our website to provide resources such as JavaScript libraries, CSS files and other files quickly, reliably and efficiently.

Categories of personal data: Browser and device settings, IP address (anonymised), server log files
Legal basis: Legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR
Service provider: Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, GBR
Server location: Globally distributed servers (CDN)
Website: https://www.jsdelivr.com
Privacy policy: https://www.jsdelivr.com/terms/privacy-policy

The processing of the data required to achieve the aforementioned purposes is to be classified as a legitimate interest within the meaning of this provision. A balancing of interests has shown that the overriding interests of the users in the exclusion of this data processing are not to be assumed.

heyflow

We integrate heyflow on our website to provide appealing and interactive forms or landing pages.

Categories of personal data: Various types of data, including name, email address, and interaction data, as specified in the service's privacy policy.
Legal basis: Consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR
Service provider: Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany
Server location: Germany
Website: https://heyflow.com
Privacy policy: https://heyflow.com/de/datenschutz/
Data Processing Agreement: has been concluded with heyflow.

Perspectiv

For the provision of contact, inquiry, or application forms, we use an external service provider: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter "Perspective"). Perspective itself stores your data exclusively on European servers. However, it is possible that your data may be accessible to entities in the United States of America, as Perspective uses sub-processors based in the USA. Since July 2023, the EU-US Data Privacy Framework (DPF), adopted by the EU Commission, serves as the legal basis for these potential transfers. Perspective's sub-processors are thereby committed to a high level of data protection. Nevertheless, a risk remains that your data could be processed by US authorities for control and monitoring purposes. Therefore, for such data transfers to the United States, Perspective provides additional measures and guarantees in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, through the conclusion of Standard Contractual Clauses between Perspective and the sub-processors.

I. Description and Scope of Data Processing

When using the contact, inquiry, or application forms from Perspective, the following data is transmitted to Perspective's servers:

II. Purpose and Legal Basis of Data Processing

The purpose of this data processing is to facilitate the communication you have initiated. The processing of your data from contact, inquiry, or application forms is therefore initially based on your consent. The legal basis is Art. 6 (1) (a) GDPR. If a contract is initiated via an inquiry form, the legal basis is also Art. 6 (1) (b) GDPR. The legal basis for processing data in an application form can be, in addition to Art. 6 (1) (f) GDPR, also Art. 88 GDPR in conjunction with § 26 BDSG (German Federal Data Protection Act).

III. Duration of Processing

Your personal data will be stored for as long as necessary to fulfill the purpose of processing, or until you revoke your consent. Excluded from this principle is data that Perspective must retain due to legal obligations. This includes, for example, commercial and tax retention requirements. These retention periods are – currently – up to ten years. For application data, if no employment relationship is established, your data will be deleted no later than six months after the conclusion of the application process, unless you have expressly consented to a longer storage period.

IV. Rights of the Data Subject

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the legal notice. Furthermore, in the event of violations of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

You can revoke your consent to data processing at any time by sending us an informal notification (e.g., by email). The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. The right to restrict processing exists in the following cases:

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Demodesk

We use the service Demodesk (Demodesk GmbH, Isartorplatz 8, 80331 Munich, Germany) for our virtual meetings. Demodesk is GDPR compliant and hosted in data centers within the EU.

Categories of personal data: Meeting data (audio and, if applicable, video recordings, transcribed texts, meeting summaries, and depending on the content, other personal data), Usage data (data on the use of the platform for functions such as scheduling, CRM integration, and analytics) Legal basis: Consent according to Art. 6 Para. 1 S. 1 lit. a) GDPR, particularly for meeting recordings (your explicit consent will be obtained before a recording) Service Provider: Demodesk GmbH, Isartorplatz 8, 80331 Munich, Germany Website: https://demodesk.com/de/ Privacy Policy: https://demodesk.com/de/privacy-policy Data Processing Agreement: A data processing agreement has been concluded with Demodesk. Appropriate Safeguards: The service provider's server location is within the EU.

Duration of data storage

The storage period of personal data depends on the corresponding statutory retention periods and the purpose of the processing. As soon as the statutory retention period ends or the purpose of processing no longer applies, the personal data will be deleted unless it is required for the fulfilment or initiation of a contract. Justified deviations may occur in the context of individual processing procedures, to which we will inform you separately.

Changes to the privacy policy

This Privacy Policy may be amended and replaced by us at our own discretion. The most recent version available on our website or in our app is always valid.