Privacy Policy

Last updated: November 2025

Information on Data Processing

This privacy policy for pickz ai GmbH ("we", "us", or "our") describes how and why we may access, collect, store, use, and/or share ("process") your personal data when you use our services ("Services"), including when you:

Visit our website at http://www.pickz.ai or any of our websites that link to this privacy policy.
Interact with us in other ways, including sales, marketing, or events.

Questions or concerns?

Reading this privacy policy will help you understand your privacy rights and options. We are responsible for decisions regarding how your personal data is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have questions or concerns, please contact us at privacy@pickz.ai.

We adapt this privacy policy as necessary, for example, in the event of new functions, changed services, or legal changes. The current version is always available on our website.

1) Who are we?

The controller within the meaning of the European Union's General Data Protection Regulation (GDPR) and other data protection regulations is:

pickz ai GmbH
Harburger Schlossstraße 6-12
21079 Hamburg
Germany

Represented by: Yash Luthra, Stefano Markovic, Alexandra Stella Kluge

Phone: +49 156 79 72 52 76
E-mail: privacy@pickz.ai
Website: www.pickz.ai

On this page, we inform you about the processing of your personal data on our website.

How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or disclose your personal data if we have a legitimate purpose and a legal basis for doing so.

2) What do we mean by "legal basis"?

Consent (Art. 6(1)(a) GDPR) – You have given us your consent to process your personal data for the specific purpose explained to you. You have the right to withdraw your consent at any time. For more information on withdrawing consent, please refer to the "Exercise of your rights" subsections in the following sections of this privacy policy.

Contract (Art. 6(1)(b) GDPR) – We need to use your data to fulfill a contract you have entered into with us. Alternatively, the use of your data is necessary because we have asked you to do so or you have taken certain steps yourself before entering into the contract.

Legal obligation (Art. 6(1)(c) GDPR) – We must use your data to comply with legal requirements.

Vital interests (Art. 6(1)(d) GDPR) – The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.

Public task (Art. 6(1)(e) GDPR) – The processing of your data is necessary for the performance of a task carried out in the public interest or covered by a legally prescribed task, for example, in the context of a statutory task.

Legitimate interests (Art. 6(1)(f) GDPR) – The processing of your data is necessary to protect a legitimate interest of ours or another party, provided that your interests do not prevail.

Please note that we may not be able to provide you with our solution if your data is processed as part of the performance of a contract or a legal obligation and you do not provide the requested data.

3) What does data sharing and international transfers involve?

As explained in this privacy policy, we use various service providers who assist us in providing our services and securing your data. When we use these service providers, we must share your personal data with them.

We have entered into agreements with all our service providers to whom we transfer your data, which obligate them to protect your data.

If your personal data is transferred outside the EU, we ensure that your personal data is subject to an equivalent level of protection, either because the jurisdiction to which your data is transferred has an "adequate" data protection standard in the opinion of the European Commission, or by taking another protective measure, such as an enhanced contractual agreement, i.e., Standard Contractual Clauses (SCCs) adopted by the European Commission.

For example, if we use US service providers, we rely on either SCCs or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this privacy policy.

4) What are your rights?

If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation and have the following rights:

4.1) Right to withdraw consent granted (Art. 7(3) GDPR)

You have the right to withdraw consent once given at any time. The withdrawal only takes effect for the future and does not affect the lawfulness of processing based on consent before its withdrawal.

4.2) Right of access (Art. 15 GDPR)

You can request confirmation from the controller as to whether your personal data is being processed by them. If such processing is taking place, you can request the following information from the controller:

Purpose of processing,
Categories of personal data being processed,
Recipients or categories of recipients to whom the personal data have been or will be disclosed,
Planned storage period or the criteria for determining this period,
Existence of the right to rectification, erasure, restriction, or objection,
Existence of the right to lodge a complaint with a supervisory authority,
Where applicable, the origin of the data (if collected from a third party),
Where applicable, the existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope, and the expected effects,
Where applicable, the transfer of personal data to a third country or an international organization.

4.3) Right to rectification (Art. 16 GDPR)

You have a right to rectification and/or completion of the data if your processed personal data is incorrect or incomplete. The controller must rectify the data without delay.

4.4) Right to restriction of processing (Art. 18 GDPR)

You can request the restriction of the processing of your personal data under the following conditions:

If you contest the accuracy of your personal data for a period that enables the controller to verify the accuracy of your personal data,
The processing is unlawful, and you object to the erasure of the personal data and request the restriction of its use instead,
The controller or their representative no longer needs the personal data for the purpose of processing, but you need them for the establishment, exercise, or defense of legal claims; or
If you have objected to the processing and it has not yet been determined whether the legitimate interests of the controller override your interests.

4.5) Right to erasure ("Right to be forgotten") (Art. 17 GDPR)

If you request the controller to delete your personal data immediately, they are obliged to do so immediately if one of the following points applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or processed,
You withdraw your consent on which the processing is based, and there is no other legal basis for processing the data,
You object to the processing of the data and there are no overriding legitimate grounds for processing, or you object pursuant to Art. 21(2) GDPR,
Your personal data has been processed unlawfully,
The personal data must be erased to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject,
Your personal data was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

The right to erasure does not exist if the processing is necessary:

For exercising the right of freedom of expression and information,
For compliance with a legal obligation arising from Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
For reasons of public interest in the area of public health,
For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes,
For the establishment, exercise, or defense of legal claims.

4.6) Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to the controller in a structured and machine-readable format. Furthermore, you have the right to transfer this data to another person without hindrance from the controller who originally received the data.

4.7) Right to object (Art. 21 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Art. 6(1)(e) or 6(1)(f) GDPR. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

4.8) Storage of consents

Insofar as we process personal data based on your consent, we store the consent granted as well as its withdrawal in order to be able to comply with our legal documentation and evidence obligations. The processing takes place on the basis of Art. 6(1)(c) GDPR, as we are legally obliged to be able to prove the granting of consent. Storage takes place only for the legally required period and is subsequently deleted.

4.9) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the General Data Protection Regulation. The supervisory authority with which the complaint was filed shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. A list of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

5) How is data processed when visiting our website?

5.1) Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

Our server collects and stores only the technically required information, which is a maximum of the following data:

IP address of the user
Date and time of the request
Requested URL / accessed resource (e.g., HTML, CSS, images, scripts)
HTTP method and HTTP status code (e.g., GET, POST, 200, 404)
Referrer URL (the page from which the user came)
Browser type and version (User-Agent)
Operating system used
Hostname or internet service provider of the user
Transferred data volume
Error messages or other technical diagnostic data
This data is stored in our system's log files.

5.2) Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this, the user's IP address must remain stored for the duration of the session.

The storage in log files takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place.

5.3) Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.

A data processing agreement pursuant to Art. 28 GDPR exists with netcup GmbH.

5.4) Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. In the case of collecting data for the provision of the website, this is the case when the respective session has ended.

In the case of storing data in log files, this is the case after fourteen days at the latest (according to the log policies of the hosting provider). Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

5.5) Exercise of your rights

The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website. The user can object to this. Whether the objection is successful must be examined within the framework of a balancing of interests.

Data Erasure

We delete personal data:

as soon as the processing purpose ceases to apply
after the expiry of statutory retention periods (e.g., 6 years according to § 257 HGB, 10 years according to § 147 AO)
at your request, provided no legal obligations prevent this

Data Security

We use technical and organizational measures pursuant to Art. 32 GDPR to protect your data:

Encrypted data transfer (HTTPS/TLS)
Access controls and authorization concepts
Secure hosting in the EU
Redundant systems (Coolify Deployment)

6) How are cookies used?

6.1) General information

We use cookies and similar technologies on our website. Cookies are small text files that are stored on your end device and contain information that can be sent back to our server during a later visit to the site.

Cookies serve to ensure the basic functionality of the website, enable technical processes, and store certain settings (e.g., language or time zone). The use of cookies can lead to personal data being processed.

You can delete or deactivate cookies at any time via your browser settings. Please note, however, that the functionality of our website may be restricted if cookies are completely deactivated.

6.2) Use of cookies on this website – current status

On this website, exclusively technically necessary cookies are currently used.

Optional cookies, in particular those for analysis, marketing, tracking, or statistical purposes, are currently not used and not set.

Consent for optional cookies is currently not required; the cookie notice serves exclusively for informational purposes.

Should the use of cookies change in the future (e.g., through the activation of analysis or marketing services), this will only occur after prior express consent via a cookie banner.

6.3) Technically necessary cookies ("Essential Cookies")

Technically necessary cookies are required to ensure the basic functions and security of our website. Without these cookies, the website cannot be operated properly.

Legal basis:

§ 25 para. 2 no. 2 TDDDG (Storage and access to information in the terminal equipment)
Art. 6(1)(f) GDPR (legitimate interest in a secure, stable, and functional web presence)

Cookies used (examples):

session_id: Session management, security, authentication (Duration: Session or limited duration)
frontend_lang: Storage of the language chosen by the user (Duration: Session or limited duration)
tz: Detection and storage of the time zone (Duration: Session)

Data processed may include:

Session identifiers
Language settings
Time zone information
Technical security and connection data

These cookies cannot be deactivated as they are strictly necessary for the operation of the website.

6.4) Cookie notice and consent management

This website uses the cookie notice and consent management system integrated into the Odoo web system.

When visiting the website for the first time, a cookie notice is displayed. In this process, only the fact that the notice has been acknowledged is stored. For this purpose, the following cookie is set:

website_cookies_bar: Storage that the cookie notice was confirmed (Duration: up to 1 year)

This cookie serves exclusively for the technical control of the cookie notice and contains no tracking or analysis information.

6.5) Optional cookies (currently not active)

Optional cookies typically serve to:

analyze user behavior,
evaluate marketing measures,
display personalized content or advertising.

Currently, no optional cookies are used, in particular no:

analysis cookies (e.g., Google Analytics, Plausible Analytics),
marketing or tracking cookies,
third-party cookies for advertising purposes.

Should optional cookies be used in the future, this will happen exclusively:

after prior express consent,
on the basis of § 25 para. 1 TDDDG,
and Art. 6(1)(a) GDPR.

If optional cookies are used, the following regulations apply:

These cookies are only set if consent pursuant to Art. 6(1)(a) GDPR is present. The use of technically non-necessary cookies takes place for the purpose of improving the quality of our website, its content, and thus our reach and profitability. We use non-essential cookies to improve your browsing experience, personalize content and ads, provide social media features, and analyze our traffic. These cookies help us understand how visitors interact with our website, improve functionality, and better tailor our services to your needs.

These cookies serve us in particular for the following purposes:

6.5.1) Interaction and history cookies

These cookies collect information about how visitors use the website (e.g., visited pages, campaign origin, chat history).

Odoo cookie examples: im_livechat_previous_operator, utm_campaign, utm_source, utm_medium.

Processed data can be:

History of website interactions
Origin of the session (marketing campaigns)
Optional chat-related data

6.5.2) Advertising and marketing cookies

These cookies make it possible to evaluate marketing campaigns or display personalized content. They are partly set by third-party providers (e.g., Google).

Odoo cookie examples: __gads (Google), __gac (Google).

Processed data can be:

pseudonymous user IDs
campaign data
possibly information about interactions with ads outside our website

6.5.3) Analysis cookies

Analysis cookies help us understand how visitors interact with our website (e.g., number of visits, duration of stay, page paths). Google Analytics is used for this purpose.

Odoo cookie examples: _ga, _gat, _gid, gac*.

Processed data can be:

pseudonymized IP address
date and time of access
device information
usage behavior on the website

6.6) Recipients and third-country transfers

Since exclusively technically necessary cookies are currently used:

no transfer of cookie data to third-party providers for analysis or marketing purposes takes place,
no transfer of personal data to third countries (e.g., USA) takes place.
Should external services be used in the future, you will be transparently informed of this and your consent will be obtained.

6.7) Duration of storage

Technically necessary cookies are either:

stored only for the duration of the respective session and deleted when the browser is closed, or
automatically deleted after the expiry of a specified, purpose-bound duration.
No further storage takes place.

6.8) Withdrawal and control by the user

You can:

delete or block cookies at any time via your browser settings,
remove already stored cookies,
deactivate the storage of cookies altogether.
Please note that these settings only affect the browser you use and the respective end device.

6.9) Exercise of your rights

You can withdraw your consent to the use of cookies at any time.

7) Processing of image data, health data, and special categories of personal data

7.1) Scope of processing

In the context of using our application, users can provide image recordings of themselves as well as further information that allows conclusions to be drawn about their person and their health status. This may include, in particular, image data of the face, photographic recordings of the eye area, eye values, information on previous glasses, contact lenses, or other optical corrections, as well as other information provided by the user that is required to perform the analysis and consulting functions of our solution. This information may constitute special categories of personal data pursuant to Art. 9(1) GDPR, in particular health data that allow conclusions to be drawn about visual ability, visual correction, or potential visual strengths.

The specific data processed depends on which information the user provides in the context of using the respective function. Processing takes place both on our own servers and via technical systems of external service providers, insofar as this is necessary to fulfill the functions offered in each case.

Insofar as the user voluntarily provides additional data such as eye values, glasses parameters, or comparable information, processing takes place exclusively for the purposes related to our consultation and analysis. No further processing takes place.

7.2) Purpose of processing

The processing of this data serves exclusively to perform the analysis, measurement, and consultation functions offered by us, which are required to optimize the consultation process regarding the selection and adjustment of visual aids. The data are used to derive recommendations or to enable cooperation with opticians and comparable specialist partners, provided this is necessary to provide the requested services.

No further use takes place. Within the framework of our processing, no processes are used that lead to decisions that develop legal effects or significantly affect the user.

7.3) Disclosure to partners

Insofar as the functionality of our application requires it, the provided data – including special categories of personal data – can be transmitted to selected, expert partners such as opticians, optician chains, or service providers in the field of optical measurement. This disclosure only takes place if the user uses this function and the transmission is strictly necessary to fulfill the requested service. The partners are carefully selected, contractually bound to confidentiality, and process the data exclusively for the purpose for which they were transmitted.

7.4) Legal bases of processing

Insofar as the processing is based on the provision of image recordings, eye values, or other health data, this takes place on the basis of the user's explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with Art. 9(2)(a) GDPR (consent to the processing of special categories of personal data). If the processing of the aforementioned data is necessary to fulfill a contract or to perform pre-contractual measures, it also takes place on the basis of Art. 6(1)(b) GDPR. Disclosure to specialist partners takes place on the basis of the same legal bases.

The consent granted can be withdrawn at any time with effect for the future, without affecting the lawfulness of the processing carried out until the time of withdrawal.

7.5) Duration of storage

Personal data are deleted as soon as the purpose of processing ceases to apply, unless statutory retention periods prevent this. Image data and health-related information are generally only stored as long as this is necessary to perform the requested functions or to fulfill contractual tasks. If the user withdraws their consent, the relevant data are deleted, provided no legal obligations or legitimate interests prevent deletion.

7.6) Exercise of your rights

Users have the right to withdraw their consent at any time and to assert all other data subject rights described in this privacy policy. This includes in particular the right of access, rectification, erasure, restriction of processing, and data portability. Further information can be found in the section "Your Rights".

8) Contact by e-mail

(Note: Re-numbering in the original source text)

8.1) Description and scope of data processing

On our website, contact is possible via the provided email address. In this case, the user's personal data transmitted with the email are stored. The data are used exclusively for processing the conversation.

8.2) Purpose of data processing

In the case of contact by e-mail, this also constitutes the required legitimate interest in the processing of the data.

8.3) Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. Our legitimate interest is to answer your concern transmitted via e-mail as best as possible. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR.

8.4) Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. For personal data sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

Additional personal data collected during the sending process will be deleted after a period of thirty days at the latest.

Inquiries related to an existing or initiated business relationship will be stored for the duration of this business relationship – regardless of whether contact was made by e-mail or in another way – and deleted after the expiry of statutory retention periods. Statutory retention periods are usually up to 10 years according to commercial law (HGB) and tax law (AO).

8.5) Exercise of your rights

You have the option to withdraw your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time in the following way:

Users of our website can make changes to their data by sending an e-mail to privacy@pickz.ai. In their request, users should provide the following details:

Full name and email address – for identity verification.
Requested action – specify if you want to change specific data.
Additional information – any relevant details to process the request efficiently.

For security reasons, we may require further verification before processing the request. All requests will be reviewed and processed within 10 business days. Users will receive a confirmation upon completion.

All personal data stored in the course of contact will be deleted in this case.

9) Contact form

9.1) Description and scope of data processing

On our website, a contact form is available which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored.

At the time the message is sent, the following data are also stored:

Name (mandatory field)
E-mail address (mandatory field)
Subject (mandatory field)
Message
Optional: Company, phone number

The inquiry is transmitted by e-mail to moin@pickz.ai.

9.2) Purpose of data processing

The processing of personal data from the input mask, as well as in the case of contact via e-mail, serves us solely to process the contact.

The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.

9.3) Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. Our legitimate interest is to provide you with an optimal answer to your concern directed to us via the contact form. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR.

9.4) Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. For personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

Additional personal data collected during the sending process will be deleted after a period of thirty days at the latest.

9.5) Exercise of your rights

If you contact us via contact form or e-mail, you can object to the storage of your personal data at any time in the following way:

Users of our website can make changes to their data by sending an e-mail to privacy@pickz.ai. In their request, users should provide the following details:

Full name and email address – for identity verification.
Requested action – specify if you want to change specific data.
Additional information – any relevant details to process the request efficiently.

All personal data stored in the course of contact will be deleted in this case.

10) Use of company profiles in social networks

Instagram

Instagram, part of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland.

On our company profile, we provide information and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram company profile (e.g., comments, posts, likes, etc.), you can make personal data (e.g., real name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Instagram, we cannot provide binding information on the purpose and scope of the processing of your data.

Our company profile in social networks serves for communication and information exchange with (potential) customers. We use the company profile for:

Presentation of our products and services
Building and maintaining brand identity
Engagement for our community and customers
Sharing company news and updates
Conducting marketing campaigns and promotions
Recruiting new talent
Obtaining customer feedback and market research
Publishing inspiring and informative content
Increasing website traffic via links
Announcing events and webinars

Publications on the company profile can contain the following content:

Information on products
Information on services
Sweepstakes
Advertising
Contact with customers

It is free for every user to publish personal data.

Insofar as we process your personal data to evaluate your online behavior, offer you sweepstakes, or carry out lead campaigns, this is based on your explicit declaration of consent, Art. 6(1)(a), Art. 7 GDPR. The legal basis for processing personal data for the purpose of customer and prospect communication is Art. 6(1)(f) GDPR. Our legitimate interest is to be able to answer your concern optimally or provide the desired information. If your contact aims at the conclusion of a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR.

The data generated in the company profile are not stored in our own systems.

You can object to the processing of your personal data that we collect in the context of your use of our corporate web profiles at any time and assert your rights as a data subject mentioned in the section "Your Rights" of this privacy policy. Please send us an email to privacy@pickz.ai.

Further information on the processing of your personal data by Instagram and the corresponding objection options can be found here: https://help.instagram.com/519522125107875

Facebook

Facebook is a service of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

On our Facebook company page, we provide information and offer Facebook users the opportunity to communicate with us. If you perform actions on our Facebook page (e.g., comments, posts, likes, messages), personal data can thereby become publicly visible (e.g., your real name, profile photo, interaction data).

Since we do not have complete influence over data processing by Facebook, we cannot provide final information on the purpose, scope, and duration of the processing of your personal data by Meta. Meta processes your data independently within the framework of its terms of use and privacy policy.

Our Facebook page serves communication and information exchange with (potential) customers and prospects. We use the page in particular for the following purposes:

Presentation of our products and services
Building and maintaining our brand identity
Interaction with our community and customers
Sharing company news and updates
Conducting marketing and advertising campaigns
Recruiting new employees
Obtaining customer feedback and conducting market research
Publishing inspiring or informative content
Increasing website traffic via links
Announcing events, webinars, and promotions

Publications on the Facebook page can contain the following content:

Information on products
Information on services
Advertising and campaigns
Sweepstakes
Interaction with customers
Company news
Event and webinar information

It is free for every user to make personal data public themselves within the framework of interactions on our page.

The data generated on the Facebook page are not stored in our own systems.

Further information on the processing of your personal data by Instagram and the corresponding objection options can be found here: https://www.facebook.com/privacy/policy/

11) Use of company profiles in profession-oriented networks

10.1) Scope of data processing

We use company profiles on professionally oriented networks. We are present as a company on the following professionally oriented networks:

LinkedIn

On our page, we provide information and offer users the opportunity for communication. The company profile is used for applications, information, public relations, and active sourcing.

We have no information regarding the processing of your personal data by the companies jointly responsible for the company profile. Further information can be found in the privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy

If you perform an action on our company profile (e.g., comments, posts, likes, etc.), personal data (e.g., real name or photo of your user profile) can become public.

11.2) Legal basis for data processing

The legal basis for processing personal data for the purpose of communication with customers and prospects is Art. 6(1)(f) GDPR. Our legitimate interest is to be able to answer your concern optimally or provide the desired information. If your contact aims at the conclusion of a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR.

11.3) Purpose of data processing

Our company presence serves to inform users about our services. In doing so, it is free for every user to publish personal data.

11.4) Duration of storage

The data generated in the company profile are not stored in our own systems.

11.5) Exercise of your rights

You can object to the processing of your personal data that we collect in the context of your use of our corporate web presences at any time and assert your data subject rights mentioned in the section "Your Rights" of this privacy policy. To do so, please send us an informal email to the email address mentioned in this privacy policy.

Further information on objection and removal options can be found here: https://www.linkedin.com/legal/privacy-policy

12) Hosting

Our website was created with the website builder from Odoo but is operated on our own server, which we manage ourselves.

The technical operation of the website takes place on a server that we provide via the infrastructure of netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany.

Since we are responsible for the hosting ourselves, data processing is exclusively on our own servers. No transmission of personal data to Odoo servers or other external hosting providers takes place.

Further information on the processing of personal data by Odoo can be found at: https://www.odoo.com/privacy

Further information on netcup can be found at: https://www.netcup.eu

When visiting our website, information is automatically collected and stored in so-called server log files, which your browser automatically transmits. These include in particular:

Browser type and browser version
Operating system used
Internet service provider of the user
Date and time of access
Accessed pages and content
Referrer URL (website from which the user comes)
IP address (shortened or anonymized, if configured on the server side)

A merger of this data with other data sources does not take place.

Processing takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in a technically error-free presentation as well as the optimization and security of our website.

Server location

The servers of our website are located exclusively in data centers of netcup GmbH in Germany (or depending on the booked tariff in the EU). A transmission to third countries does not take place.

Integrated third-party services

We use various service providers to provide the service offered by us via the app.

In general, we have a legitimate interest in sharing your data with the corresponding service providers if these services are essential for the provision of the basic service on the website in order to provide the corresponding website service.

If such services are required for additional services, extended functions, or additional purposes, your personal data will only be shared with service providers if you give your consent.

13) Google Analytics 4

13.1) Description and scope of data processing

We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).

Google Analytics examines, among other things, how website visitors use our site. Google sets cookies on your end device. During the visit, user behavior is recorded in the form of "events". This allows, among other things, personal data to be stored and evaluated:

First visit to the website
Interaction with the website, usage path
Clicks on external links
Video usage
Downloading files
Advertisements and clicks
Scrolling behavior (until the end of the page)
Searches on the website
Language selection
Page visits
Location (region)
Your IP address (in shortened form)
Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
Your internet provider
Referrer URL

We use the User-ID function. The User-ID allows us to assign a unique, permanent ID to one or more sessions (and activities within these sessions) and to analyze user behavior across devices.

By default, IP address anonymization is activated in GA 4. This means that your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google points out that the IP address transmitted by your browser is not merged with other data from Google in the context of Google Analytics.

Data transmission to the USA can take place. Google LLC is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

Further information on data processing by Google can be found here: https://policies.google.com/privacy

13.2) Purpose of data processing

We use GA 4 to evaluate the use of our online offering and to create reports on activities on our website. The reports serve to analyze the performance of our website and to target advertising to those people who have already expressed an initial interest by visiting our website.

13.3) Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is fundamentally the user's consent pursuant to Art. 6(1)(a) GDPR.

A data processing agreement pursuant to Art. 28 GDPR exists with Google.

13.4) Duration of storage

After 2 to 14 months, your personal data will be deleted. This deletion takes place automatically once a month.

13.5) Assertion of your rights

You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until the withdrawal.

Further information on objection and removal options vis-à-vis Google can be found at: https://policies.google.com/technologies/partner-sites

You can furthermore prevent the collection of the data generated by the cookie and related to your use of the online offering (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

You can deactivate the use of your personal data by Google at the following link: https://adssettings.google.de

14) Use of LinkedIn

14.1) Scope of processing of personal data

We use functions of the network LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as LinkedIn).

Every time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn's servers is established. LinkedIn thereby receives the information that you have visited our site with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn can assign your visit to our website to you and your user account. We point out that we as the provider of the pages have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on the collection and storage of data by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

14.2) Purpose of data processing

The use of the LinkedIn plugin serves the user-friendliness of our online offering.

14.3) Legal basis for the processing of personal data

The legal basis for the processing of personal data is the consent granted by the user pursuant to Art. 6(1)(a) GDPR.

14.4) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes.

14.5) Exercise of your rights

You can prevent the collection and processing of your personal data by LinkedIn by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Furthermore, transmission can be prevented by logging out of your LinkedIn account before accessing our website.

Via the following links, you can deactivate the use of your personal data by LinkedIn: https://www.linkedin.com/psettings/guest-controls

Further information on the possibilities of objection and deletion at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

15) Use of Google Workspace

15.1) Scope of processing of personal data

We use various functions and applications of Google Workspace, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google Workspace).

Google Workspace includes, among others, Google Calendar, Gmail, Google Drive, Google Docs, Google Sheets, and other collaborative applications used for efficient organization, communication, and management of business operations.

In the context of using Google Workspace, personal data may be processed that are required to carry out our business processes. This includes in particular contact data, communication content, appointment details, file contents, documents, internal notes, and other user-related information processed in the context of using the respective services. Which specific data are required depends on the respective processing operation. When using individual services, such as Google Calendar or Gmail, automatic system notifications or emails may be generated and sent. These messages can be sent unencrypted and contain the information required for the respective process.

Further information on the collection and storage of personal data by Google Workspace can be found at: https://policies.google.com/privacy?hl=de

15.2) Purpose of data processing

The use of Google Workspace serves the purpose of efficiently performing and coordinating business processes, communication, appointment management, and document management. The services enable structured internal cooperation and secure management of business-relevant data.

15.3) Legal basis for the processing of personal data

The processing of personal data in the context of Google Workspace takes place on the basis of Art. 6(1)(b) GDPR, provided it is necessary to perform a contract or to carry out pre-contractual measures. Furthermore, processing takes place on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in efficient, secure, and reliable internal organization and communication. If individual processing operations are based on the user's consent, the legal basis is Art. 6(1)(a) GDPR.

15.4) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes. Furthermore, you can make use of your right to premature erasure.

15.5) Exercise of your rights

You can prevent the collection and processing of your personal data by Google Workspace by adjusting your Google account settings, preventing third-party cookies in your browser, activating the "Do Not Track" function, deactivating the execution of script code in your browser, or using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Further information on data protection and the removal options for Google Calendar can be found at: https://policies.google.com/privacy?hl=de.

16) Use of Google Tag Manager

16.1) Scope of processing of personal data

We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and their representation in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google).

With Google Tag Manager, tags from Google and services from third-party providers can be managed, bundled, and embedded into an online presence.

Tags are small code elements on an online presence that serve, among other things, to measure visitor numbers and behavior, to capture the effect of online advertising and social channels, to use remarketing and targeting, and to test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains information about which tags are to be triggered.

Google Tag Manager triggers further tags, which for their part can collect data. Information on this can be found in the passages on the use of the corresponding services in this privacy policy. Google Tag Manager does not access this data.

Further information on Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in the privacy policy of Google: https://policies.google.com/privacy?hl=en

16.2) Purpose of data processing

The purpose of the processing of personal data lies in the collective and clear management as well as efficient integration of third-party services.

16.3) Legal basis for the processing of personal data

The legal basis for the processing of personal data is the consent granted by the user pursuant to Art. 6(1)(a) GDPR.

16.4) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy policy or as prescribed by law. Advertising data in server logs is, according to Google's own information, anonymized by deleting parts of the IP address and cookie information after 9 or 18 months.

16.5) Assertion of your rights

You can prevent the collection and processing of your personal data by Google by preventing the storage of cookies by third parties on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Under the following link, you can deactivate the use of your personal data by Google: https://adssettings.google.de

Further information on objection and removal options vis-à-vis Google can be found at: https://policies.google.com/privacy?gl=EN&hl=en

17) Use of LinkedIn Analytics

17.1) Scope of processing of personal data

We use the service LinkedIn Analytics of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn").

Through the use of LinkedIn Analytics, pseudonymized user profiles are created. The profiles are used to analyze user behavior and to optimize our services.

The following data are processed:

Operating system information
Device ID
Internet Service Provider
IP address
Referrer URL
Browser information

Further information on the collection and storage of data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy

17.2) Purpose of data processing

The processing of users' personal data by LinkedIn Analytics allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our offer. This helps us to constantly improve our online presence and, in this context, to also increase user-friendliness.

17.3) Legal basis for the processing of personal data

The legal basis for the processing of personal data is the consent granted by the user pursuant to Art. 6(1)(a) GDPR.

17.4) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

17.5) Assertion of your rights

You can prevent the collection and processing of your personal data by LinkedIn by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Via the following link, you can deactivate the use of your personal data by LinkedIn: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences

Further information on objection and removal options against LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

18) Use of the LinkedIn Insight Tag

18.1) Scope of processing of personal data

We use functions of the marketing plugin LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as LinkedIn).

The plugin allows us to obtain information about visitors to the website and to maintain detailed campaign reports.

In particular, the following personal data are processed by LinkedIn:

URL
Referrer URL
IP address, shortened or hashed
Device and browser characteristics (User Agent) and timestamp.
Cookies from LinkedIn are stored on your end device. Further information on the cookies used can be found here: https://www.linkedin.com/legal/cookie-policy

LinkedIn does not pass on any personally identifiable information to us but only provides aggregated audience reports and advertising. LinkedIn also offers a remarketing function that allows us to display targeted personalized advertising outside of our website without revealing your identity.

For further information on how LinkedIn processes the data, please click here: https://www.linkedin.com/legal/privacy-policy

18.2) Purpose of data processing

We use LinkedIn Insight Tag to collect information about visitors to our website.

18.3) Legal basis for the processing of personal data

The legal basis for the processing of personal data is the consent granted by the user pursuant to Art. 6(1)(a) GDPR.

18.4) Duration of storage

The direct identifiers of members are removed within seven days to pseudonymize the data. These remaining pseudonymized data are then deleted within 180 days.

18.5) Exercise of your rights

You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of consent until the withdrawal.

Further information on objection and removal options against LinkedIn Insight Tag can be found at: https://www.linkedin.com/legal/privacy-policy

19) Use of Odoo (CRM, Contact Management, Quotation and Invoicing)

19.1) Scope of processing of personal data

We use the functions of Odoo, a business management and CRM system from Odoo S.A., Chaussée de Namur 40, 1367 Grand-Rosière, Belgium (hereinafter: Odoo).

Odoo allows us to manage contact inquiries, organize customer relationships, create quotations, and generate invoices.

In the context of using Odoo, personal data may be processed, including in particular:

Contact data (e.g., name, email address, phone number)
Communication content (e.g., messages, inquiries, conversation notes)
Quotation and order information
Invoicing and payment data
other business-related information required in the context of communication

Which specific data are processed depends on which information the user transmits and which business interaction takes place. If documents such as quotations or invoices are sent, these can be sent automatically by e-mail. These e-mails can be unencrypted and contain the information relevant to the respective business relationship.

Further information on data processing by Odoo can be found at: https://www.odoo.com/privacy

19.2) Purpose of data processing

The use of Odoo serves the efficient management of contact inquiries, customer relationships, business processes, and the creation and management of quotations and invoices.

19.3) Legal basis for the processing of personal data

If individual functions require explicit consent, processing takes place on the basis of Art. 6(1)(a) GDPR.

19.4) Duration of storage

Personal data are stored as long as necessary for processing the inquiry, for carrying out the business relationship, or to fulfill legal obligations.

Furthermore, you can assert your right to premature erasure at any time, provided no legal retention obligations prevent this.

19.5) Exercise of your rights

You have the right to withdraw your consent at any time with effect for the future. A withdrawal does not affect the lawfulness of processing carried out until the withdrawal.

You can object to the processing of your personal data and assert all data subject rights described in this privacy policy.

Further information on data protection by Odoo can be found at: https://www.odoo.com/privacy

20) Use of the Google Cloud Platform

20.1) Scope of processing of personal data

We use parts of the technical infrastructure of the Google Cloud Platform (GCP), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Via the Google Cloud Platform, we provide certain functions of our solution that support reliable, high-performance, and technically sophisticated processing of the transmitted content. In the context of using this infrastructure, personal data may be processed that users provide in the context of using our services. This includes in particular technical access data, system and protocol data, but also content data related to the functioning of our application, including the processing of personal image data, provided these are provided within the framework of our services.

The storage and processing of the data can take place on servers within the European Union. Processing can also include a transfer of personal data to the USA or other states outside the European Union.

Google is certified within the framework of the EU-US Data Privacy Framework and ensures an adequate level of data protection taking into account additional protective measures. Further information on the processing of personal data by Google can be found at: https://policies.google.com/privacy

20.2) Purpose of data processing

The use of the Google Cloud Platform takes place for the purpose of providing a secure, high-performance, and reliable technical infrastructure required for the operation of our services. The processing serves in particular to fulfill contractually owed services, the execution of functions requested by users, the execution of automated processes, and the secure processing of data provided by users. The Google Cloud Platform supports both the provision of our applications and the execution of specific analysis and processing operations, provided these are technically necessary for the provision of our services.

20.3) Legal basis for the processing of personal data

The legal basis for the processing of personal data in the context of using the Google Cloud Platform is Art. 6(1)(b) GDPR, provided the processing is necessary for the fulfillment of a contract or the performance of pre-contractual measures. Furthermore, we base the processing on Art. 6(1)(f) GDPR, as we have a legitimate interest in the secure, stable, and efficient operation of our technical infrastructure. If individual processing operations are based on the user's consent, processing also takes place on the basis of Art. 6(1)(a) GDPR.

A data processing agreement pursuant to Art. 28 GDPR exists with Google.

20.4) Duration of storage

Personal data are stored only as long as necessary for the purposes described in this privacy policy. Furthermore, we only retain data for the period necessary to fulfill legal obligations, in particular commercial and tax law retention regulations. Personal data processed in the Google Cloud Platform are deleted as soon as the purpose of storage ceases to apply or you withdraw your consent, provided no legal retention obligations prevent this.

20.5) Exercise of your rights

You have the right to withdraw your consent at any time and to assert all data subject rights described in this privacy policy. You can restrict the processing of your data by Google by adjusting the settings of your Google account or taking technical measures that prevent the loading of content from third-party sources.

Further information on data processing and the available setting options can be found at: https://policies.google.com/privacy

21) Integration of third-party services via external service providers

21.1) Description and scope of data processing

On our website, we integrate certain content and functions via external service providers. When accessing our website, a connection to the respective servers of the providers is established to retrieve the required resources (e.g., fonts, maps, or scripts) and store them in the user's browser cache. As a result, personal data can be processed by the respective providers and stored in server log files. These data include in particular:

IP address of the user
Device and browser information (e.g., operating system, browser type, version)
Date and time of access
accessed content

We use the following external services:

Google Fonts (Poppins)

To ensure a uniform presentation of fonts, we use Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If Google Fonts is integrated via a CDN, the browser establishes a connection to Google's servers. In the process, Google can process data (e.g., the IP address) and transfer it to servers in the USA.

Further information: https://policies.google.com/privacy

Google Maps

To display interactive maps, we use Google Maps, also a service of Google Ireland Limited. When loading Google Maps, an external retrieval of the required content takes place via a Google server. The following data can be transmitted:

IP address
Location data (if the user agrees)
Browser information
Referrer URL
Google can also transfer data to servers in the USA.
Further information: https://policies.google.com/privacy

Image and graphic material used

All stock images used on this website come from Pexels.com and are used in accordance with the license conditions applicable there. The team photos were created by Jakob Mewes. Illustrations of our software come exclusively from our own solution. The icons used are provided exclusively via the Odoo website builder.

21.2) Purpose of data processing

The integration of these services serves:

the technical provision of fonts
the appealing, functional presentation of maps
a fast and stable page load by using global CDN infrastructures
the general optimization and improvement of the user experience

21.3) Legal basis for data processing

The collection of this data takes place on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website.

If Google services require additional consent (e.g., for location data in Google Maps), processing takes place on the basis of Art. 6(1)(a) GDPR.

21.4) Duration of storage

Your personal data will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

21.5) Exercise of your rights

Further information on objection and removal options regarding processing by Google can be found at:

https://policies.google.com/privacy

https://policies.google.com/technologies/cookies

We reserve the right to adapt this privacy policy as necessary, in particular if legal requirements change or we introduce new functions, services, or processing activities. The current version of this privacy policy is available on our website at any time.