Privacy Policy & how we process data.

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States is:

Pinnipedia Technologies GmbH
Paretzhofer Straße 44
14669 Ketzin/Havel
Germany

Represented by: Alexandra Cosma, Prof. Dr. Gerhard Wunder
Managing directors

Email: info@pinnipedia.ai

Data protection contact: privacy@pinnipedia.ai
For requests under Articles 15 to 22 GDPR.

The protection of your personal data matters to us. We process your data only on the basis of statutory provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Digital-Services Data Protection Act (TDDDG). This policy informs you about the nature, scope, and purpose of the processing of personal data on our website.

Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

When you visit our website, Vercel automatically collects information in so-called server log files that your browser automatically transmits. This includes: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address.

Data transfer to the USA is based on the EU-US Data Privacy Framework.

The legal basis for data processing is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the stable and secure provision of our website.

When you contact us via our contact form, the data you provide will be stored for the purpose of processing your inquiry. The following data is collected:

• Name
• Email address
• Phone number
• Company name
• Your message

Data Storage (Supabase)

Data submitted via the contact form is stored in a database hosted by Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992. Data transfer is based on the EU Standard Contractual Clauses.

Email Notification (Microsoft Outlook)

Additionally, the data is forwarded to our team by email. We use Microsoft Outlook for this purpose. Microsoft also processes data in the USA. Data transfer is based on the EU-US Data Privacy Framework.

The legal basis for processing is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to business inquiries).

Data will be deleted once it is no longer required for the purpose for which it was collected. For personal data from contact forms, this is no later than five years, unless statutory retention obligations apply.

When you contact us by email, your details, including the contact data you provide, will be stored for the purpose of processing the inquiry and for possible follow-up questions.

The legal basis for processing is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest).

Data will be deleted once it is no longer required for the purpose for which it was collected, but no later than five years.

Each time our website is accessed, information is automatically collected by the web server and stored in server log files:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access was made (referrer URL)
• Browser used and, if applicable, operating system
• Name of your internet service provider

This data is evaluated exclusively to ensure trouble-free operation of the website and to improve our offering. This data is not merged with other data sources.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the security and stability of our website.

Our website uses only strictly necessary cookies that are required for the operation of the website. These cookies do not store personal data and are automatically deleted at the end of your browser session.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest) or § 25(2) TDDDG, storage strictly necessary for the operation of the service you requested.

This website uses web fonts for uniform display of typefaces. The fonts are installed locally on our server. No connection to external servers is made.

Your personal data will not be transferred to third parties unless:

• You have given your express consent pursuant to Art. 6(1)(a) GDPR.
• The transfer is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims.
• There is a legal obligation to transfer pursuant to Art. 6(1)(c) GDPR.
• This is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the performance of contractual relationships.

Within the website visit we use the widely-used SSL/TLS procedure in combination with the highest encryption level supported by your browser. You can recognise whether an individual page of our website is being transmitted in encrypted form by the closed lock icon in the status bar of your browser.

Beyond transport encryption, we apply technical and organisational measures (TOMs) appropriate to the risk, pursuant to Art. 32 GDPR. A TOM overview is available on request from privacy@pinnipedia.ai.

You have the following rights with respect to personal data concerning you:

Right of Access (Art. 15 GDPR)

You have the right to request information about your personal data processed by us.

Right to Rectification (Art. 16 GDPR)

You have the right to request immediate rectification of inaccurate personal data or completion of incomplete personal data stored by us.

Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller.

Right to object (Art. 21 GDPR)

Object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(e) or (f) GDPR, including profiling.

Right to withdraw consent (Art. 7(3) GDPR)

Where processing is based on your consent, you can withdraw it at any time with effect for the future.

Right to lodge a complaint (Art. 77 GDPR)

Lodge a complaint with a supervisory authority. The authority competent for us is listed in the next section.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
(The State Commissioner for Data Protection and Access to Information Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow, Germany
Website: www.lda.brandenburg.de

We may update this policy to reflect changes in our technology, our processors, or the legal framework. The date at the bottom of this page shows when it was last revised. Material changes will be announced on this page before they take effect.