We want you to feel secure regarding the protection of your personal data when you visit our website/Platform Policy-InsiderAI (http://www.policy-insider.ai) (the "Platform").
Operator of the Platform and the responsible controller for the data processing is Policy-Insider.ai GmbH, with its registered office address at Lehmweg 34, 20251 Hamburg, Germany, Register: Amtsgericht Hamburg HRB 157945, Geschäftsführer: Dr. Marc-Angelo Bisotti ("Policy-Insider", "we", "us").
You can contact us by sending an e-mail or calling us:
Phone: +49 40228640990
We take the protection of your personal data very seriously. Personal data are all data that refer to an identified or identifiable natural person, such as name, address, and e-mail address. When you visit our Platform, we collect personal data that we process in accordance with applicable data privacy protection regulations.
The Platform is not addressed to children under the age of 16.
1. Accessing our Platform
When you use our Platform for information purposes only, i.e. when you do not register, login or otherwise provide us with information, we automatically process only the personal data that your browser transmits to our server ("Browser Data"). We collect the following data that are technically necessary to display our Platform to you and to ensure the Platform's stability and security (the legal basis is Article 6 (1) (f) GDPR):
- IP address
- Date and time of visit
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific site)
- Access status/HTTP status code
- The amount of data transferred in each case
- Website from which the request is made
- Operating system and its interface
- Language and version of browser software
The data is deleted automatically after a storage period of 15 days.
- For user convenience, we also use temporary cookies that are stored on your device for a specifically defined period of time, but are not deleted after each session. If you revisit our site to use our services, it is immediately recognised that you have already visited our Platform, what entries you have made and which settings you have chosen, so that you do not have to enter the information again.
- Third parties cookies:
Duration of Cookie
Duration personal data associated /w cookie is stored
Used by Google Analytics to collect anonymous information about how visitors use our website. We use the information to compile reports and help us improve our website. The information collected is anonymous and includes the number of visitors to the website, what pages they visited and where they have come to the website from. googleanalytics.com
Stripe is used to make credit card payments in our application. Stripe uses this cookie to remember who you are and process payments without storing any credit card information on our servers. js.stripe.com
Stripe is used to make credit card payments in our application. Stripe uses this cookie to remember who you are and process payments without storing any credit card information on our servers. m.stripe.network
- Most browsers accept cookies automatically. You can adjust the settings of your browser so that no cookies are stored on your device or a notice appears every time before a new cookie is set. However, you may not be able to use all the functions of our Platform fully, if your device does not accept cookies.
- The services we provide via our Platform are only available for authorised users after registration ("Authorised Users"). To register you must provide the following data ("Registration Data"):
- E-mail address
- Default language
- Other preferred languages
- If the invoice is needed: the company’s name and address, tax number
- To ensure, that you are the owner of the stated e-mail address, we use a double opt-in procedure. After you have entered your e-mail address in the log-in field, we will send you a confirmation link. Your registration is not completed until you click this confirmation link.
- We store your data only as long as it is necessary to perform the underlying contract, especially to enable a log-in. If you de-register or cancel the underlying contract, we delete your data unless we are required to retain it by law or contract (see also no. 11.). The legal basis for the processing of your data is Article 6 (1) (b) GDPR.
4. Using our Platform
- We use your Registration Data, your Brower Data as well as all other data you provide us with during your use of our Platform ("User Data") to provide you with our services as set out in the underlying contract and to contact you in this regard if necessary. Legal basis for this processing is Article 6 (1) (b) GDPR.
- Also, we use information on which searching phrase are you looking for, to analyse your activity on our Platform for statistical and analytical purposes to improve and develop our business (including suggesting other users searching phrases). Legal basis for this processing is Article 6 (1) (f) GDPR.
- In order to pay for the Platform you may youse Stripe. You enter your credit card details on the Platform but we do not store this data on the Platform. We do store the data regarding the payment itself – i.e. whether payment was made, amount paid, currency ("Payment Data") only for payment purposes and to prevent fraud. Stripe generates the invoices, which are stored in the Stripe-Platform; we only store links to those invoices.
- Legal basis for the processing of your Payment Data is Article 6 (1) (b) GDPR.
6. Contacting us
- If you contact us by e-mail, we store the information you provide us with (e.g. your e-mail address and your name) so that we can deal with your request, e. g. to answer your questions.
- We store the information you provide us with to be able to further communicate with you. Legal basis for this purpose is our legitimate interest, Article 6 (1) (f) GDPR.
- We delete the data obtained in this context when storage is no longer necessary, or when we limit the processing in case of statutory retention duties.
- On our Platform we may offer you the opportunity to subscribe to our newsletter. To validate your e-mail address, we use the double opt-in procedure: After you have entered your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our mailing list until you click this confirmation link.
- The only mandatory information for sending the newsletter is your e-mail address. The entry of further, separately marked information is optional and will only be used to be able to approach you personally.
8. Use of third party tools
- We use the following tools provided by third parties:
- Adobe Typekit
- Google Analytics
- LinkedIn Insight Tag
- "Adobe Typekit" are fonts of the provider Adobe Systems Software Ireland Ltd. (Adobe, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland) which we embedded in our Platform. Adobe is registered under the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law: www.privacyshield.gov/participant
Adobe may use your data to provide you with the fonts, to diagnose delivery or download problems and to pay for and fulfill Adobe's contracts with the font developers whose fonts are used. More information on the purpose and scope of the data collected and processed by the provider can be found in the providers' data privacy notices, where you will also find further information on your rights in this respect and the setting options to protect your privacy: www.adobe.com/de/privacy/policies/adobe-fonts.html
Legal basis for the use of this tool is our legitimate interest (Article 6 (1) (f) GDPR). We use the tools to improve our Platform, especially regarding design and usability.
- If you give your consent to it, our website may use Google Analytics (this tool is disabled by default). Google Analytics is a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google“. Google is registered under the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law: www.privacyshield.gov/participant
Google Analytics employs cookies. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there.
We use Google Analytics with an IP anonymization feature on our website. In doing so, Google abbreviates and thereby anonymizes your IP address before transferring it from member states of the European Union or signatory states to the Agreement on the European Economic Area.
Google will use this information to evaluate your usage of our site, to compile reports on website activity for us, and to provide other services related to website- and internet usage. Google may also transfer this information to third parties if this is required by law or to the extent this data is processed by third parties on Google´s behalf.
Google states that it will in never associate your IP address with other data held by Google. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.
Google also offers a disabling option for the most common browsers, thus providing you with greater control over the data which is collected and processed by Google. If you enable this option, no information regarding your website visit is transmitted to Google Analytics. However, the activation does not prevent the transmission of information to us or to any other web analytics services we may use. For more information about the disabling option provided by Google, and how to enable this option, visit https://tools.google.com/dlpage/gaoptout?hl=en
- Legal basis for the use of this tool is your free consent (Article 6 (1) (a) GDPR). Our website employs LinkedIn Insight Tag provided by the network LinkedIn. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. In the countries of the European Union, the data administrator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. LinkedIn is registered under the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law: www.privacyshield.gov/participant
The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor's browser until they delete the cookie or the cookie expires (there’s a rolling six-month expiration from the last time the visitor’s browser loaded the Insight Tag).
Legal basis for the use of this tool is our legitimate interest (Article 6 (1) (f) GDPR). We use the tools to improve our Platform, especially regarding design and usability.
9. Further Potential use of your data
- We may also have to disclose your personal data if we are obliged to do so by any legal obligation or regulatory requirement or will use your personal data to enforce our contractual terms with you and other parties as well as for the exercise or defiance of legal claims and to protect our rights.
- If we must comply with a legal obligation or regulatory requirement, the legal basis is Article 6 (1) (c) GDPR, otherwise the legal basis for the further potential use of your data is our legitimate interest for the purposes set out above (Article 6 (1) (f) GDPR).
10. Recipients of personal data and data transfer to third countries
- For the hosting of our Platform: Amazon Web Services EMEA SARL with the registered office in 38 Avenue John F. Kennedy L 1855, Luxembourg,
- For the hosting of our website: ALL-INKL.COM - Neue Medien Münnich, Inhaber: René Münnich, Hauptstraße 68, 02742 Friedersdorf,
- For the maintentance of the Platform: theBlue.ai GmbH with its registered office in Hamburg, Koppel 18a, 20099 Hamburg, Germany.
- These service providers can also be based outside the EU. We will take all necessary steps to ensure that the data you provide is adequately protected in accordance with the requirements of data protection laws of the European Union. Where necessary, we use EU standard contractual clauses to ensure a legally adequate level of data protection.
- Further, we may pass on data to rights holders, consultants and authorities to enforce our rights or to protect our rights or the rights of third parties.
11. Data retention
- We generally only store your personal data for the period of time necessary to achieve the respective purpose or if the storage is stipulated by any laws or regulations to which we are subject.
- According to German law, we are in particular subject to retain data for six years pursuant to Sec. 257 (1) of the German Commercial Code (in particular commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records) and for ten years pursuant to Sec. 147 (1) of the German Tax Code (in particular books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation).
- In case you use the free trial version and do not decide to use the paid version of the Platform after the end of the trial period, we will store only your e-mail address for 3 months after the end of the trial period. The basis for processing your data in this case is Article 6 paragraph 1 f) GDPR, i.e. our legitimate interest, which is the preventing the reuse of the free trial version. You may object to the processing of your personal data by us for reasons which are related to your specific situation. In such case, we will cease the processing of these data, unless we prove that the grounds for processing these data by us prevail over your rights, or your data are essential for us to execute the agreement or to establish, pursue or defend claims.
12. Data Security
We use technical and organisational security measures to protect your personal data against misuse, loss, destruction or against access by unauthorised persons. Our security measures are in accordance with the current state of the art.
13. Your rights
- We would like to inform you about the various rights offered to you as a data subject (Art. 4 (1) no. 1 GDPR). You can find more information about your rights in Art. 15-21 GDPR and Art. 32-37 of the German Federal Data Protection Act (BDSG).
- Right of Access
You have the right to request information about which of your personal data we have collected and processed. This includes information about the purposes such data are used for and the time such data will be stored as well as information about the recipients or recipient categories to whom the data will be disclosed. Furthermore, you have the right to obtain a copy of the personal data undergoing processing.
- Right to Rectification
You have the right to obtain rectification of personal data that is not or no longer accurate. You also have the right to have incomplete personal data completed. We forward corrections of your personal data to third parties where this is legally required.
- Right to Erasure ("Right to be Forgotten")
You have the right to obtain erasure of your personal data from us, where one of the following applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or the purpose has been fulfilled;
- You have withdrawn your consent and there is no other legal ground for the processing;
- You have objected to the processing and there are no overriding legitimate grounds for the processing; where personal data are processed for direct marketing purposes your objection suffices to end the processing;
- Your personal data have been unlawfully processed;
- Your personal data must be erased for compliance with a legal obligation in Union or Member State law, to which we are subjected;
Please consider that your right to erasure may be restricted by law. Legal limitations include, but are not limited to, Art. 17 (3) GDPR and § 35 of the German Federal Data Protection Act.
- Right to Restriction of Processing
You have the right to obtain restriction of processing from us, where one of the following applies:
- You contest the accuracy of your personal data, for a period, that enables us to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of use instead;
- We no longer need the personal data for the purposes of processing, but you require the personal data for the establishment, exercise or defense of legal claims, or
- You have objected to the processing, yet verification whether our legitimate grounds override yours are still pending.
We will inform you about a restriction according to the aforementioned grounds before we lift the restriction of processing.
- Withdrawal of Consent
- Right to Data Portability
You have the right to receive the personal data concerning yourself and provided by you in a structured, common and machine-readable format and to transmit these data to third parties. You may infer details and restrictions from Art. 20 GDPR. The exercise of your right to data portability does not in any way affect your right to erasure.
- Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority, particularly the commissioner for data protection and freedom of information in Hamburg (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit) or the supervisory authority in the Member State of your residence, your place of work or the place of the alleged data protection violation, if you believe that our processing of your personal data violates applicable data protection laws.
15. Right to Object
According to Art. 21 GDPR you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, if we based the processing on Art. 6 (1) (f) GDPR. If you object, we will no longer process your personal data, unless:
- We are able to demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or
- the processing serves the establishment, exercise or defense of legal claims.
You especially have the right to object to the processing of your personal data for direct marketing, if we use your data for such purposes. If you object to our processing of your personal data for direct marketing, we will no longer use your personal data for this purpose.
Last changed: 26.10.2020