Privacy Policy
1) Introduction and Contact Details of the Controller
1.1
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when you use our website. Personal data means any data with which you can be personally identified.
1.2
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
YUVENDA GmbH
Lindleystraße 8A,
60314 Frankfurt am Main,
Germany
Tel.: -
Email: datenschutz@yuvenda.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data. For questions or comments regarding the processing of your personal data, you can contact the Data Protection Officer of YUVENDA GmbH as your central point of contact:
YUVENDA GmbH
Data Protection Officer
Lindleystraße 8A
60314 Frankfurt am Main
Germany
Email: datenschutz@yuvenda.com
2) Data Collection When Visiting Our Website
2.1
When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website:
- The website visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
Processing is carried out pursuant to Art. 6 (1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or otherwise used. However, we reserve the right to retrospectively review the server log files if there are specific indications of unlawful use.
2.2
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
For hosting and displaying the content of our website, we use a provider who renders its services exclusively on servers within the European Union, either directly or through carefully selected subcontractors.
All data collected on our website is processed on these servers.
We have concluded a data processing agreement with this provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
4) Cookies
To make visiting our website attractive and enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are deleted after you close your browser (so-called "session cookies"), while others remain on your device and enable us to recognize your browser on your next visit (so-called "persistent cookies"). The duration of storage for persistent cookies can be found in your browser's cookie settings.
If any personal data is processed through individual cookies we use, the processing occurs either under Art. 6 (1)(b) GDPR for contract execution, Art. 6 (1)(a) GDPR if you have given consent, or under Art. 6 (1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a user-friendly and effective website experience.
You can configure your browser to notify you when cookies are being set and decide individually whether to accept them or exclude the acceptance of cookies in certain cases or in general.
Please note that disabling cookies may limit the functionality of our website.
5) Contacting Us
When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is shown in the respective form. This data is stored and used solely for the purpose of responding to your request and the related technical administration.
The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6 (1)(b) GDPR. Your data will be deleted once your inquiry has been fully addressed, provided there are no statutory retention obligations.
6) Use of Customer Data for Direct Advertising
HubSpot
Our email newsletters are sent via the provider:
HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided during newsletter registration to this provider in accordance with Art. 6 (1)(f) GDPR, so they can send newsletters on our behalf.
With your explicit consent according to Art. 6 (1)(a) GDPR, the provider also performs a statistical evaluation of newsletter campaigns via web beacons or tracking pixels included in the emails, measuring opening rates and specific interactions with newsletter content. This also involves collecting device information (e.g., access time, IP address, browser type, and operating system), which is evaluated but not merged with other data sources.
You can withdraw your consent for newsletter tracking at any time with future effect.
We have entered into a data processing agreement with the provider to protect the data of our website visitors and prohibit unauthorized disclosure to third parties.
7) Web Analysis Services
7.1 Google Analytics 4
This website uses Google Analytics 4, a web analysis service provided by:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")
By default, Google Analytics 4 sets cookies when you visit the website, which collect certain information. This includes your IP address, but it is truncated by Google to prevent direct identification.
The information is transferred to Google servers and further processed there. Transfers to Google LLC, based in the USA, may also occur.
Google uses this information on our behalf to evaluate your website use, compile reports on website activities, and provide other services related to website and internet use. The IP address transmitted by your browser and shortened within Google Analytics 4 is not combined with other Google data. The data collected via Google Analytics 4 is stored for two months and then deleted.
All the processing mentioned here, especially setting cookies, takes place only if you have given us your explicit consent in accordance with Art. 6 (1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time via the cookie consent tool on the website.
We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure.
For further legal information on Google Analytics 4, please see:
https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy?hl=en
https://policies.google.com/technologies/partner-sites
Demographic Features
Google Analytics 4 uses the "demographic features" function to create statistics about the age, gender, and interests of website visitors, using advertising and third-party information. The data is not assignable to specific individuals and is deleted after two months.
Google Signals
As an extension, Google Signals may be used to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google Account, Google may analyze your usage behavior across devices and create database models, such as cross-device conversions. We only receive aggregated statistics. You can disable this in your Google account settings.
More information: https://support.google.com/analytics/answer/7532985?hl=en
UserIDs
If you consent to Google Analytics 4 and have created an account on our website and log in across different devices, your activities and conversions may be analyzed across devices.
For data transfers to the USA, Google adheres to the EU-U.S. Data Privacy Framework, ensuring GDPR-level data protection.
7.2 Google Tag Manager
We use Google Tag Manager from:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Tag Manager provides a technical platform for managing website tags, including tracking and analysis services, via a unified interface. Google Tag Manager itself does not store information on user devices or analyze data but may transmit your IP address to Google servers, including in the USA.
This happens only with your explicit consent under Art. 6 (1)(a) GDPR. You can withdraw your consent at any time via the cookie consent tool.
We have a data processing agreement with Google for this purpose.
For transfers to the USA, Google complies with the EU-U.S. Data Privacy Framework.
Further details:
https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy?hl=en
8) Retargeting / Remarketing / Conversion Tracking
Microsoft Advertising Universal Event Tracking
This website uses the conversion tracking technology of:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
A tag on each of our web pages interacts with a Microsoft conversion cookie, making user behavior traceable and transmitting the captured information to Microsoft. This helps us track and evaluate predefined goals like purchases or leads to tailor our offers better. This data does not personally identify users.
All processing, especially the setting of cookies, takes place only with your explicit consent under Art. 6 (1)(a) GDPR. You may withdraw your consent at any time via the cookie consent tool.
Microsoft also adheres to the EU-U.S. Data Privacy Framework.
9) Website Features
Google Maps
We use Google Maps (API) by:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google")
Google Maps displays interactive maps and helps with location navigation.
When accessing subpages with Google Maps, information such as your IP address is transmitted to Google servers and stored, possibly in the USA. This happens regardless of whether you are logged into a Google account. If you are logged in, the data is linked to your Google account. To prevent this, log out before use.
Data collection is based on Google's legitimate interests under Art. 6 (1)(f) GDPR (personalized advertising, market research, website customization). You have the right to object to the creation of user profiles, which must be exercised directly with Google.
If you do not consent to future data transfer to Google while using Google Maps, you can fully deactivate the Google Maps service by disabling JavaScript in your browser, making map functions unavailable.
Where legally required, we obtain your consent under Art. 6 (1)(a) GDPR before processing your data. You can withdraw your consent at any time.
For US data transfers, Google complies with the EU-U.S. Data Privacy Framework.
Further information: https://business.safety.google/intl/en/privacy/
10) Tools and Miscellaneous
Cookie Consent Tool
We use a cookie consent tool to obtain valid user consent for cookies and cookie-based applications. The tool appears as an interactive interface upon page load, where users can provide consent for certain cookies and services.
Technically necessary cookies are set to store your cookie preferences. Personal data is generally not processed. If personal data (like IP address) is processed, this is done under Art. 6 (1)(f) GDPR to ensure legally compliant, user-specific consent management.
Another legal basis is Art. 6 (1)(c) GDPR, as we are legally required to obtain consent for non-essential cookies.
Where necessary, we have a data processing agreement with the provider.
Further information is available within the tool's interface on our website.
11) Rights of the Data Subject
11.1
Under the applicable data protection laws, you have the following rights regarding your personal data processed by us:
- Right of access (Art. 15 GDPR): You have the right to obtain confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to access this personal data and to receive further information regarding the processing.
- Right to rectification (Art. 16 GDPR): You have the right to demand the immediate correction of inaccurate data concerning you and the completion of incomplete data.
- Right to erasure (Art. 17 GDPR): You have the right to request that personal data concerning you be deleted, provided the conditions of Art. 17 (1) GDPR are met. This right does not exist, however, in particular where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data, under the conditions of Art. 18 GDPR.
- Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, where technically feasible.
- Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given for data processing at any time with future effect. If you exercise this right, we will cease processing the data based on that consent.
- Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
11.2 Right to Object (Art. 21 GDPR):
If we process your personal data based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions.
If you exercise your right to object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such marketing. This also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
12) Duration of Personal Data Storage
The duration for which personal data is stored depends on the respective legal basis, the purpose of the processing, and, where applicable, any statutory retention periods (e.g. commercial and tax law retention obligations).
- Data processed on the basis of explicit consent (Art. 6(1)(a) GDPR) is stored until you withdraw your consent.
- Data processed for contract-related purposes (Art. 6(1)(b) GDPR) is deleted after the statutory retention periods have expired (e.g. commercial/tax law), unless the data is still required for contract performance or initiation and there is a legitimate interest in further retention.
- Data processed based on our legitimate interest (Art. 6(1)(f) GDPR) is retained until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for asserting, exercising, or defending legal claims.
- Data processed for direct marketing purposes (Art. 6(1)(f) GDPR) is retained until you exercise your right to object under Art. 21(2) GDPR.
Unless otherwise specified above or elsewhere in this Privacy Policy for specific processing activities, any personal data processed by us is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.