Privacy Policy

We take the confidentiality and the protection of your personal data very seriously. Therefore, we process your personal data only to the extent permissible under statutory provisions, in particular under the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

With this Privacy Policy we would like to inform you in accordance with Art. 13ff GDPR about the nature of the processing of your personal data via our website “gaia.law” (hereinafter “Website”) and in providing our services, the purposes of such data processing and about the rights to which you are entitled. Personal data is any information relating to an identified or identifiable natural person.

‍

I. General Information

1. Controller

GAIA Technologies GmbH, Kurfürstendamm 195, 10707 Berlin (hereinafter “we”), is responsible for processing your personal data pursuant to Art. 4 (7) GDPR.

2. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing the data protection strategy and ensuring compliance with data protection laws and regulations.

‍
The DPO's contact information is as follows:
Name: Kertos GmbH
Email: dsb@kertos.io

3. Transfer to third parties

We may transfer your personal data to third parties where necessary to provide our Website or services. If we use external service providers, these have been carefully selected by us and commissioned in writing and only process your personal data on our behalf. If necessary, we have concluded a processing agreement pursuant to Art. 28 GDPR with them. The categories of recipients we transfer your data to are cloud service providers, management tool providers, marketing tool providers and technical service providers.

4. Transfer to third countries

We may transfer your personal data to non-EU/EEA countries. Insofar as there is no adequacy decision for these countries according to Art. 45 GDPR, we transfer your personal data subject to appropriate safeguards according to Art. 46 GDPR. 

5. Blocking and deletion

Your personal data will be deleted or blocked as soon as the purpose for processing no longer applies. We will further retain your data if we are legally obliged to do so, especially for tax and accounting purposes. Blocking or deletion of your personal data will also take place if a retention period prescribed by the standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

6. Data security and security measures

We undertake to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g. when sent by e-mail - may be read by third parties. We have no technical influence on this. It is your responsibility as a user to protect the data you provide against misuse by means of encryption or in any other way.

‍

II. Our Processing Activities

In the following we would like to provide an overview of the personal data we process, the purposes we process them for as well as the legal basis for such processing activity.

1. When you visit our Website

Each time you access our Website the following personal data is automatically processed:

• IP address of your requesting computer
• browser type, browser version and language used
• your operating system
• date and time of access of your visit
• name of your access provider
• name of the specific page or file accessed, and the amount of data transferred (access status/http status code)
• website from which your system accesses our Website (“referrer URL”)

The legal basis for this processing is our legitimate interest (Art. 6 (1) (f) GDPR). We weighed our interest in providing as well as operating and securing this website against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, the provision of the Website is technically impossible. This also applies to its operation and security. In this context, the security of the website also serves your interests.

The log files are deleted after the end of the respective browser session, at the latest after 7 days. Personal data, which must be stored for further evidentiary purposes, is excluded from deletion until the respective incident has been finally clarified.

2. When you sign up for our newsletter

When you sign up for our newsletter, through which we will inform you about our company, products or to draw your attention to events that we are organizing.

When you register, we collect the following personal data from you for the purpose of sending the newsletter:

• name,
• e-mail address and
• voluntary additional information (e.g.,position)

The legal basis for the processing of your personal data for the aforementioned purposes is, in the case of contacting our customers business contacts or their representatives, our legitimate interest in providing information about our service offerings and events in the context of existing business relationships pursuant to Art. 6 (1) (f) GDPR or otherwise your expressly granted consent pursuant to Art. 6 (1) (a) GDPR.

You have the right to object to the processing of your data at any time if the processing of your data is based on our legitimate interest, or to revoke your consent with effect for the future. To do this, you can write to us at info@gaia.law or informally using the contact details provided above or unsubscribe from the newsletter using the link contained in the newsletter email. Your data will be deleted immediately after unsubscribing from the newsletter.

For the above-mentioned purpose, we may transfer your personal data to HubSpot,Inc.

3. When you sign up for our demo

When you sign up for our demo, we process the following information:

• First Name
• Surname
• E-Mail Adress
• Company name
• Number of employees

The legal basis for this data processing is the performance of a contract or steps taken at your request prior to entering into a contract, as outlined in Article 6(1)(b) of the GDPR. We use your data solely for the purpose of arranging and conducting the demo.

Your personal data will be deleted after final answering, as far as there are no legal or other obligations to store.

For the above-mentioned purpose, we may transfer your personal data to Calendly, LLC and HubSpot, Inc.

4. Online events and webinars

When you take part in our online events and webinars, we process the following information:

• name, email address
• voluntary additional information (e.g., position)
• video and sound recording
• Metadata (call history (date, time and duration of communication), name of the meeting, device/hardware data, connection data (call number, country name, start and end times, IP addresses),location data, support and feedback data.

We process your data for the purpose of conducting the event, as well as for documenting the event through image and sound recordings and using the resulting recordings for press and public relations.

The legal basis for this processing of your personal data is principally Art. 6 (1) (b) GDPR (contract for the implementation of the event) or your explicit consent according to Art. 6 (1) (a) GDPR. Insofar as the processing of your personal is neither necessary for the performance of a contract with us or in order to take steps prior to entering into a contract, the legal basis for the processing is Art. 6 (1) (f) GDPR. In such a case, it is our legitimate interest to communicate with you and to manage and document the communications.

5. When you apply for a job on our career website(s)

If you apply to us in response to open positions published on our career website(s) or if you send us an unsolicited application (e.g., via join@gaia.law), we process the following categories of personal data during the application process:

• private contact and identification information
• personal data on your professional qualifications
• place of study or training, certificates
• the personal data you provide to us in your curriculum vitae including photos of you
• any other personal data you may have provided in the application

The person responsible for the application process at GAIA will receive your application documents and they will be forwarded internally to other application decision-supporting team members of GAIA. § 26 (1) BDSG in conjunction with Art. 88 (1) DSGVO and Art. 6(1)(b) GDPR are the legal basis for this data processing. Any information that you provide voluntarily, and which goes beyond the required amount will be processed in our legitimate interest Art. 6(1)(f) GDPR in being able to respond to your application in the best possible way.

In case of a successful application, we will process your personal data for the purposes of the (prospective) employment relationship in accordance with a separate data privacy policy, which you will then receive from us. Otherwise, we will generally store your data for a period of six (6) months according to AGG, from the time of receipt of the rejection by you. Your application documents are then deleted.

For the above-mentioned purpose and for the provision of the application information we use the service provider Notion Labs, Inc.

6. When you download a template / whitepaper / guide on our website

When you download certain free documents, such as whitepapers, guides, or templates, from our website, we collect the following personal data: 

• first name
• last name
• work email address
• telephone number. 

The legal basis for this data processing is the performance of a contract or steps taken at your request prior to entering into a contract, as specified in Article 6(1)(b) of the GDPR. This data is collected to provide you with the requested documents and to follow up with you regarding related content or services.

7. Cookies and Plugins

a)     Functional cookies

We use functional cookies to ensure functionality of our Website. Cookies are small text files that store information on the user behavior when visiting a website and that are placed on the user’s computer and held available for further visits to the website. These cookies do not cause any damage to your computer and do not contain any viruses.

The information obtained using functional cookies will not be linked to your IP address. No other personal data is collected. We use the information contained in these cookies to enable, analyze, and prove the operation and use of our Website and in order to ensure our IT security. 

You may also visit our Website without cookies being used, if you have disabled the storage of cookies by adjusting your browser settings accordingly. However, in doing so, you may not be able to use all functions of our Website.

The legal basis for the data processing is our legitimate interest (Art. 6 (1) (f) GDPR). We weighed our interest in providing the cookie-dependent functions of this Website against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, it is not technically possible to provide the functions. At the same time, the option outlined above is open to you to prevent the processing of your personal data in connection with cookies.

As soon as you close your browser, the session cookie is automatically deleted by default, unless you have made a different setting in the cookie settings of your browser.

b)   Analytics and Marketing Tools

Google Analytics and Google Search Console

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses so-called tracking pixels and cookies. The information generated by a cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization, Google will truncate your IP address beforehand within the European Economic Area (European Union and other Member States). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

On our behalf, Google will use this information for the purpose of evaluating your use of the websites, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

The processing of your personal data is based on your consent (Art. 6 (1) (a) GDPR. You can revoke your consent at any time for the future by changing the cookie settings.

Google processes your personal data in the USA. The transfer of data to the USA is possible due to the Data Privacy Framework.

Hubspot-Pixel

This website uses the Hubspot Pixel of Meta Platforms LLC. This enables the tracking of users of this website also via other websites that use the Hubspot Pixel. This is used for the analysis and optimization of our online offer, in particular retargeting, i.e., renewed advertising on our website and other websites as well as the allocation to target groups.

To do this, we process ads you have viewed, browser information, content viewed, device information, geographic location, interactions with ads, services and products, IP address, marketing information, non-confidential custom data, pixel ID, referrer URL, marketing campaign success, usage data, user behavior, user ID.

The processing of your personal data is based on your consent (Art. 6 (1) (a) DSGVO). You can revoke your consent at any time for the future by changing the cookie settings.

Hubspot may process your personal data in the USA. The transfer of your personal data to the USA is generally possible under the Data Privacy Framework.

c)    Social Media Plugin

We currently use the following social media plug-ins: Instagram and LinkedIn. We process your personal data to provide you with the functionalities of the respective social media plug-in.

We use social media plug-ins to communicate with customers and interested parties. In addition, we evaluate the content to find out what moves our users most and what they write about which editorial post. This info is used to optimize our offer.

We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. Only by activating the respective social media plug-in is the respective processing initiated.

You can recognize the provider of the plug-in via the marking on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and there by activate it, the plug-in provider receives the information that you have accessed the corresponding web page of our online offer.

We process customer data, social media IDs and content posted via social media for this purpose.

The processing of your personal data is based on our legitimate interest (Art. 6 (1) (f) GDPR). We have balanced our interest in the use of social media plug-ins against your interest in the confidentiality of your personal data, whereby our interest prevails. Without the processing of personal data, it is not possible to provide the respective social media plug-ins. Moreover, the use of the social media plug-ins is voluntary and must first be activated by the user.

We disclose your personal data to the following entities:

For the provision of the Facebook plug-in and the Instagram plug-in:

Meta Platforms Ireland Ltd, 4 GrandCanal Square, Grand Canal Harbour, D2 Dublin, Ireland.

For the provision of the LinkedIn plug-in:

LinkedIn Ireland Unlimited Company,Wilton Pl, Dublin, Ireland

‍

III. Transfer to third parties

We may transfer your personal data to third parties where necessary to provide our Website or services. If we use external service providers, these have been carefully selected by us and commissioned in writing and only process your personal data on our behalf. If necessary, we have concluded a processing agreement pursuant to Art. 28 GDPR with them. The categories of recipients we transfer your data to are cloud service providers, management tool providers, marketing tool providers and technical service providers.

IV. Data Subject Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

• right of access
• right to rectification
• right to erasure (“right to be forgotten”)
• right to restriction of processing
• right to object to the processing
• right to withdraw consent
• right to data portability

If we process your personal data based on our legitimate interests (Art. 6 (1) (f) GDPR), you can object to the processing by contacting us (see “Controller” for contact details). The same applies if we process your data based on your consent, you have the right to revoke your consent at any time with effect for the future.

Furthermore, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your personal data

‍

‍