Privacy Notice

Privacy Notice 

In this privacy notice, we inform you about the processing of personal data and about the access and storage of information on your device when using our website. 

1. Controller and contact person 

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is: 

StratifAI GmbH 
Großenhainer Str. 98 
01127 Dresden 
Germany 

Email: info@stratifai.com 

In exceptional cases, we are jointly responsible for specific data processing with other controllers: We and LinkedIn process business page insight data on our social network page as joint controllers, whereby LinkedIn is contractually responsible to fulfill the data subject rights and we will forward your requests. More information can be found in this privacy notice. 

2. Data protection officer 

If you have any questions about data protection in connection with our products/services or the use of our website, you can also contact our data protection officer at any time. This person can be contacted at the above postal address or e-mail address (keyword: ‘Attn. data protection officer’). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please request direct contact via this e-mail address first. 

3. Purposes of data processing 

We process your data for the following purposes: 

• Enabling the visit of our website, ensuring the permanent functionality and security of our systems, maintaining our website in general for administrative purposes, including the storage of log files in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our website (Art. 6 (1)(b), (f) GDPR); 

• Management, implementation and creation of website content, structure, functions, scripts and design, including with WordPress (Art. 6 (1)(f) GDPR); 

• Management of the consent regarding optional services with a consent banner (Art. 6 (1)(f) GDPR); 

• Providing and sending our newsletter, including storage of the subscription data for documentation obligations (Art. 6 (1)(a) GDPR); 

• Processing and answering your contact requests, your demo request and providing a contact form (Art. 6 (1)(b), (f) GDPR); 

• Embedding a map on the contact page to see our business location (Art. 6 (1)(f) GDPR); 

• Receipt and processing of applications for the selection of applicants for the possible establishment of an employment relationship, and for the storage in a applicant pool, if applicable (Art. 6 (1)(b), (a) GDPR); 

• Providing and managing a social network business page, including communication with interested parties and clients, and processing of aggregated business page insight data for the optimization of the business page’s structure and design (Art. 6 (1)(b), (f) GDPR); 

• Processing and answering your data privacy requests, and storage of your requests for documentation obligations (Art. 6 (1)(f) GDPR). 

• Processing and managing applications for the execution of the application process and communication with applicants, including the provision of a digital careers page and the administration of incoming applications (Art. 6 (1)(b), (f) GDPR); 

• Capturing, managing, and evaluating prospect contacts for handling inquiries, carrying out marketing activities, and analyzing and optimizing communication processes (Art. 6 (1)(a), (f) GDPR); 

• Analyzing and optimizing our website presence, including the measurement of user behavior and the technical management of tracking technologies via a tag management system (Art. 6 (1)(a) GDPR); 

4. Recipients of data 

The data collected by us will only be forwarded on if there is a legal basis for this under data protection law in the specific case, in particular if: 

• you have given your consent (Art. 6 (1)(a) GDPR), or 

• this is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 (1)(b) GDPR), or 

• we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement (Art. 6 (1)(c) GDPR), or 

• the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (Art. 6 (1)(f) GDPR). 

Your data will be forwarded especially to the following recipients: 

• Hosting provider: Hostinger International Limited, 61 Lordou Vironos str., 6023 Larnaca, Cyprus – privacy notice: https://www.hostinger.com/legal/privacy-policy; 

• Google (Google Maps, Google Tag Manger, Google Analytics): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – privacy notice: https://business.safety.google/privacy/; 

• LinkedIn (social network business page): LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – privacy notice: https://www.linkedin.com/legal/privacy-policy; joint controller agreement: https://legal.linkedin.com/pages-joint-controller-addendum;. 

• HubSpot (marketing and tracking tool): HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA – privacy notice: https://legal.hubspot.com/de/privacy-policy. 

5. Transfer to third countries 

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.  

If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework. 

If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR). 

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. 

If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this. 

Your data may be forwarded especially to the following recipients in third countries: 

• Google (Google Maps, Google Analytics): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework); 

• LinkedIn (social network business page): LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework);. 

• HubSpot (marketing and tracking tool): HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA (adequacy decision, certified for the EU-US Data Privacy Framework);

6. Storage period 

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case. 

Your data will be stored especially for the following periods: 

• Connection data: for the time of your visit and beyond in logfiles for a limited period; 

• Contact data: for the time necessary to process your request, and at least for three years in case of data privacy requests; 

• Applicant data: duration of your employment relationship (if we accept your application), or six months at latest (if we refuse your application) or beyond, if you give us your explicit consent; 

• Newsletter data: for the time of your subscription and beyond for documentation obligations. 

7. Data subject rights 

You have the rights of data subjects formulated in Art. 7 (3), Art. 15 – 22 GDPR at any time if the respective legal requirements are met:  

• Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR); 

• Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes (Art. 21 GDPR); 

• Right to obtain information about your personal data processed by us (Art. 15 GDPR); 

• Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR); 

• Right to erase your personal data (Art. 17 GDPR); 

• Right to restrict processing of your personal data (Art. 18 GDPR); 

• Right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR); 

• Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR). 

To assert your rights described here, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request. 

Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. 

8. Requirement for the provision of data 

In principle, there is no obligation to provide your data. The use of our website is usually possible without providing personal data. As far as personal data (for example, name, address, or email addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.  

If the provision of your data is required to conclude a contract, to fulfil legal obligations, to make contact or to use other services and functions (e.g. subscribe to the newsletter), the corresponding input fields are marked as mandatory (usually with an asterisk (*)). In this case, any contract cannot be concluded, the specific service cannot be provided or the function cannot be used without the data provided. 

Other information not marked as mandatory fields is voluntary. The entry of such data is then not necessary for the conclusion of any contract, for the provision of the service or for the use of the function and has no influence on the fulfilment of the contract. 

9. Automated decision-making 

Automated decision-making including profiling in accordance with Art. 22 GDPR which produces legal effects or similarly significantly affects you does not take place. 

10. Access and storage of information on the device 

We only access or store information on your device if this is strictly necessary to provide your requested digital service, i.e. for the main functions of our website, or if you haven given your prior consent, i.e. for optional services, according to implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG. 

The following cookies will be stored on your device: 

• “cmplz_banner-status” (1 year): storage whether the consent banner has been closed; 

• “cmplz_policy_id” (1 year): storage of the cookie policy’s version; 

• , “cmplz_consented_services”, “cmplz_functional”, “cmplz_marketing”, “cmplz_preferences”, “cmplz_statistics” (1 year): storage of the decision regarding the categories of services in the banner of the WordPress plugin Complianz GDPR;. 

• “_ga” (1 year): used by Google Analytics to distinguish users; 

• „_ga_YYCGQ9CCN5 (1 year): used by Google Analytics 4 to maintain session state. 

The following elements in the web storage will be stored on your device: 

• “elementor”: counter for the page views, number of the sessions and the shown pop-ups for the pop-up functionality of the WordPress plugin Elementor; 

• “hasVisited”: storage whether a page has been visited before for the pop-up functionality of the WordPress plugin Elementor; 

• “hideBar”: storage that a banner text has been hidden by the user. 

• “wpEmojiSettingsSupports”: storage of emoji support related information. 

11. Usage of imprint data 

The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information materials is hereby expressly contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.