We want you to feel secure regarding the protection of your personal data when you visit our website/Platform Policy-Insider.AI (www.policy-insider.ai) (the “Platform“).

The operator of the Platform and the responsible controller for data processing is:

Policy-Insider.AI GmbH
Raboisen 32, 20095 Hamburg, Germany
Register: Amtsgericht Hamburg HRB 157945
Geschäftsführer: Dr. Marc-Angelo Bisotti

You can contact us via email or phone:

We take the protection of your personal data very seriously. Personal data refers to all data that relates to an identified or identifiable natural person, such as name, address, and email address. When you visit our Platform, we collect personal data that we process in accordance with applicable data privacy protection regulations.

With this Privacy Policy, we aim to inform you about the data we collect during your visit to our Platform and how this data is used.

Note: The Platform is not addressed to children under the age of 16.

1. Accessing our Platform

When you use our Platform for informational purposes only (i.e., without registering, logging in, or providing data), we automatically process only the personal data transmitted by your browser to our server (“Browser Data“).

We collect the following data, which is technically necessary to display our Platform and ensure its stability and security (legal basis: Article 6 (1) (f) GDPR):

  • IP address
  • Date and time of visit
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific site)
  • Access status/HTTP status code
  • Amount of data transferred per request
  • Website from which the request originated
  • Browser type and version
  • Operating system and its interface
  • Language and version of browser software

This data is automatically deleted after a storage period of **15 days**.

2. Use of Cookies

We use cookies to optimize the Platform. The legal basis for the use of cookies is Article 6 (1) (a) GDPR.

Cookies are small text files stored on your device (e.g., laptop, tablet, smartphone) when you visit our Platform. Information associated with your device is stored in the cookie. However, this does not mean we can directly identify you.

Types of cookies used:

  • Session cookies: Recognize if you have already visited individual pages of our Platform. These cookies are automatically deleted after you leave.
  • Temporary cookies: Stored on your device for a specific period of time and are not deleted after each session. They allow recognition when you revisit, saving previous entries/settings.

For details on third-party cookies, please refer to our Cookie Policy.

3. Registration

Our services are available only to authorized users after registration (“Authorised Users“). During registration, the following data (“Registration Data“) must be provided:

  • Email address
  • Name and surname
  • Default language
  • Other preferred languages
  • If an invoice is needed: company name, address, tax number

To ensure that you are the owner of the provided email address, we use a double opt-in procedure. After entering your email, a confirmation link will be sent to you. Your registration is complete only after clicking this link.

Your data is stored only as long as necessary to fulfill the contract, particularly for login purposes. If you de-register or terminate the contract, your data will be deleted unless legal or contractual retention obligations apply (see section **11**).

Legal basis: Article 6 (1) (b) GDPR.

4. Using our Platform

We use your Registration Data and Browser Data, as well as any additional data provided during your use of the Platform (“User Data“), to provide our services and, if necessary, to contact you.

Legal basis: Article 6 (1) (b) GDPR.

Additionally, we analyze user search phrases for statistical and analytical purposes to improve and develop our business (including suggesting search phrases to other users).

Legal basis: Article 6 (1) (f) GDPR.

5. Payment/Transactions

To pay for the Platform, you may use Stripe. While you enter your credit card details on the Platform, we do not store them.

Stored payment data:

  • Payment status (whether payment was made)
  • Amount paid
  • Currency

Invoices: Generated and stored by Stripe. We store only links to those invoices.

Legal basis: Article 6 (1) (b) GDPR.

6. Contacting Us

If you contact us via email, we store your information (e.g., email address, name) to process your request.

Legal basis: Our legitimate interest (Article 6 (1) (f) GDPR).

We delete this data when storage is no longer necessary or restrict processing if statutory retention periods apply.

7. Newsletter

On our Platform, we may offer you the opportunity to subscribe to our newsletter. To validate your email address, we use the double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Your email address will not be added to our mailing list until you click this confirmation link.

The only mandatory information for sending the newsletter is your email address. Providing additional, separately marked information is optional and will only be used to address you personally.

After your confirmation, we will store and further process your email address to send you our newsletter. The legal basis for this processing is your consent under Article 6 (1) (a) GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe. You can do so by clicking the link provided in every newsletter email or by contacting us via the details provided in this Privacy Policy.

8. Use of Third-Party Tools

We use the following third-party tools and services to enhance our platform’s functionality, analytics, and user experience:

  • Adobe Typekit – for web fonts and typography.
  • Google Analytics – for web analytics and traffic insights.
  • LinkedIn Insight Tag – for tracking LinkedIn ad performance and user engagement.
  • Brevo (formerly Sendinblue) – for managing and sending email newsletters and transactional emails.
  • Pipedrive – for customer relationship management (CRM) and sales pipeline tracking.
  • Google Logon – for user authentication and account access.
  • LinkedIn Logon – for user authentication and account access.

8.1 Tools for Analytics, Marketing, and User Engagement

Adobe Typekit

Adobe Typekit provides fonts from Adobe Systems Software Ireland Ltd. (Adobe, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland), which we have embedded in our Platform. Adobe is registered under the EU-US Privacy Shield and thereby guarantees compliance with European data protection laws.

Adobe may use your data to provide fonts, diagnose delivery issues, or fulfill its contracts with font developers. More information can be found in the Adobe Fonts Privacy Policy.

Legal basis: Our legitimate interest in improving the design and usability of our Platform (Article 6 (1) (f) GDPR).

Google Analytics

If you consent, our website may use Google Analytics (this tool is disabled by default). Google Analytics is a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

Google is registered under the EU-US Privacy Shield to ensure compliance with European data protection laws.

How Google Analytics works:

  • Uses cookies to collect information such as visit time, page views, and user location.
  • Data is transmitted to and stored on Google’s servers in the USA.
  • We use Google Analytics with IP anonymization to mask user identities before data transfer.
  • Google may transfer data to third parties as required by law or for outsourced data processing.

Google offers an opt-out option to prevent data collection.

Legal basis: Your free consent under Article 6 (1) (a) GDPR.

LinkedIn Insight Tag

Our website employs the LinkedIn Insight Tag, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For EU users, the data administrator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

LinkedIn is registered under the EU-US Privacy Shield to ensure compliance with European data protection laws.

Purpose of LinkedIn Insight Tag:

  • Tracks conversions, retargets website visitors, and provides analytics on LinkedIn ad interactions.
  • Collects metadata such as IP addresses, timestamps, and page view events.
  • Stores cookies in visitors’ browsers for up to six months (unless manually deleted).

You can opt out via LinkedIn’s Cookie Policy.

Legal basis: Our legitimate interest in marketing analytics and ad performance evaluation (Article 6 (1) (f) GDPR).

Brevo (formerly Sendinblue)

We use Brevo (formerly Sendinblue), a service provided by Sendinblue SAS, located at 55 rue d’Amsterdam, 75008 Paris, France, for managing and sending email newsletters and transactional emails.

Purpose of using Brevo:

  • To send newsletters and email campaigns to our subscribers.
  • To manage transactional emails (e.g., registration confirmations, password resets).
  • To analyze email performance (e.g., open rates, click rates).

Brevo processes user data, including:

  • Email addresses and names (for newsletter subscribers).
  • Email interaction data (e.g., opens, clicks, bounces).
  • IP addresses and device/browser data (for tracking and security purposes).

Emails sent via Brevo may contain tracking pixels that allow us to analyze recipient interactions. If you do not want your email behavior to be tracked, you can disable image loading in your email client.

Brevo stores data in compliance with GDPR regulations and does not share data with third parties without user consent.

Legal basis: Your consent for newsletters (Article 6 (1) (a) GDPR) and our legitimate interest in transactional email processing (Article 6 (1) (f) GDPR).

You can revoke your consent for receiving newsletters at any time by clicking the “unsubscribe” link in any newsletter email.

Pipedrive

We use Pipedrive, a customer relationship management (CRM) tool provided by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia, to manage our sales pipeline, track customer interactions, and optimize outreach efforts.

Purpose of using Pipedrive:

  • Organizing and managing leads, contacts, and deals.
  • Tracking customer communication (emails, calls, meetings).
  • Automating sales processes to improve efficiency.
  • Generating reports and insights to optimize customer engagement.

Pipedrive processes user data, which may include:

  • Contact details (e.g., names, email addresses, phone numbers).
  • Communication history (e.g., emails, meeting notes).
  • Interaction timestamps and engagement metrics.

Pipedrive adheres to GDPR regulations and ensures data protection through secure encryption and compliance measures. More details can be found in Pipedrive’s Privacy Policy.

Legal basis: Our legitimate interest in managing customer relationships and optimizing sales processes (Article 6 (1) (f) GDPR).

8.2 User Authentication via Third-Party Logins

To simplify account registration and login, we offer authentication via third-party services:

  • Google Logon – Provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • LinkedIn Logon – Provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (for EU users: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

How Third-Party Login Works

When you choose to log in via Google or LinkedIn, you will be redirected to their authentication service, where you can log in using your existing credentials. Upon successful authentication, we receive basic profile data such as:

  • Your name
  • Your email address
  • Your LinkedIn or Google profile picture (if available)

This information is used exclusively for authentication, profile creation, and account management.

Data Privacy and Compliance

  • Google and LinkedIn process login data in accordance with their respective privacy policies:
  • We do not receive or store your Google or LinkedIn passwords.
  • Users can revoke access at any time via their Google Account Security Settings or LinkedIn App Permissions.

Legal basis: Your explicit consent under Article 6 (1) (a) GDPR and our legitimate interest in providing a secure and user-friendly authentication process (Article 6 (1) (f) GDPR).

9. Further Potential Use of Your Data

We may disclose your personal data under the following circumstances:

  • If required by legal obligations or regulatory requirements.
  • To enforce our contractual terms.
  • For the exercise or defense of legal claims.
  • To protect our rights.

Legal basis:

  • Article 6 (1) (c) GDPR – If required by legal or regulatory obligations.
  • Article 6 (1) (f) GDPR – If necessary for legitimate interests as outlined above.

10. Recipients of personal data and data transfer to third countries

We use service providers who support us in the performance of our services. These service providers process your data on our behalf, in accordance with our instructions, and under our supervision exclusively for the purposes described in this Privacy Policy.

These service providers include:

  • Hosting of our Platform: Microsoft Corporation, with its registered office at 1 Microsoft Way, Redmond, WA 98052, United States
  • Hosting of our website: ALL-INKL.COM – Neue Medien Münnich, Inhaber: René Münnich, Hauptstraße 68, 02742 Friedersdorf.
  • Maintenance of the Platform: theBlue.ai GmbH, with its registered office at Raboisen 32, 20095 Hamburg, Germany & Apollogic sp. z o.o., with its registered office at ul. Rubiez 46, 61-612 Poznan, Polska

These service providers may also be based outside the EU. We take all necessary steps to ensure that the data you provide is adequately protected in accordance with EU data protection laws. Where necessary, we use EU standard contractual clauses to ensure a legally adequate level of data protection.

Additionally, we may pass on data to rights holders, consultants, and authorities to enforce or protect our rights or the rights of third parties.

11. Data retention

We store your personal data only for the period necessary to fulfill the respective purpose or as required by applicable laws and regulations.

Retention periods under German law:

  • Six years: Pursuant to Sec. 257 (1) of the German Commercial Code (e.g., commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records).
  • Ten years: Pursuant to Sec. 147 (1) of the German Tax Code (e.g., books, records, management reports, commercial and business letters, documents relevant for taxation).

If the storage purpose no longer applies or if a statutory storage period expires, your personal data will be routinely blocked or deleted in accordance with statutory provisions.

Free trial version: If you use the free trial and do not subscribe to the paid version, we store only your email address for three months after the trial ends. The legal basis for this processing is our legitimate interest (Article 6 (1) (f) GDPR) in preventing the reuse of the free trial version.

If you object to the processing of your personal data, we will cease processing unless we can demonstrate overriding legitimate grounds or legal obligations.

12. Data security

We implement technical and organizational security measures to protect your personal data against misuse, loss, destruction, or unauthorized access. Our security measures comply with the current state of the art.

13. Your rights

As a data subject, you have several rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). These rights include:

Right of access

You have the right to request information about the personal data we have collected and processed, including:

  • The purposes for which the data is used.
  • The duration of storage.
  • The recipients or categories of recipients to whom the data is disclosed.
  • A copy of the personal data undergoing processing.

Right to rectification

You have the right to request correction of inaccurate or incomplete personal data. We will also forward corrections to third parties where legally required.

Right to erasure (“Right to be Forgotten”)

You have the right to request the deletion of your personal data if one of the following applies:

  • The data is no longer necessary for the purposes for which it was collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • You object to processing, and there are no overriding legitimate grounds.
  • The data was processed unlawfully.
  • Deletion is required to comply with a legal obligation under EU or national law.

Exceptions: The right to erasure may be restricted by law, including but not limited to Article 17 (3) GDPR and § 35 BDSG.

Right to restriction of processing

You have the right to request a restriction of processing under the following conditions:

  • You contest the accuracy of your personal data, and verification is pending.
  • The processing is unlawful, but you oppose deletion and request restriction instead.
  • We no longer need the data, but you require it for legal claims.
  • You have objected to processing, and verification is pending.

We will inform you before lifting any restriction.

Right to withdraw consent

You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller. This right does not affect your right to erasure.

Right to lodge a complaint

If you believe we have violated data protection laws, you have the right to lodge a complaint with a supervisory authority. In Germany, you may contact:

Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit”).

14. Right to object

Under Article 21 GDPR, you have the right to object to processing based on legitimate interest (Article 6 (1) (f) GDPR), unless:

  • We can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
  • Processing is necessary for the establishment, exercise, or defense of legal claims.

Direct marketing: If we process your data for direct marketing, you have the right to object at any time. If you object, we will stop processing your data for this purpose.

Last updated: 26/02/2025