Privacy Notice

Privacy Notice 

In this privacy notice, we inform you about the processing of personal data and about the access and storage of information on your device when using our website. 

1. Controller and contact person 

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is: 

StratifAI GmbH 
Großenhainer Str. 98 
01127 Dresden 
Germany 

Email: info@stratifai.com 

In exceptional cases, we are jointly responsible for specific data processing with other controllers: We and LinkedIn process business page insight data on our social network page as joint controllers, whereby LinkedIn is contractually responsible to fulfill the data subject rights and we will forward your requests. More information can be found in this privacy notice. 

2. Data protection officer 

If you have any questions about data protection in connection with our products/services or the use of our website, you can also contact our data protection officer at any time. This person can be contacted at the above postal address or e-mail address (keyword: ‘Attn. data protection officer’). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please request direct contact via this e-mail address first. 

3. Purposes of data processing 

We process your data for the following purposes: 

• Enabling the visit of our website, ensuring the permanent functionality and security of our systems, maintaining our website in general for administrative purposes, including the storage of log files in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our website (Art. 6 (1)(b), (f) GDPR); 

• Management, implementation and creation of website content, structure, functions, scripts and design, including with WordPress (Art. 6 (1)(f) GDPR); 

• Management of the consent regarding optional services with a consent banner (Art. 6 (1)(f) GDPR); 

• Providing and sending our newsletter, including storage of the subscription data for documentation obligations (Art. 6 (1)(a) GDPR); 

• Processing and answering your contact requests, your demo request and providing a contact form (Art. 6 (1)(b), (f) GDPR); 

• Embedding a map on the contact page to see our business location (Art. 6 (1)(f) GDPR); 

• Receipt and processing of applications for the selection of applicants for the possible establishment of an employment relationship, including the provision of a digital careers page and the administration of incoming applications, and for the storage in an applicant pool, if applicable (Art. 6 (1)(b), (a) GDPR); 

• Providing and managing a social network business page, including communication with interested parties and clients, and processing of aggregated business page insight data for the optimization of the business page’s structure and design (Art. 6 (1)(b), (f) GDPR); 

• Processing and answering your data privacy requests, and storage of your requests for documentation obligations (Art. 6 (1)(f) GDPR);. 

• Capturing, managing, and evaluating prospect contacts for handling inquiries, carrying out marketing activities, and analyzing and optimizing communication processes (Art. 6 (1)(a), (f) GDPR); 

• Analyzing and optimizing our website presence, including the measurement of user behavior and the technical management of tracking technologies via a tag management system (Art. 6 (1)(a) GDPR); 

• Protecting the website against abusive or malicious traffic, ensure security, and maintain optimal performance by distinguishing legitimate users from automated access attempts (Art. 6 (1)(f) GDPR); 

• Usage of analytics and marketing tools to identify and track user interactions across sessions, assign unique user identifiers, and store behavioral data for marketing performance and contact profiling purposes (Art. 6 (1)(a) GDPR).  
  
  

4. Recipients of data 

The data collected by us will only be forwarded on if there is a legal basis for this under data protection law in the specific case, in particular if: 

• you have given your consent (Art. 6 (1)(a) GDPR), or 

• this is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 (1)(b) GDPR), or 

• we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement (Art. 6 (1)(c) GDPR), or 

• the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (Art. 6 (1)(f) GDPR). 

Your data will be forwarded especially to the following recipients: 

• Hosting provider: Hostinger International Limited, 61 Lordou Vironos str., 6023 Larnaca, Cyprus – privacy notice: https://www.hostinger.com/legal/privacy-policy; 

• Cosent Management Platform “Cookiebot”: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark – privacy notice: https://www.cookiebot.com/en/privacy-policy/; 

• Google (Google Maps, Google Tag Manger, Google Analytics, Google Fonts): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – privacy notice: https://business.safety.google/privacy/; 

• LinkedIn (social network business page): LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – privacy notice: https://www.linkedin.com/legal/privacy-policy; joint controller agreement: https://legal.linkedin.com/pages-joint-controller-addendum;. 

• HubSpot (marketing and tracking tool): HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland – privacy notice: https://legal.hubspot.com/privacy-policy. 

• Cloudflare (Content delivery network and security service for attack prevention and website performance optimization): Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA – privacy policy: https://www.cloudflare.com/privacypolicy/  
  
  

5. Transfer to third countries 

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.  

If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework. 

If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR). 

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. 

If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this. 

Your data may be forwarded especially to the following recipients in third countries: 

• Google (Google Maps, Google Analytics, Google Fonts): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework); 

• LinkedIn (social network business page): LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework);. 

• HubSpot (marketing and tracking tool): HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA (adequacy decision, certified for the EU-US Data Privacy Framework); 

• Cloudflare (Content delivery network and security service for attack prevention and website performance optimization): Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (adequacy decision, certified for the EU-US Data Privacy Framework); 
  
  

6. Storage period 

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case. 

Your data will be stored especially for the following periods: 

• Connection data: for the time of your visit and beyond in logfiles for a limited period; 

• Contact data: for the time necessary to process your request, and at least for three years in case of data privacy requests; 

• Applicant data: duration of your employment relationship (if we accept your application), or six months at latest (if we refuse your application) or beyond, if you give us your explicit consent; 

• Newsletter data: for the time of your subscription and beyond for documentation obligations. 
  
  

7. Data subject rights 

You have the rights of data subjects formulated in Art. 7 (3), Art. 15 – 22 GDPR at any time if the respective legal requirements are met:  

• Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR); 

• Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes (Art. 21 GDPR); 

• Right to obtain information about your personal data processed by us (Art. 15 GDPR); 

• Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR); 

• Right to erase your personal data (Art. 17 GDPR); 

• Right to restrict processing of your personal data (Art. 18 GDPR); 

• Right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR); 

• Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR). 

To assert your rights described here, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request. 

Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. 

8. Requirement for the provision of data 

In principle, there is no obligation to provide your data. The use of our website is usually possible without providing personal data. As far as personal data (for example, name, address, or email addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.  

If the provision of your data is required to conclude a contract, to fulfil legal obligations, to make contact or to use other services and functions (e.g. subscribe to the newsletter), the corresponding input fields are marked as mandatory (usually with an asterisk (*)). In this case, any contract cannot be concluded, the specific service cannot be provided or the function cannot be used without the data provided. 

Other information not marked as mandatory fields is voluntary. The entry of such data is then not necessary for the conclusion of any contract, for the provision of the service or for the use of the function and has no influence on the fulfilment of the contract. 

9. Automated decision-making 

Automated decision-making including profiling in accordance with Art. 22 GDPR which produces legal effects or similarly significantly affects you does not take place. 

10. Access and storage of information on the device 

We only access or store information on your device if this is strictly necessary to provide your requested digital service, i.e. for the main functions of our website, or if you haven given your prior consent, i.e. for optional services, according to implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG. 

The following cookies will be stored on your device: 

• “wp_consent_functional”, “wp_consent_marketing”, “wp_consent_preferences” (1 month): stores consent for the use of essential functional cookies, marekting cookies and for cookies used to save user preferences in wordpress.  

• “cmplz_banner-status” (1 year): storage whether the consent banner has been closed; 

• “cmplz_policy_id” (1 year): storage of the cookie policy’s version; 

• , “cmplz_consented_services”, “cmplz_functional”, “cmplz_marketing”, “cmplz_preferences”, “cmplz_statistics” (1 year): storage of the decision regarding the categories of services in the banner of the WordPress plugin Complianz GDPR.“_ga” (2 years): used by Google Analytics to distinguish users; 

• „_ga_YYCGQ9CCN5 (2 years): used by Google Analytics 4 to maintain session state. 

• “__cf_bm” (30 minutes): used to distinguish between legitimate user requests and potentially harmful bot traffic, thereby supporting website security features; 

• “_cfuvid” (Session): used by Cloudflare to identify trusted web traffic during a session and detect malicious activity; 

• “__hssc” (30 minutes): used by HubSpot to track sessions and determine whether to increment the session number and timestamps; 

• “__hssrc” (Session): used by HubSpot to identify a new session; set each time the browser starts; 

• “__hstc” (180 days): used by HubSpot as the main tracking cookie; stores time-related visit data and visitor ID; 

• “hubspotutk” (180 days): used by HubSpot to identify a visitor across forms and deduplicate contact records in the CRM. 

The following elements in the web storage will be stored on your device: 

• “elementor”: counter for the page views, number of the sessions and the shown pop-ups for the pop-up functionality of the WordPress plugin Elementor; 

• “hasVisited”: storage whether a page has been visited before for the pop-up functionality of the WordPress plugin Elementor; 

• “hideBar”: storage that a banner text has been hidden by the user. 

• “wpEmojiSettingsSupports”: storage of emoji support related information. 

• “ucData: stores user consent settings for different cookie categories (e.g., marketing, preferences). 

• „ucString“: encodes the user’s consent choices for sharing with third-party tools. 
  
  

11. Usage of imprint data 

The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information materials is hereby expressly contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.