Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in the privacy policy set out below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information about the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected in part when you provide it to us. This may include, for example, data entered into a contact form or sent via email.

Other data is collected automatically or with your consent when you visit the website. This mainly includes technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website.

Other data may be used to analyze user behavior, if applicable.

If contracts can be initiated or concluded via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data.

You also have the right to request correction or deletion of this data.

If you have given consent to data processing, you may revoke this consent at any time with effect for the future.

You also have the right, under certain circumstances, to request restriction of processing of your personal data.

Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this and any other questions regarding data protection, you can contact us at any time.

2. Hosting

We host the content of our website with the following provider:

Squarespace

The provider is Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter “Squarespace”).

Squarespace is a service for creating and hosting websites. When you visit our website, your data is processed on Squarespace servers. Personal data may also be transferred to the parent company Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA.

Squarespace also stores cookies that are necessary for the presentation of the website and for security purposes (essential cookies).

The use of Squarespace is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable presentation of our website.

Where consent has been requested, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device. Consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further information is available here:
https://support.squarespace.com/hc/de/articles/360000851908-GDPR-and-Squarespace

The company is certified under the EU–US Data Privacy Framework (DPF). More information:
https://www.dataprivacyframework.gov/participant/4774

We have concluded a data processing agreement (DPA) with Squarespace.

3. General Information and Mandatory Notices

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it, as well as how and for what purpose this happens.

Please note that data transmission over the internet (e.g. communication by email) may have security gaps. Complete protection of data from access by third parties is not possible.

Information about the Responsible Party

The responsible party for data processing on this website is:

Name: Nico Gößwein
Address: Wilhelm-Löhe-Straße 12, 90762 Fürth, Germany
Phone: 0155 68827439
Email: secoya.inquiries@outlook.de

The responsible party is the natural or legal person who alone or jointly determines the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.

If you request deletion or revoke consent, your data will be deleted unless we are legally required to retain it (e.g. tax or commercial retention obligations). In such cases, deletion occurs once these obligations no longer apply.

Legal Basis for Processing

If you have given consent, we process your data based on Art. 6(1)(a) GDPR and, where applicable, Art. 9(2)(a) GDPR.

If you have explicitly consented to the transfer of data to third countries, processing is also based on Art. 49(1)(a) GDPR.

If cookies or device access are involved, processing is additionally based on § 25(1) TDDDG.

If data is required for contract performance or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR.

If processing is required to fulfill a legal obligation, it is based on Art. 6(1)(c) GDPR.

Processing may also be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Recipients of Personal Data

We cooperate with external service providers as part of our business operations. Personal data may be transferred to these parties if:

  • it is required for contract fulfillment

  • we are legally obliged to do so

  • we have a legitimate interest in doing so

  • or another legal basis permits the transfer

Where processors are used, data is only shared based on a valid data processing agreement.

Withdrawal of Your Consent

You may revoke your consent to data processing at any time. The legality of processing carried out before revocation remains unaffected.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, where processing is based on Art. 6(1)(e) or (f) GDPR.

If you object, we will stop processing your data unless there are compelling legitimate grounds that override your interests.

If your data is processed for direct marketing purposes, you have the right to object at any time. In this case, your data will no longer be used for marketing purposes.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Right to Data Portability

You have the right to receive data we process automatically on the basis of consent or contract in a commonly used, machine-readable format.

Access, Correction, and Deletion

Within the framework of applicable law, you have the right to request free information about your stored personal data, its origin, recipients, and purpose, as well as the right to correction or deletion.

Right to Restriction of Processing

You have the right to request restriction of processing in certain situations, such as:

  • when accuracy of data is disputed

  • when processing is unlawful

  • when data is no longer needed but required for legal claims

  • when an objection is pending

Restricted data may only be processed in limited circumstances.

SSL / TLS Encryption

This website uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content.

You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

4. Data Collection on This Website

Contact by Email or Phone

If you contact us by email or phone, your request, including all resulting personal data (e.g. name, inquiry), will be stored and processed for the purpose of handling your request.

These data will not be shared without your consent.

Processing is based on Art. 6(1)(b) GDPR if your request relates to a contract or pre-contractual measures.

In all other cases, processing is based on our legitimate interest in effectively handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if obtained.

Data sent to us will remain stored until you request deletion, revoke consent, or the purpose for storage no longer applies. Legal retention obligations remain unaffected.

Newsletter / Waitlist (Brevo)

If you subscribe to our Secoya waitlist, we process the email address you provide in order to send you updates about upcoming events, exclusive pre-sales, announcements and other information related to Secoya.

We use Brevo (formerly Sendinblue), a service provided by Brevo SAS, 106 Boulevard Haussmann, 75008 Paris, France, for the management and delivery of these emails.

Your data is processed exclusively for the purpose of providing the requested information and managing your subscription. You may unsubscribe from the waitlist at any time by using the unsubscribe link included in every email or by contacting us directly.

The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR.

For more information about how Brevo processes personal data, please refer to Brevo's Privacy Policy:
https://www.brevo.com/legal/privacypolicy/