Privacy Policy

In the following, we will provide you with information on the processing of your personal data when using our website as well as your rights under the applicable data protection law, in particular the European General Data Protection Regulation (“GDPR”).

1. Data Controller

The controller for the processing of personal data within the meaning of Art. 4 No. 7 GDPR in the context of the website is:

Project Q GmbH
c/o Dissmann Orth
Kardinal-Faulhaber-Str. 14A
80333 MunichGermany

If you have any questions regarding the processing of your personal data, you can contact us at the details provided above.

You may also contact our Data Protection Officer at any time by e-mail at: datenschutz@project-q.ai.

2. What Personal Data Do We Process About You?

We only process personal data that you provide to us. Personal data is any information that can be used to identify a person, either alone or in combination with other data. This includes, for example, your name or address. Information that does not allow conclusions to be drawn about a person’s identity (anonymous data), on the other hand, does not constitute personal data.

3. How Do We Process Personal Data When Using the Website?

We process various personal data you provide to us when using the website for several purposes. You can find in the following further information on the specific data and the purposes we process such data for as well as the legal basis for such processing.

4. Use of Cookies and Similar Technologies

Provision of the website to users involves the use of so-called cookies. Cookies are small text files that are placed on your terminal device when visiting the website and allow storage of certain information on the terminal device as well as access to information already stored therein (e.g. your language preference or login information). Depending on the information stored or accessed, cookies enable the user of the website to be identified.

Some of the cookies we use on the website are automatically deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit us (so-called persistent cookies).

Please note that we only use cookies if and to the extent you give us your consent, except for cookies which are strictly necessary for proper operation of the website and the functions and services provided there; such strictly necessary cookies do not require your consent. You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. You can also set your browser so that you exclude the acceptance of cookies for certain cases or generally. You can delete cookies that have already been set via your browser.

Please note that if you delete or do not accept certain cookies, the functionality of our website may be limited. For further details on the cookies we use and to activate or deactivate certain cookies please refer to our consent management tool (see below).

5. Consent Management Tool

We use iubenda as our consent management tool in order to obtain, document and manage your consent to the use of cookies and similar technologies on our website. iubenda is provided by iubenda s.r.l., Via San Raffaele 1, 20121 Milan, Italy.

The consent management tool processes information regarding your consent decisions (in particular the categories of cookies accepted or rejected), the time of your decision, technical information about your browser and your IP address (in anonymized form) for the purpose of providing evidence of consent.

Legal basis for the use of the consent management tool is Art. 6(1)(f) GDPR, legitimate interest in managing consents in a legally compliant manner according to our legal obligation to demonstrate consent.

6. Hosting and Content Management

We use Webflow as the hosting and content management system for our website. Webflow is provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. The website is hosted via Webflow’s infrastructure, with servers located in the United States.

When you visit our website, Webflow processes technical data necessary for delivering the website to you (in particular the data described under Sec. 7).

Legal basis for the use of Webflow for the hosting of our website and the related processing is Art. 6(1)(f) GDPR. We have a legitimate interest to process the data in order to provide users with proper access to the website and to ensure sufficient security of the website.

7. Server Log-files

When you visit our website, we process the following data which are transmitted from your browser in the form of so-called server log-files: IP address, browser type and version, operating system, referrer URL, pages visited and timestamp and HTTP status codes.

Processing of such data is technically necessary in order to provide you with access to the website. We may also store such log-files in order to track and enforce any infringements relating to the security of the website. Legal basis for the processing of your data is Art. 6(1)(f) GDPR. We have a legitimate interest to process the data in order to provide users with proper access to the website and to ensure sufficient security of the website.

8. Use of Analytics and Marketing Tools

We use the following third-party analytics and marketing tools on our website to better understand and evaluate our users’ behavior and to better market our products and offerings.

8.1 Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a tag management system that enables us to manage and update tracking codes and associated code fragments (so-called “website tags”) on our website. The provider of Google Tag Manager in the European region is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland.

Website tags are small pieces of code that are inserted into a website and can come from various providers (e.g. from providers of analytics and marketing services). These website tags make it possible to record actions performed by users (e.g. clicking a button or an ad, visiting a specific page).

Google Tag Manager enables us to integrate these website tags on our website and define the actions to be recorded. When a tag is triggered by an action, the data recorded by the tag is transmitted to the analytics or marketing services integrated via Google Tag Manager.

Google Tag Manager itself does not create any user profiles and does not perform any independent evaluations. Google Tag Manager collects data as part of standard HTTP request logging. These are deleted within 14 days of receipt. Google also collects aggregated data on tag triggering to monitor system stability, performance and installation quality. This aggregated data does not contain any addresses or measurement IDs that can be attributed to a specific person.

In addition, we have activated the Conversion Linker in Google Tag Manager. This is a special website tag that serves to measure click data so that conversions can be effectively recorded. Specifically, information about clicking behavior in relation to (advertising) ads is collected and stored. The use of Google Tag Manager is based on your consent pursuant to Art. 6(1)(a) GDPR.

8.2 Google Analytics

We use Google Analytics on our website. We use Google Analytics to track the use of our website and the functions and services provided there and to derive which functions and services are of particular interest to users and how we can improve the website.

The provider responsible for the operation of Google Analytics in the European region is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland.

During your visit to the website, your user behavior is recorded in the form of “events”. Events can include: page views, first visit to the website, start of session, your “click path”, interaction with the website, scrolls (whenever a user scrolls to the bottom of the page (90%)), clicks on external links, internal search queries, interaction with videos, file downloads, ads viewed/clicked, language setting.

In addition, the following data is collected: your approximate location (region), your IP address (in truncated form), technical information about your browser and the devices you use (e.g. language setting, screen resolution, device model), your internet service provider, the referrer URL (via which website/advertising medium you came to this website).

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of cookies about your use of this website may be transferred to and stored on a Google server in the USA. We base the transfer on the adequacy decision of the EU Commission pursuant to Art. 45 GDPR regarding the EU-US Data Privacy Framework; Google LLC is certified under the EU-U.S. Data Privacy Framework.

Google Analytics 4 has activated IP anonymization by default. IP address data is only used to derive location data (e.g. city, region, country) and is then immediately deleted. Through IP anonymization, your IP address is truncated by Google within member states of the EU or in other contracting states to the Agreement on the European Economic Area (EEA).

Google processes the above information to evaluate your use of the website and to compile reports on website activity for us. The reports provided to us by Google Analytics serve to analyze the performance of the website. The use of the service is based on your consent.

The legal basis for the processing of personal data in connection with the use of Google Analytics is Art. 6(1)(a) GDPR. You can revoke your consent at any time by deactivating the use of the service in the “Cookie settings”.

You can also prevent the collection of data generated by the cookie and related to your use of the website to Google as well as the processing of this data by Google by downloading and installing the browser add-on provided by Google to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en

8.3 Microsoft Clarity

We use Microsoft Clarity on our website. Microsoft Clarity is a web analytics service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Microsoft Clarity is a service for analyzing user behavior on our website. This service enables us to better understand the needs of our users and to optimize the offering on our website.

Using Microsoft Clarity technology, we gain a better understanding of our users’ experiences based on aggregated information (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.), and this helps us to tailor our offering to the feedback of our users.

Microsoft Clarity uses cookies and similar technologies to collect information about the behavior of our users and about their devices. The processed data includes in particular:

• IP address of the device
• Screen size and device type
• Information about the browser used
• Browser language settings
• Location (country only)
• Date and time of access
• Pages and subpages visited
• A randomly generated user ID
• Information on usage in terms of clicks, scrolls, and mouse movements on individual pages
• Session duration and page views

Based on the information collected, Microsoft Clarity creates heatmaps and session recordings. Heatmaps are aggregated representations that show where visitors click and how far they scroll. Session recordings are video-like playbacks that chronologically display the mouse movement history, clicks, and scrolling behavior of individual visitors.

Microsoft Clarity transfers the collected data to servers of Microsoft Corporation in the USA. We base the transfer on the adequacy decision of the EU Commission pursuant to Art. 45 GDPR regarding the EU-US Data Privacy Framework; Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework.

The use of the service is based on your consent. The legal basis for the processing of personal data in connection with the use of Microsoft Clarity is Art. 6(1)(a) GDPR.

8.4 Content Delivery Network (bunny.net)

We use bunny.net to deliver the content of our website quickly, reliably, and securely. bunny.net is a globally distributed content delivery network (CDN) operated by BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia. When you access our website, the connection between your browser and our site is technically routed through bunny.net’s network, so that content (such as images, scripts, fonts, or videos) is served from a server geographically close to you. This enables us to increase the worldwide accessibility and performance of our website and to protect our infrastructure against malicious traffic.

In order to deliver content via the CDN, your browser establishes a connection with bunny.net’s servers and certain data is transmitted automatically. This includes your IP address, the requested URL and files, the referring website, and technical information such as your browser type and settings, device type, and operating system. In this context, bunny.net may also use cookies or other technologies to recognize internet users, which shall, however, only be used for the herein described purpose of delivering and optimizing content.

bunny.net is an EU-based company. By default, bunny.net anonymizes IP addresses by removing the last octet from the address (for example, the IP 158.136.18.23 would be transformed to 158.136.18.0) prior to being stored in its logging system. As an EU-based company, bunny.net ensures that logs never leave the region; when anonymization is disabled, all logs are stored within the EU. Because bunny.net is established in the EU and stores log data within the EU, no transfer of personal data to a third country such as the United States takes place on the basis described here. Consequently — unlike with US-based providers — there is no reliance on the EU-U.S. Data Privacy Framework or an adequacy decision pursuant to Art. 45 GDPR for this processing. Please note that a CDN is globally distributed by nature, so for visitors located outside the EU, content may be served from edge servers in their respective region.

The legal basis is our legitimate interest in providing our website as error-free, fast, and secure as possible pursuant to Art. 6(1)(f) GDPR.

Further information on data processing by bunny.net is available here: https://bunny.net/privacy/

8.5 HubSpot

On this website, we use HubSpot services for marketing activities. The services are provided by HubSpot, Inc., Two Canal Park, Cambridge, MA 02141, USA. HubSpot also has a subsidiary in Ireland (HubSpot Ireland Limited, HubSpot House, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland). By using HubSpot’s services, we are able to cover various aspects of our online marketing, such as email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages, etc. In the course of these activities, your personal data is processed, in particular: IP address, duration of your visit, operating system and browser used, geographic location, referrer URL, pages visited, access times and session data, clickstream data, and information about the device used.

HubSpot places cookies on the device you are using. Further information on the cookies set by HubSpot can be found in our consent tool.

The data collected during analysis is transferred to servers of HubSpot, Inc. in the USA. This data transfer is based on the adequacy decision of the EU Commission pursuant to Art. 45 GDPR regarding the EU-US Data Privacy Framework; HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework.

The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR.

For further information on HubSpot’s privacy policy, please refer to the following link: https://legal.hubspot.com/privacy-policy

9. Contact

If you send us a message, we process the personal data provided by you to handle your request, to provide you with the requested information and to contact you for further assistance. This may involve processing of all data provided by you as part of your contact request.

The processing is based on our legitimate interest to process your data in order to properly respond to your request pursuant to Art. 6(1)(f) GDPR.

Legal basis for the use of HubSpot and the involved data processing is your consent pursuant to Art. 6(1)(a) GDPR.

10. Requesting a Product Demo

You can request a product demo via the form provided on our website. In order to process your demo request and to contact you for further engagement, we collect and process the following personal data:

• First and last name
• E-mail address
• Role
• Organization

When you submit your demo request, the form (which is embedded via HubSpot) creates a contact record in our CRM system. We will then reach out to you personally to discuss your needs and arrange a product demonstration.

Legal basis for the processing of your data in connection with the product demo request is Art. 6(1)(b) GDPR, provided that you are our potential contractual partner.

If you are not our potential direct contractual partner but a contact person of our contractual partner, we process your personal data as necessary based on our legitimate interest in initiating and establishing a business relationship with your organization pursuant to Art. 6(1)(f) GDPR.

11. With Whom Do We Share Personal Data?

We use external service providers to process personal data when providing the website and its functionalities and services to you. Processing of personal data by such service providers is carried out on our behalf and in accordance with our instructions (so-called “Processors”, see Art. 4 (8) GDPR).

We engage the following service providers or categories of service providers:

• Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (re. hosting of the website and provision of related support and security services).
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (re. use of Google Analytics 4, Google Tag Manager, Google Search Console and YouTube).
• Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (re. use of Microsoft Clarity).
• HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland and HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA (re. use of HubSpot for forms and CRM).
• iubenda s.r.l., Via San Raffaele 1, 20121 Milan, Italy (re. consent management tool).
• BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia (re. Content Delivery Network).

12. Do We Transfer Personal Data to Third Countries?

We transfer personal data to service providers and recipients in countries outside the EU/EEA (so-called third countries) where such transfer is necessary for the purposes set out in this Privacy Notice.

A transfer to a third country will only take place in compliance with the applicable data protection regulations, in particular the guarantee of an adequate level of data protection. This means that your data will only be transferred insofar as a decision of the EU Commission on an adequate level of data protection exists for the respective third country (Art. 45 GDPR), appropriate guarantees are provided for the protection of your personal data (cf. Art. 46 GDPR) or a legal permission norm exists (cf. Art. 49 GDPR). Appropriate safeguards within the meaning of Art. 46 GDPR include the standard data protection clauses published by the EU Commission.

The transfer of your data involves processing of personal data in the USA by Webflow, Inc., Google LLC, Microsoft Corporation, and HubSpot, Inc.

For further information on the processing please consult the previous sections in this Privacy Notice.

13. How Long Do We Store Personal Data?

We only store personal data for as long as it is necessary for the purposes for which it is processed or if your consent has been revoked. In addition, statutory storage requirements may apply. Such statutory storage requirements can be up to 10 years, regardless of the processing purposes.

14. Are You Obliged to Provide Personal Data?

When you use our website, we may ask you to provide us with the data necessary for providing certain functionalities on the website. Please note that without such personal data, we may not be able to offer you the full functionalities of the website and our services may be limited. However, there is no legal or contractual obligation to provide us with your personal data when you visit our website.

15. Is There Automated Decision-Making Including Profiling Pursuant to Art. 22 GDPR?

Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place.

16. Your Rights

With regard to the processing of your personal data, you have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR).

You may revoke any consent you have given to the processing of your data pursuant to Art. 7(3) GDPR at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). Where we base the processing of your personal data on a legitimate interest pursuant to Art. 6(1)(f) GDPR, you may object to the processing. Further information on this can be found below:

Special Information About Your Right to Object in Accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6(1)(f) GDPR (processing of personal data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).

Should you object to the processing, we will stop processing personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

You also have the right to object at any time to processing of personal data concerning you for advertising purposes; this also applies to profiling insofar as it is associated with advertising (if any). Should you object to the processing for advertising purposes, we will stop processing your personal data for these purposes.

The objection is not subject to any particular form. Ideally, it should be sent by email to the contact details provided in Section 1.

To exercise the aforementioned rights, you can contact us via the contact details provided in section 1.

‍