Privacy

Thank you for visiting our website www.bridge-brain.com and for your interest in our company. With the aim of offering you the highest possible degree of transparency, we inform you below about the type, scope, and purpose of the collection, processing, and use of personal data that arise in the context of the use of our website. The General Data Protection Regulation (hereinafter referred to as “GDPR”) can be accessed here as a complete document.

Contents

• 1. Definitions of Terms
• 2. Controller pursuant to Article 4 No. 7 GDPR
• 3. Data Protection Officer
• 4. Legal Basis of the Processing
• 5. Storage of Data / Deletion of Data
• 6. Disclosure of Personal Data
• 7. Collection of Personal Data
  • 7.1 Use of our Website for Information Purposes only
  • 7.2 Contact by E-Mail
  • 7.3 Contact Form
• 8. Webflow
  • 8.1 Hosting
    • 8.1.1 Fastly
    • 8.1.2 Amazon CloudFront
  • 8.2 Cloudflare
  • 8.3 Website-files.com
  • 8.4 Legal Basis
• 9. Pirsch
• 10. Vimeo
• 11. Cloudflare
• 12. Your Rights
• 13. Right to Object
• 14. Data Security

1. Definitions of Terms

The following terms that we use in our privacy policy are defined in Art. 4 GDPR. This is only an excerpt from Art. 4 GDPR. All definitions can be found in the GDPR (available here).

Personal data (Art. 4 No. 1 GDPR)

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing (Art. 4 No. 2 GDPR)

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pseudonymization (Art. 4 No. 5 GDPR)

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller (Art. 4 No. 7 GDPR)

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Third Party (Art. 4 No. 10 GDPR)

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

Consent (Art. 4 No. 11 GDPR)

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Company (Art. 4 No. 18 GDPR)

An enterprise is a natural or legal person engaged in an economic activity, irrespective of its legal form, including associations or partnerships regularly engaged in an economic activity (Art. 4 No. 18 GDPR).

2. Controller pursuant to Article 4 No. 7 GDPR

BRIDGEBRAIN GmbH

Ölmühlweg 33

61462 Königstein im Taunus

Phone: +4961742939510

Email: info@bridge-brain.com

Complete imprint available here.

3. Data Protection Officer

You can reach our data protection officer Ms. Sabine Eich by post:

BRIDGEBRAIN GmbH

Ölmühlweg 33

61462 Königstein im Taunus

With the addition:

"For the attention of the Data Protection Officer of BRIDGEBRAIN GmbH"

and by email to: datenschutz@bridge-brain.com

4. Legal Basis of the Processing

For each processing operation described in our privacy policy, we will inform you of the legal basis on which the processing is carried out. A distinction is made between the following groups of cases in which processing is lawful:

• You have given us your consent to the processing of personal data concerning you for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR).
• There is a contract between you and us for the performance of which the processing is necessary or the processing is necessary for the performance of pre-contractual measures taken at your request (Art. 6 para. 1 sentence 1 lit. b GDPR).
• The fulfillment of a legal obligation to which we are subject requires processing (Art. 6 para. 1 sentence 1 lit. c GDPR).
• The protection of vital interests of you or another natural person requires processing (Art. 6 para. 1 sentence 1 lit. d GDPR).
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Art. 6 para. 1 sentence 1 lit. e GDPR).
• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 sentence 1 lit. f GDPR).

5. Storage of Data / Deletion of Data

Within the processing described in our privacy policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.

Data may be stored beyond the defined periods if statutory provisions to which we are subject (e.g. Section 147 AO, Section 257 HGB) stipulate a different storage period.

Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on a legal basis. In addition, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.

6. Disclosure of Personal Data

If your personal data is transferred, you will be informed accordingly at the relevant point in our privacy policy. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant point in our privacy policy. In principle, we only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can guarantee the careful handling of personal data on the basis of contractual agreements or other suitable guarantees.

7. Collection of Personal Data

In the following, we will inform you about the collection of personal data (such as name, email address, address, or user behavior).

7.1 Use of our Website for Information Purposes only

If you do not register on our website (e.g., in the form of a newsletter) or transmit data to us in any other way (e.g., by using a contact form), only the personal data transmitted by your browser to our server will be collected. This is data that is technically necessary for us to make the website available for you to view while ensuring a secure and stable display. This includes:

• Internet Protocol address (IP address)
• Time and date of the respective access
• Time zone difference to Greenwich Mean Time (GMT)
• The specific page accessed
• Status of the access / Hypertext Transfer Protocol (http)
• Amount of data transferred in each case
• Website from which our website was accessed (referrer URL)
• Internet browser used (incl. language and version)
• Operating system used

The legal basis for the collection of the listed data results from Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in ensuring an error-free connection setup and convenient use of our website as well as analyzing system stability and security and using the data for other administrative purposes.

7.2 Contact by E-Mail

If you contact us via the email address provided in section 2 or other email addresses of our company that are published on our website, we will store your email address and other contact details provided in your email (e.g., your name or telephone number) in order to process your request. This data will be deleted immediately as soon as further storage is no longer necessary. If statutory retention periods apply to the data, the processing of the data will be restricted accordingly instead of being deleted. Depending on the reason for sending the email, the legal basis for processing the data results from Art. 6 para. 1 sentence 1 lit. b GDPR or from Art. 6 para. 1 sentence 1 lit. f GDPR, i.e., either for processing the contract concluded with you and for fulfilling our (pre)contractual obligations or is based on our legitimate interest in contacting people interested in our services.

7.3 Contact Form

We offer a contact form on our website, the use of which generally requires the provision of personal data that goes beyond the data provided when using our website for information purposes only. When you contact us using the contact form on our website, we will store and process your email address and other contact data you provide in order to process your request. Depending on the reason for contacting us, the legal basis for processing the data results from Art. 6 para. 1 sentence 1 lit. b GDPR or from Art. 6 para. 1 sentence 1 lit. f GDPR, i.e., it is either done to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting interested parties.

8. Webflow

Our website is hosted by the company Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as “Webflow”). Webflow also provides the content management system for our website. We have concluded an order processing contract with the company, which contains the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (available here in German). You can access Webflow's global privacy policy here: https://webflow.com/legal/privacy. You can access the privacy policy for the EU and Switzerland here: https://webflow.com/legal/eu-privacy-policy.

Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in the present case in accordance with Art. 44 and 45 GDPR, as Webflow is an active participant in the so-called “EU/US - Data Privacy Framework.” This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA has been declared appropriate (“adequacy decision”).

8.1 Hosting

Webflow hosts our website using the content delivery networks of the US companies Fastly Inc. and Amazon Web Services, Inc. A content delivery network (CDN) is a network of geographically distributed, possibly interconnected servers. The server closest to the respective user of the website is always used. The CDN used here includes servers in North America and parts of Europe. You can find more information on the following Webflow page: https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service.

8.1.1 Fastly

Webflow hosts our website using the content delivery network of the US company Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107 (hereinafter referred to as “Fastly”). You can access the company's privacy policy here: https://www.fastly.com/privacy/. Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in the present case in accordance with Art. 44 and 45 GDPR, as Fastly is an active participant in the so-called “EU/US - Data Privacy Framework.” This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA has been declared adequate (“adequacy decision”).

8.1.2 Amazon CloudFront

Webflow hosts our website using the content delivery network of the US company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109 (hereinafter referred to as “AWS”). The CDN is called Amazon CloudFront. You can access the company's legal notice here: https://aws.amazon.com/de/impressum/?nc1=f_cc. You can access the company's privacy policy here: https://aws.amazon.com/de/privacy/?nc1=f_pr. Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in the present case in accordance with Art. 44 and 45 GDPR, as AWS is an active participant in the so-called “EU/US - Data Privacy Framework.” This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA has been declared adequate (“adequacy decision”).

8.2 Cloudflare

In order to ensure cross-browser compatibility so that the modern functionality of Webflow pages is also available in older browsers that do not natively support it, Webflow integrates JavaScript using Cloudflare's Content Delivery Network. The operator of the CDN is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 (hereinafter referred to as “Cloudflare”). You can access the company's privacy policy here: https://www.cloudflare.com/de-de/privacypolicy. Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in the present case in accordance with Art. 44 and 45 GDPR, as Cloudflare is an active participant in the so-called “EU/US - Data Privacy Framework.” This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA has been declared adequate (“adequacy decision”).

8.3 Website-files.com

There is also a connection to the domain webflow.com. and website-files.com. These domains belong to the company Webflow. Images, fonts, and other assets that are integrated into our website are hosted there. These domains of the company Webflow are also hosted via the CDNs Fastly and Amazon CloudFront.

8.4 Legal Basis

The legal basis for data processing within the meaning of the above is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and is justified in our interest in providing you with a fast, secure, and user-friendly website. As far as the fact of data processing in the third country of the USA is concerned, the legal basis, as explained, arises from Art. 44 and 45 of GDPR (since all companies involved are active participants in the so-called "EU/US Data Privacy Framework"), as well as from Art. 46 Paragraph 1, Paragraph 2 Letter c of GDPR (standard contractual clauses).

9. Pirsch

We use the web analysis tool "Pirsch" (https://pirsch.io/) from Emvi Software GmbH, Nickelstraße 1b, 33378 Rheda-Wiedenbrück, legal notice: https://pirsch.io/legal. The privacy policy of Emvi Software GmbH can be found here: https://pirsch.io/privacy.

No cookies are used here. Pirsch generates a unique number for each user, which is made up of the user's IP address, the user agent, and a random character string defined for each website, which enables the user to be clearly identified without personal data being recorded. The random character string ensures that the number differs from website to website, so that no comparison is possible. The sessions are also recorded for a maximum of 24 hours. A new unique number is then assigned to a user.

For this purpose, we have concluded a data processing agreement with Emvi Software GmbH. Emvi Software GmbH hosts all data in Germany. We use the Pirsch service based on our legitimate interest in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR to optimize our website and operate it economically. You can object to data processing here at any time:

If you use the opt-out, the local storage will be described, which is technically necessary so that the objection can be carried out.

10. Vimeo

We embed Vimeo videos on our website. This is a video portal of the company Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA, legal notice: https://vimeo.com/leo/guidelines/impressum (hereinafter referred to as "Vimeo"). Vimeo's privacy policy can be accessed here: https://vimeo.com/privacy.

These videos can be played from our website, so that a transmission of the personal data mentioned in this privacy policy to Vimeo in the USA and thus to an unsafe third country when playing the videos cannot be ruled out if our website is used exclusively for information purposes. Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in accordance with Art. 44 and 45 GDPR, as Vimeo is an active participant in the Data Privacy Framework. This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA is declared adequate (“adequacy decision”).

We embed Vimeo videos with the “Do-Not-Track” extension so that no cookies are set. When you play the video, the local storage is described, which is technically necessary so that you can play the video. A data transfer agreement containing the EU’s standard contractual clauses for the transfer of personal data to third countries has been concluded with Vimeo. The legal basis for processing the data arises from Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, i.e., it is based on our legitimate interest in making videos available to our website users so that they can find out about our services.

11. Cloudflare

We use the content delivery network Cloudflare to integrate graphics on our website. The CDN is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 (hereinafter referred to as "Cloudflare"). You can access the company's privacy policy here: https://www.cloudflare.com/de-de/privacypolicy.

Data processing within the USA is possible to this extent. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in accordance with Art. 44 and 45 GDPR, as Cloudflare is an active participant in the so-called "EU/US - Data Privacy Framework". This is a data protection agreement between the EU and the USA in which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").

The legal basis for processing the data is Art. 6 (1) sentence 1 lit. f GDPR, i.e., it is based on our legitimate interest in providing our website users with clear graphics on the website in order to inform themselves about our services.

12. Your Rights

Below we will explain your rights under the GDPR. You can access the GDPR as a complete document here.

• Right to Information according to Art. 15 Para. 1 GDPR

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If the answer is yes, in addition to the right to information about this personal data, you have a right to information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data have been disclosed or will be disclosed in the future (in particular recipients in third countries or international organizations), the storage period or criteria for determining the storage period, the existence of a right to rectification or erasure of the personal data concerning you or the right to restriction of processing on our part, as well as the existence of a right to object to this processing, the existence of a right to lodge a complaint with a supervisory authority, all available information about the origin of the data (in the event that it was not collected by us), the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved as well as the scope and intended effects of such processing.

• Right to Rectification according to Art. 16 GDPR

You have the right to request that we immediately rectify inaccurate personal data and complete incomplete personal data concerning you.

• Right to Erasure (“Right to be Forgotten”) according to Art. 17 Para. 1 GDPR

You have the right to demand that we immediately erase the personal data concerning you. However, according to Art. 17 Para. 3 GDPR, this right does not exist if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest, or to assert, exercise, or defend legal claims.

• Right to Restriction of Processing in accordance with Art. 18 Para. 1 GDPR

You have the right to request that we restrict the processing of your personal data if you contest the accuracy of your personal data (the restriction applies for the period that enables us to verify the accuracy), the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or you have objected to the processing in accordance with Art. 21 Para. 1 GDPR (the restriction applies as long as it has not yet been determined whether our legitimate reasons outweigh yours).

• Right to Data Portability according to Art. 20 GDPR

You have the right to receive the personal data concerning you from us in a structured, common, and machine-readable format and to have it transmitted to another responsible party without hindrance on our part (or to request that we transmit it directly to another responsible party, if this is technically possible) if the processing by us was based on consent or a contract or was carried out using automated procedures.

• Right to Revoke Consent granted according to Art. 7 Para. 3 GDPR

You have the right to revoke consent once given to us at any time with effect for the future, so that the data processing that was carried out on the basis of the consent can no longer be continued in the future, but the legality of the processing carried out up to the time of your revocation is not affected.

• Right to Lodge a Complaint under Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work, or the place of the alleged violation. You can find more information on this on the website of the Federal Commissioner for Data Protection and Freedom of Information.

13. Right to Object

In addition to the rights mentioned above, you also have the right to object at any time to the processing of your personal data, which is carried out on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Article 6, Paragraph 1, Sentence 1, Letter e of GDPR) or to protect legitimate interests on our part (Article 6, Paragraph 1, Sentence 1, Letter f of GDPR), with effect for the future, provided that there are reasons for this that arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In the event of your personal data being processed for the purpose of direct advertising or profiling, provided there is a connection to direct advertising, you have a general right to object without reasons arising from your particular situation having to exist. In the event of an objection, we will immediately stop processing the personal data for these purposes. To exercise your right of revocation or objection, simply send an email to: info@bridge-brain.com.

14. Data Security

Our website uses the encryption and communication protocol TLS 1.3 (Transport Layer Security). The TLS certificate we use, issued by a certification authority, enables encrypted data exchange between the web browser and web server, which means that sensitive data cannot be read by third parties. We use the method with the highest level of encryption that your browser supports, usually 256-bit encryption. The higher the number of bits, the longer the key and therefore the better the protection against third parties.

This data protection declaration was created specifically for this website by Frame for Business GmbH in cooperation with Schützle Rechtsanwaltsgesellschaft mbH.