Data protection information for the Bots4You GmbH website
I. General
1. Responsible person
We, bots4you GmbH, take the protection of your personal data and the legal obligations that serve to protect it very seriously. The legal requirements require comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing will the processing be comprehensible to you as the data subject.
Our data protection information therefore explains in detail which personal data is processed by us when using our website (www.bots4you.de), all other websites referring to it and in other cases that may be explained here.
Responsible within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection requirements is
bots4you GmbH
Kölner Strasse 46
57555 Mudersbach
Phone: +49 (0) 271/ 67345411
email: dataprotection@bots4you.de
Hereinafter “Responsible person” or “we” called.
We have not appointed a data protection officer.
Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or can be recognized by a change in the address bar of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.
From the GDPR
This privacy policy uses the terms of the legal text of the GDPR. The definitions (Art. 4 GDPR) can be found, for example, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 view.
Definition: Cookies and similar technologies
cookies are text files that are stored on your device by a website or read from there. They contain combinations of letters and numbers, for example, to recognize the user and their settings when reconnecting to the cookie-setting website, to enable them to remain logged in to a customer account or to statistically analyze a specific usage pattern. WebStorage technology makes it possible to store variables and values locally in the user's browser cache. The technology includes both the so-called”SessionStorage“, which remains saved until the browser tab is closed, as well as the”localStorage“, which is stored in the browser's cache until the cache is emptied by the user. The localStorage technology makes it possible, among other things, to recognize the user and his settings when accessing our website.
Definition: Data categories
When we specify the categories of data processed, this includes in particular the following data: master data (e.g. name, address, dates of birth), contact details (e.g. email addresses, telephone numbers, messenger services), content data (e.g. text entries, photographs, videos, content of documents/files), Contract data (e.g. subject matter of contract, terms, customer category), Payment details (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrers), location data (e.g. GPS data, IP geolocation, access points).
2. Information about data processing
We only process personal data to the extent permitted by law. Personal data will only be passed on in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).
Unless we are required by law to store or transfer it to third parties (in particular law enforcement authorities), the decision as to which personal data we process and for how long and to what extent we may disclose it depends on which functions of the website you use in each individual case.
3. Storage period
The personal data will be deleted as soon as the purpose of processing no longer applies or a prescribed storage period expires, unless there is a need to continue storing the personal data for the conclusion or performance of a contract. Insofar as we need to provide information about the storage period of cookies and similar technologies, you will find the information on this at the end of this privacy policy (III.).
Personal data that we process as part of an application (see below) will be stored for a period of six months after completion of the application process.
4. Automated decisions in individual cases, including profiling
Automated decisions in individual cases, including profiling, are not made.
5. Rights of data subjects
As a data subject, you have the right to information under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. The right to information and the right of deletion are subject to the restrictions set out in Sections 34, 35 BDSG.
You have the right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
The data protection supervisory authority responsible for us/ for our head office is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Back bleach 34
55116 Mainz
However, you are free to complain to another data protection supervisory authority.
A list of supervisory authorities can be found at: https://www.bfdi.bund.de/ (under Information Center/Addresses and Links)
6. Notification obligations of the person responsible
We will inform all recipients to whom your personal data has been disclosed of any correction or deletion of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 para. 1 and Art. 18 GDPR, unless the notification is impossible or involves disproportionate effort. We will inform you about the recipients if you request this.
7. Delivery obligations
Unless otherwise explained in the information on the legal bases below, you are not obliged to provide personal data. However, in the cases under Article 6 (1) (b) GDPR, personal data is required to fulfill a contract or to conclude a contract. If you do not provide the personal data concerned, it is not possible to fulfill or conclude the contract. If you do not provide the data in the cases referred to in Article 6 (1) (a), f GDPR, it is not possible to use the affected parts of our website.
8. Right of objection and withdrawal of consent
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (f) GDPR. If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.
In accordance with Article 7 (3) (1) GDPR, you have the right to withdraw your consent informally by post or email at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of consent up to the withdrawal. Upon your withdrawal, we will delete the personal data processed on the basis of consent if there is no other legal basis for processing it.
Objection and revocation can be made informally and should be addressed to the contact details given above.
You can also withdraw certain consent (s) by deactivating the respective data processing services directly in our consent tool. Please note that you must do this on every device on which you have visited our website and consented to data processing.
II. Data processing in connection with the use of our website
The use of the website and its functions regularly requires the processing of personal data.
Provision of the website
Purpose of processing: Functionality and optimization of the website, as well as ensuring the security of our information technology systems when using our website for purely informational purposes (without using additional functions).
Legal basis: Article 6 (1) (f) GDPR
Data categories: connection data
Recipient of the data: IT service provider
Intended transfer to third country: None
Do we store or read out personal data on your device based on your consent? No
Cookie consent service
Purpose of processing: When you visit our website, certain information is stored or read out on your device if this is absolutely necessary to operate our website. This includes information that our cookie consent service processes to ensure that only cookies and similar technologies are set or read out that are technically absolutely necessary to operate our website or to which you have consented.
Legal basis: Article 6 (1) (c), f GDPR.
Data categories: usage data, connection data.
Recipients of data: None
Intended transfer to third country: None
Do we store or read out personal data on your device based on your consent? No
applications
Purpose of processing: Processing your application and carrying out the application process; consideration of your application in future application processes, provided that you have given your express consent.
Legal basis: Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG; for storage for future application processes, Art. 6 (1) (a) GDPR in conjunction with Article 7 GDPR, Section 26 (2) BDSG
Data categories: Master data, contact data, content data, contract data, connection data, if applicable, usage data and, if applicable, special categories of personal data within the meaning of Article 9 (1) GDPR (depending on the specific advertisement; only the data relating to your application that you provide to us and which we may process in the context of applications will be stored)
Recipients of data: None
Intended transfer to third country: None
Do we store or read out personal data on your device based on your consent? : No
contacting
Purpose of processing: Processing your contact request and request to call back.
Legal basis: Article 6 (1) (f) GDPR; Article 6 (1) (b) GDPR (if the request leads to a subsequent conclusion of a contract or concerns an existing contract)
Data categories: Depends on the type of request. As a rule, contact data, master data and content data are processed.
Recipients of data: None
Intended transfer to third country: None
Do we store or read out personal data on your device based on your consent? No
Google Analytics
Purpose of processing: Statistical evaluation; optimization and needs-based design of our website based on your clicking and usage behavior.
Legal basis: Article 6 (1) (a) GDPR
Data categories: usage data, connection data
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland
Intended transfer to third countries: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c GDPR)
Do we store or read out personal data on your device based on your consent? Yes (see the overview at the end of this statement for details)
Web analysis
By default, we do not use cookies for web analysis. If we use analysis and optimization cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used which enable a statistical analysis of this website, measurement of the success of our online marketing measures and test procedures, for example to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored on the user's device by the Internet browser. etracker cookies do not contain any information that enables a user to be identified.
Leadfeeder
On this website, data is collected and stored for marketing, market research and optimization purposes using the lead feeder technology from Dealfront Germany GmbH on the basis of the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR). For this purpose, Javascript-based code is used, which is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-recoverable one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website. The data stored as part of leadfeeder will be deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any legal storage requirements. You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.leadfeeder.com/privacy/ to prevent leadfeeder from collecting data within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click this link again.
Data processing is carried out on the basis of the legal provisions of Article 6 paragraph 1 letter f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offering and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, is anonymized or pseudonymized as soon as possible. There is no other use, combination with other data or transfer to third parties.
Phone bot
We offer an AI-powered telephone bot to automatically answer calls and process your request in real time. Below, we will inform you about the processing of personal data as a result.
1. Which data is processed?
Basic data: telephone number (if submitted), name, e-mail address, if applicable, or address (if provided).
Conversation content: The specific issue (e.g. demo calls, support request) that you communicate to us verbally.
Technical connection data: date/time of the call, duration, if applicable, and routing information.
We do not make a permanent audio recording. The audio signal is only used during real-time processing in our working memory to be converted into text; it is then immediately discarded.
2. Purpose & legal basis
purpose:
(a) Technical handling of the call by the AI-supported telephone bot,
(b) Processing the content of your request (e.g. support, information, message) in automated form.
legal basis:
(a) Fulfilment of the contract (Art. 6 para. 1 lit. b GDPR) if you are an existing customer or initiate a contractual relationship,
(b) Legitimate interest (Art. 6 para. 1 lit. f GDPR) when it concerns a general enquiry without direct contract reference (e.g. general information).
3. No permanent recording
We do not make audio recordings. The voice data is only temporarily stored in working memory in order to convert it into text form. At the latest after processing the request, we will delete the resulting transcript. There is no permanent or reusable conversation storage.
4. Sub-processor
For telephony and hosting infrastructure as well as for STT and TTS services, we generally use selected service providers with locations in the European Union. Contracts have been concluded with these contract processors (Art. 28 GDPR) to ensure data protection and data security in accordance with legal requirements. Since these providers may access group structures or affiliated companies globally, processing may take place outside the European Union or the EEA. In this case, we have agreed on standard contractual clauses (Art. 46 GDPR) and additional technical and organizational measures so that an appropriate level of data protection is maintained at all times.
5. Storage period & deletion
We only store data from the telephone bot for as long as is necessary to process your request or to fulfill legal obligations. Connection data (date, time, duration, routing) is automatically deleted no later than 30 days after collection, unless there is a longer storage obligation (e.g. billing). We keep transcripts (from your voice inputs) for a maximum of 30 days after completion of the process; they are then deleted unless a legal basis (e.g. verification purposes) requires longer storage. Since we do not make audio recordings and only process speech temporarily, no conversation content remains permanently in our systems.
6. Data security
We and our contracted service providers take extensive technical and organizational measures (Art. 32 GDPR) to protect your personal data from unauthorized access, loss or misuse. In particular, this includes: TLS encryption during data transport, access and access restrictions (authorized persons only), privacy mode and no-training settings, automated deletion routines (zero retention).
7. Your rights
You have the right to request information (Article 15 GDPR) about the data we process and to have any incorrect information corrected immediately (Article 16 GDPR). In addition, under certain conditions, you can request deletion (Article 17 GDPR) or restriction of processing (Article 18 GDPR) and receive your data in a structured, common and machine-readable format (Article 20 GDPR) or have it transmitted to another person responsible. If our processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR), you have a right of objection at any time (Art. 21 GDPR), which you can exercise with effect for the future. If you have given us consent, you can also withdraw it at any time (Article 7 (3) GDPR). In both cases, we will stop the processing in question, provided that there are no overriding rights or obligations to the contrary.
III. Information on the storage period of consent-based cookies and similar technologies
In the following, we will inform you about the name and duration of the cookies and similar technologies used by the above-mentioned plugins and services — if you give your consent — according to the following scheme:
Name of service: name of the cookie/similar technology (duration of operation).
In principle, access to a cookie/similar technologies is only possible from the Internet address from which the cookie is set. This means that we have no access to the cookies of the providers used (above). They do not have access to our cookies. Third parties have access neither to our cookies nor to those of the providers used. Access by third parties can only be obtained through technical attacks that we cannot control and for which we are not responsible.
Google Analytics: _ga (4 months); _utma (unique visitor) cookie) 4 months; _utmb (session cookie) 4 months; _utmc (session cookie) 4 months; _utmt.; 4 months; _utmv (visitor segmentation cookie) 4 months; _utmx (Google Analytics Content Experiment cookie) 4 months; _utmz (Campaign cookie) 4 months; _gat (4 months); _gid (4 months)
IV. Information on external pages of bots4you GmbH
Purpose of processing: We have “Facebook” on the platform at the address http://www.facebook.com/bots4you.de set up a page about our company (“Facebook page”). When you access this page, Facebook processes personal data about you. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Article 6 (1) (f) GDPR
Data categories: Master data, contact data, content data, usage data, connection data, possibly location data
Recipient of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (as joint controller, Art. 26 GDPR — the essence of the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum)
Intended transfer to third countries: In individual cases, USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c) GDPR and on the basis of adequacy decisions (Art. 45 GDPR))
Do we store or read out personal data on your device based on your consent? No
Data subject rights: Facebook is responsible for implementing your data subject rights. Facebook will inform you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will immediately forward your request to Facebook
Purpose of processing: On the “Instagram” platform of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”) at the address https://www.instagram.com/bots4you.de/ set up a page about our company (“Instagram page”). When you access this page, Facebook processes personal data about you.
Legal basis: Article 6 (1) (f) GDPR
Data categories: Master data, contact data, content data, usage data, connection data, possibly location data
Recipient of the data: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”) (as joint controller, Art. 26 GDPR — the essence of the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum be retrieved)
Intended transfer to third countries: In individual cases, USA
Do we store or read out personal data on your device based on your consent? : No
Data subject rights: Facebook is responsible for implementing your data subject rights. Facebook will inform you about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will immediately forward your request to Facebook.
LinkedIn (profile)
Purpose of processing: We have on the “LinkedIn” platform at the address https://de.linkedin.com/company/bots4you created a page about our company. When you access this page, LinkedIn processes your personal data. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Article 6 (1) (f) GDPR
Data categories: Master data, contact data, content data, usage data, connection data, possibly location data
Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (as joint controller in accordance with Art. 26 GDPR — the essence of the agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum)
Intended transfer to third countries: In individual cases, USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c) GDPR
Do we store or read out personal data on your device based on your consent? No
Data subject rights: LinkedIn is responsible for implementing your data subject rights. LinkedIn will inform you about your rights as a data subject at https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us, and we will immediately forward your request to LinkedIn.
Twitter/X
Purpose of processing: We have on the “Twitter” platform at the address https://twitter.com/infobots4you set up a profile. When you access this page, Twitter processes personal data about you. We receive statistics on the use of this site, which are derived from this data. Legal basis: Art. 6 (1) (f) GDPR
Data categories: Master data, contact data, content data, usage data, connection data, possibly location data
Recipient of the data: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”)
Intended transfer to third countries: In individual cases, USA
Do we store or read out personal data on your device based on your consent? No
Xing (profile)
Purpose of processing: On the “XING” platform of New Work SE, Dammtorstraße 30, 20354 Hamburg (“New Work”), we have https://www.xing.com/pages/bots4yougmbh created a page about our company. When you access this page, New Work processes personal data about you.
Legal basis: Article 6 (1) (f) GDPR
Data categories: Master data, contact data, content data, usage data, connection data, possibly location data
Recipient of the data: New Work SE, Dammtorstraße 30, 20354 Hamburg (“XING”)
Intended transfer to third countries: In individual cases, USA and other third countries (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c) GDPR and on the basis of adequacy decisions (Art. 45 GDPR))
Do we store or read out personal data on your device based on your consent? No
