top of page

Privacy Policy: Evoya AI GmbH

Last Update: March 26, 2024

Please note: The original text of this document is in German, which is the legally binding language of the document. This English translation is provided for convenience only. In legal contexts, it's common practice to specify the controlling language of a document to ensure there's no ambiguity about which version is legally enforceable. Should there be any discrepancy between this translation and the original German text, the German text will prevail.

1. Types of Data Collected
A specific listing of the personal information collected is not provided by the Controller. Comprehensive information about the various categories of personal data that are processed can be found in the relevant sections within this privacy policy or are supplemented by information notices presented to users before their data is collected. Users have the option to share their personal data voluntarily or to observe how certain usage data is automatically collected as soon as they visit the website. Providing the information requested by the website is, unless otherwise noted, necessary to access the services offered. Should users refuse to provide this information, it could result in the website being unable to offer its services. If the website designates the provision of certain data as optional, users are free to provide it or not, without it affecting the service. If users are uncertain about the necessity of certain data, they can contact the Controller. The use of cookies or other tracking technologies on this website and by external service providers serves to provide the services requested by the user and other goals that are outlined in this document and in the Cookie Policy. Users are responsible for any personal data of third parties that are collected, published, or shared through this website.

2. Procedures and Location of Data Processing


2.1. Processing Methods

The Controller processes users' data carefully and implements adequate protective measures to prevent unauthorized access, sharing, modification, or destruction of the information. The processing is carried out using computer technology or IT-supported systems according to predefined organizational procedures that are specifically aimed at the defined objectives. In addition to the Controller, internal parties (such as employees of HR, sales, marketing, legal departments, system administrators) as well as external parties, if necessary and designated by the Controller as data processors (including technical service providers, delivery services, hosting providers, IT companies, communication agencies), may have access to the data as part of the operation of this website. The Controller can provide a list of these parties upon request.


2.2. Processing Location
The processing of data takes place both at the location of the Controller and at other locations where the parties involved in data processing may be located. Depending on the residence of the users, the transmission of data may involve a transfer to countries outside their own country. Users can consult the section with detailed information on data processing to learn more about the processing locations.

2.3. Retention Period

Personal data is retained for the duration necessary to fulfill the purposes for which it was collected and may, under certain circumstances, be stored longer due to legal requirements or with the consent of the user, unless otherwise specified in this document.


3. Cookies and Tracking Policy

This website uses tracking technologies. For detailed information, please refer to our Cookie Policy.

4. Additional Information for Users from the European Union

This section specifically addresses users within the European Union in accordance with the General Data Protection Regulation (GDPR) and supersedes any conflicting information in this privacy policy. Detailed information about the types of data processed, the purposes of data processing, categories of recipients of personal data, and further details can be found under "Detailed Presentation of Data Processing" in this document.


4.1. Basis for Data Processing The processing of personal data is only carried out under the following conditions:

  • Users have given their consent for specific processing purposes.

  • The processing is necessary for the performance of a contract with the user or for pre-contractual measures.

  • To comply with a legal obligation of the provider, processing is required.

  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

  • For the protection of the legitimate interests of the provider or a third party, processing is necessary. The provider informs upon request about the specific legal basis of each data processing, especially regarding the necessity of providing personal data.


4.2. Retention Period

Personal data is processed and stored according to the original purpose of its collection and, where applicable, stored longer due to legal requirements or with the user's consent. Specifically, this means:

  • Data collected for the fulfillment of a contract between the provider and the user remains stored until the complete fulfillment of the contract.

  • Data collected on the basis of the provider's legitimate interests remains stored as long as necessary to fulfill these purposes. Users can obtain more information about these interests by contacting the provider.

  • The provider may store data with the user's consent beyond the initially necessary period, as long as the consent is not withdrawn. Additionally, longer storage may be necessary to comply with legal requirements or orders from authorities. After the end of the retention period, the data will be deleted, thus rights such as access, deletion, correction, and data portability can no longer be claimed.


4.3. Rights of Users under the GDPR

Users have extensive rights regarding the processing of their data, including:

  • Withdrawal of consent at any time.

  • Lodging an objection to data processing when it is not based on consent.

  • Requesting information about their own data, its processing, and receiving a copy.

  • Requesting the correction or updating of data.

  • Requesting the restriction of processing.

  • Requesting the deletion of personal data.

  • Receiving the data in a portable format and transferring it to another controller.

  • Lodging a complaint with the competent supervisory authority. Users also have the right to be informed about the legal basis for data transfers abroad or to international organizations and about the protective measures taken by the provider.


4.4. Details on the Right to Object to Data Processing

If personal data is processed based on public interest, in the exercise of official authority, or for the pursuit of legitimate interests of the provider, users have the right to object to this processing. Such an objection can be made for reasons related to the user's particular situation. Users are also informed that they can object at any time and without giving reasons to the use of their personal data for direct marketing purposes. If a user objects to processing for these purposes, their data will no longer be used for direct marketing. Information on whether the provider uses personal data for direct marketing purposes can be found in the relevant sections of this document.


4.5. Exercising User Rights

Requests to exercise the rights of users should be directed to the provider using the contact details provided in this document. These requests are processed by the provider free of charge and as quickly as possible, at the latest within one month. The provider also informs all third-party recipients about any correction, deletion of data, or restriction of processing, unless this is not possible or involves a disproportionate effort. Upon request, users will be informed about these third-party recipients.

5. Additional Information on Data Collection and Processing

5.1. Legal Actions

Users' personal data may be used for legal purposes, particularly if legal actions are necessary due to improper use of this website or its services. Users acknowledge that the provider may be required to disclose personal data upon governmental request.


5.2. Supplementary Information on User Data

Beyond the information provided in this privacy policy, the website may offer users specific, additional information related to certain services or the processing of personal data upon request.

5.3. System Logs and Maintenance

For operation and maintenance purposes, this website and third-party services may keep system logs that record interactions through this website, or use other personal data such as the IP address for this purpose.


5.4. Requests for Unlisted Information

If users wish for further information on data collection or processing that is not included in this privacy policy, they can contact the provider.


5.5. Changes to the Privacy Policy

The provider reserves the right to make changes to this privacy policy at any time. Users will be informed on this website and, where technically and legally feasible, through direct communication. It is recommended to regularly visit this page to stay informed about any changes, especially in regard to the last update date noted at the end of the page. If changes affect the use of data based on the user's consent, the provider will, if necessary, seek renewed consent.

6. Definitions and Legal Framework

6.1. Personal Data

Any information that enables the identification of a natural person directly or through combination with other data.

6.2. Usage Data

Data automatically collected by this website (or by third-party services providing services for this website). This includes, among other things, IP addresses or domain names of the users' computers, URI addresses, the time of the request to the server, the method used to submit the request, the size of the response received, the status code of the server's answer, country of origin, details about the used browser and operating system, the duration of stay on individual pages, the navigation path within the application, and other technical information about the device and the IT environment of the user.


6.3. User

The individual using the website, who is usually identical to the Data Subject.


6.4. Data Subject

Natural person whose personal data is processed.


6.5. Data Processor

Natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.


6.6. Controller (or Data Controller)

Natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data. Unless otherwise specified, this refers to the operator of the website.


6.7. This Website (or Application)

The means by which the personal data of the user is collected.


6.8. Service

The service provided by this website as described in the terms of use (if available) and on this website.


6.9. European Union (EU)

Refers, unless otherwise defined, to all member states of the EU and the EEA.


6.10. Legal Notice

This privacy policy applies exclusively to this website and the Evoya platform, unless otherwise stated in this document. It should be noted that this privacy policy does not cover the data processing practices of third-party providers that may be accessible through links on this website or within the Evoya platform. We recommend users directly consult the privacy policies of such third-party providers, as we do not assume responsibility for their procedures and handling of personal data.

bottom of page