GREYD GmbH (“we“) take the protection of your personal data seriously and would like to inform you at this point about data protection in our company.
As part of our data protection responsibilities, the entry into force of the EU General Data Protection Regulation (“GDPR“) has imposed additional obligations on us to ensure the protection of personal data of the data subject (“you“).
Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes in particular the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 DSGVO). With this declaration (“data protection declaration“), we comply with this duty to inform.
Our data protection declaration has a modular structure. It consists of a general part for all processing of personal data and processing situations (A. General) and special parts, the content of which only relates to the processing situation specified there. This includes data processing when using our website and social media presences (B.), as well as the processing of applicant data (C.).
The controller for the processing of your personal data within the meaning of Article 4 No.7 DSGVO is:
Mark Weisbrod (CEO)
T: +49 170 – 385 72 52
For further information on our company, please refer to the imprint details on our website
Our data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company. You can reach our data protection officer at email@example.com.
According to the GDPR, the processing of personal data is generally prohibited unless there is a specific legal basis that allows the data processing. In the following, we will first present the various legal bases for data processing. In the context of the presentation of the individual data processing, we then explain on which specific legal basis we base the respective data processing (a processing can also be based on several legal bases).
According to the GDPR, the processing of personal data is lawful in the following cases:
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in this data protection declaration.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute or other legal proceedings or if longer storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, §147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (this includes, for example, SSL encryption for our website to prevent third parties from gaining knowledge of the data that is transmitted to us when you access our website). This is done taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see A. (3)).
For certain areas of data processing, such as web analytics, we use commissioned processors. These processors only act on our instructions and have been carefully selected in accordance with Article 28 of the GDPR and are contractually obliged to comply with the data protection regulations at the same level as we ourselves comply with them.
The use of external services may result in the transfer of data to third countries outside the European Union. Insofar as a lower level of data protection exists in these countries than in the European Union and insofar as no adequacy decision issued by the European Commission pursuant to Article 45 of the GDPR exists for these countries, we act with internal agreements and regulations to ensure an adequate level of protection for your data. To achieve this goal, we also make use of standard contractual clauses of the European Union. Insofar as these measures are not possible or sufficient, we would like to point out to you that the transfer of your data to third countries is based on your consent in accordance with Article 49 of the GDPR (- you give us your consent via our Consent Tool by informing you again about the risks mentioned here at the same time) and may also be necessary for the performance of the contract in accordance with Article 49 of the GDPR. However, we would like to point out at the same time that in these cases (transfer of data to third countries) there is a possibility that the protection of your data is not guaranteed to the same extent as within the European Union. In the USA in particular, security authorities have easier access to personal data. In such cases, you will not be able to assert your above-mentioned data subject rights with the same effectiveness as within the European Union.
We do not use the personal data we collect from you for any automated decision-making process (including profiling).
In principle, there is no legal or contractual obligation for you to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.
You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A. (2). You have the right as a data subject:
In the context of the further development of data protection law as well as technological or organisational changes, our data protection declaration is regularly checked for the need to adapt or supplement it. You will be informed of any changes in particular on our website at https://greyd.de/en/data-privacy/. This data protection declaration is valid as of April 2023.
This Data Protection Declaration was originally drawn up in German and then translated into English. In the event of any inconsistency between the two versions, the German language version shall prevail.
You can obtain information about our company and the services we offer in particular at https://greyd.de/en (“websites“). When you visit our websites, your personal data may be processed.
During the informative use of the websites, as soon as you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
When using contact forms, the data transmitted in this way is processed (e.g. surname and first name, e-mail address, content of the enquiry and the time of transmission). We store this data to the extent necessary to answer your enquiry and to be able to contact you personally. We proceed in the same way if you contact us by e-mail or text message.
We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Article 6 para. 1 sentence 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection. The legal basis is Article 6 para. 1 p. 1 lit. f GDPR.
Contact form data and e-mail enquiries are processed for the purpose of handling enquiries from (potential) customers and other interested parties. The legal basis is Article 6 para. 1 sentence 1 lit. a and lit. b GDPR, as you send us your enquiry on the basis of your voluntary consent and your enquiry – insofar as you are a potential customer – may also serve to implement a contractual relationship.
The following categories of recipients may receive access to your personal data:
In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.
For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A (8).
This website uses Google Analytics a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer through the statistics and reports obtained and to make it more interesting for you as a user.
We primarily record the interactions between you and our websites with the help of cookies (see B (7)), data on the device/browser, IP addresses and website or app activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as website operators, with information about the country, region or location from which the respective user originates (so-called “IP location determination”). For your protection, however, we naturally use the anonymisation function (“IP masking”), i.e. Google (as a rule) truncates the IP addresses by the last octet within the EU/EEA.
Google acts as a processor for us in accordance with Article 28 GDPR and we have concluded a corresponding contract with Google. The information generated by the cookies set for this purpose (see B (7)) and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country (for information on the transfer of data to third countries, see A (8) in total).
The legal basis for the collection and further processing of your personal data (which, according to Google, takes place for a maximum of 13 months after the respective collection) is your consent (Article 6 para. 1 s. 1 lit. a GDPR). You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is to use our Consent Manager (the pop-up window that appears the first time you visit our website and asks for your consent for various cookies) or to install the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
Part of our use of Google Analytics is also the use of Google Optimize to perform A/B tests.
A/B tests serve to increase the attractiveness and functionality of our website. In this process, content, functional or design adjustments are played out to a percentage of our users on a test basis and the change in usage is statistically evaluated.
Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
We create pseudonymous usage profiles with the help of Google Analytics in order to design our websites according to your needs. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us. In this way, we are able to recognise and count returning visitors as such and to find out how often our web pages have been accessed by different users. The data processing takes place on the basis of Article 6 para. 1 lit. a GDPR (consent) in our Consent Tool.
The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, as we have activated IP anonymisation on our website, your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there (for more information on the purpose and scope of data collection, see e.g. https://policies.google.com/privacy?hl=de&gl=de). We have also concluded an order processing agreement with Google LLC (USA) in accordance with Article 28 GDPR. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our websites for us and compiling reports on website activity.
Google uses the following cookies when you visit our website and consent to the use of the Google Analytics cookie:
This cookie helps us to count how many people visit our websites when you have already visited them.
This cookie helps us to count how many people visit our websites.
This cookie allows us to manage the frequency with which requests were made to view a page.
You can revoke your consent at any time. Please use one of the following options to do so:
Furthermore, we operate advertising measures for our website by integrating the so-called “Facebook Pixel”, a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Facebook Pixel on our website enables us to display our advertising measures (“Facebook Ads”) to users of our website and the social network Facebook and to measure and evaluate the success (“Conversion Tracking”). This connection of Facebook and our website is technically carried out via the “Facebook Pixel”. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a GDPR, i.e. the integration only takes place after your consent.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore present you with the processes known to us: Through the integration of the Facebook pixel, Facebook receives the information that you have called up the corresponding web page of our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may learn your IP address and other identifying features and use them to create your profile.
The information collected is stored on Facebook servers, also in the USA. S. on data transmission to third countries A (8).
You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is via our Consent Manager or by clicking [here]. In addition, (logged-in users only) can object via the provider’s function under the following link: www.facebook.com/settings/?tab=ads#_. If you are not a (logged in) user of Facebook, you may be able to technically declare your revocation via an alternative solution provided by third-party providers, which should be individually integrated into the website as a script (e.g. github.com/ovlb/demos/blob/master/lib/FacebookPixelController/FacebookPixelController.js).
We also use the “Custom Audiences” remarketing function, which also uses the Facebook pixel, to display interest-based advertisements when you visit our website or other websites that have also integrated the Facebook pixel. This allows us to show you advertisements that are of interest to you in order to make our website more interesting for you and to market our offer.
We do not use social media plugins on our websites. If our websites contain symbols from or links to social media providers (e.g. Instagram, Strava), we only use these to passively link to the pages of the respective providers.
If you call up pages with a video integration, a connection to the Vimeo servers is established. This transmits the information about which video you have viewed and on which page this video was embedded.
If you have an account with Vimeo and are logged in with it, this information will also be assigned to your account.
Vimeo automatically collects certain types of data when you use Vimeo services (for example, by viewing the videos on our website), regardless of whether or not you have an account. This information includes your IP address, technical information about your device (e.g., browser type, operating system, basic device information), the web page you visited or search query you entered before reaching Vimeo, and your other activities captured by cookies used by Vimeo.
When using Vimeo, data may be transferred to Vimeo servers in the USA (see A (8) on data transfer to third countries).
Further information on Vimeos data protection can be found https://vimeo.com/privacy
We use the services of the software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland; “HubSpot”).
HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, so-called “web beacons” are used and cookies are stored on the end device you use.
In the process, the following personal data may be collected, for example:
The legal basis for the data processing is your consent pursuant to Article 6 para. 1 lit.a GDPR.
Hubspot acts as a processor for us in accordance with Article 28 DSGVO and we have concluded a corresponding contract with Google.
When using Hubspot, data may be transferred to Hubspot servers in the USA (see A (8) on data transfer to third countries).
For more information on HubSpot’s data protection, please visit https://legal.hubspot.com/de/privacy-policy.
We use the services of the software manufacturer CHARGEBEE INC (address: 340 S Lemon Avenue, #1537 Walnut, California 91789, USA, “Chargebee”).
Chargebee is a software service provider that offers subscription and payment processing. The service used is an integrated software solution that we use to manage customer data and cover various aspects of managing our subscriptions and payments. This includes, but is not limited to, managing contracts, invoices and subscriptions.
Chargebee collects only the minimum information necessary to provide the relevant software service, which may include your name, contact details or payment details, depending on the specific purpose of the customer data processing. Chargebee will only retain the data for as long as is necessary for the provision of the service.
The legal basis for data processing is your consent in accordance with Article 6 para.1 (a) GDPR.
Chargebee acts as a processor for us in accordance with Article 28 DSGVO and we have concluded a corresponding contract with Google.
When using Chargebee, data transfer to Chargebee servers in the USA may occur (see on data transfer to third countries A (8).
Further information on Chargebee’s data protection can be found here.
We use the Help Scout communication tool to offer support articles and chats on our websites. Service provider is the American company Help Scout Inc., Boston, 100 City Hall Square 5th Floor, Massachusetts, USA.
Help Scout also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.
As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there, Help Scout uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 DSGVO) . Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Help Scout undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: EUR-Lex – 32021D0914 – DE – EUR-Lex
The Data Processing Amendment, which corresponds to the standard contractual clauses, can be found at Data Processing Amendment – Help Scout
We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When you visit our profiles, your personal data is collected, used and stored not only by us but also by the operators of the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection declarations of the respective operator. The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA (see on data transfer to third countries A (8)). We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer content or advertising tailored to you. If you want to avoid this, you should log out or deactivate the “stay logged in” function, delete the cookies on your device and restart your browser.
In the following, we inform you about the data processing in the context of the use of our individual social media profiles.
We operate profiles on the social platform or video platform YouTube (“YouTube”), a service of Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (“Google”): https://www.youtube.com/@greydsuite and https://www.youtube.com/@greydsuitegermany.
We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. These videos are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the following paragraph be transferred. We have no influence on this data transmission.
As the operator of a YouTube profile and through the integration on our website, we can view the information stored in your public YouTube profile, insofar as you have such a profile and are logged into it while you call up our YouTube profile or our integrated videos. In addition, Youtube provides us with anonymous usage statistics, which we use to improve the user experience when visiting our Youtube profile. We do not have access to the usage data that Youtube collects to create these statistics.
We operate a profile on the social platform LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“Linkedin”): https://www.linkedin.com/company/greyd-gmbh/. You can access our LinkedIn profile by clicking on a link on our website. As the operator of a LinkedIn profile, we can view the information stored in your public LinkedIn profile, insofar as you have such a profile and are logged into it while you access our LinkedIn profile. In addition, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our LinkedIn profile. We do not have access to the usage data that LinkedIn collects to create these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our LinkedIn profile in line with the target group. The legal basis for the data processing is therefore Article 6 para. 1 f GDPR.
If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with (e.g. user name and email address) will be processed by us solely for the purpose of contacting you. The legal basis for the data collection is thus Article 6 para. 1 (a) (and (b) if there is a connection to a contract) GDPR. We delete stored data after 30 days, as soon as their storage is no longer necessary or you request us to delete them.
To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or needs to receive the information from the other party, we or the provider will forward your request to the other party. Please contact the operator of the social media platform directly for questions about the profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details we have provided above.