PrivacyPolicy

Your privacy is fundamental to our business. This policy explains how we collect, use, and protect your personal data in compliance with GDPR and German data protection law.

GDPR CompliantLast Updated: January 2024German Law
Privacy at a Glance
Key points about how we handle your personal data

What We Collect

Account details, usage data, technical information, communication records

Why We Collect

Service provision, platform improvement, legal compliance, customer support

How We Protect

Encryption, access controls, regular audits, ISO 27001 compliance

Your Rights

Access, rectification, erasure, portability, objection under GDPR

1. Data Controller

The data controller responsible for your personal data is:

SapienStream GmbH

Musterstraße 123

10115 Berlin, Germany

Email: [email protected]

Phone: +49 (0)30 123456789

Managing Director: [Name]

Commercial Register: HRB [Number] Amtsgericht Berlin

Data Protection Officer: You can contact our Data Protection Officer at [email protected] or by mail at the above address, marked "Data Protection Officer".

2. Personal Data We Collect

Account Information

  • Name, email address, company name
  • Phone number (if provided)
  • Billing address and payment information
  • Authentication credentials (encrypted)

Usage Data

  • Platform interactions, feature usage patterns
  • API calls, data upload/download activities
  • Session duration and frequency
  • Industrial data processed through our platform (as data processor)

Technical Information

  • IP address, browser type, operating system
  • Device information and screen resolution
  • Cookies and similar tracking technologies
  • Log files and error reports

Communication Data

  • Support tickets and correspondence
  • Survey responses and feedback
  • Marketing communication preferences
3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract Performance (Art. 6(1)(b))

Processing necessary for providing our industrial automation services, managing your account, and fulfilling our contractual obligations.

Legitimate Interest (Art. 6(1)(f))

Platform improvement, security monitoring, fraud prevention, and direct marketing (where you haven't objected).

Legal Obligation (Art. 6(1)(c))

Compliance with German commercial law, tax obligations, and retention requirements under HGB and AO.

Consent (Art. 6(1)(a))

Marketing communications, optional analytics, and any processing not covered by other legal bases.

4. AI and Automated Processing

In compliance with the EU AI Act and GDPR, we inform you about our use of AI systems:

AI Systems Classification

Our platform uses AI systems classified as "Limited Risk" under the EU AI Act for:

  • Predictive maintenance algorithms
  • Anomaly detection in industrial data
  • Process optimization recommendations
  • Data pattern recognition

Automated Decision Making

We do not engage in solely automated decision-making that produces legal effects or significantly affects you. All AI recommendations are subject to human oversight and you maintain control over implementation decisions.

Your Rights Regarding AI

  • Right to explanation of AI-generated recommendations
  • Right to human review of automated processing
  • Right to opt-out of AI-powered features
  • Right to contest AI-based decisions
5. Data Sharing and Third Parties

We share your personal data only in the following circumstances:

Service Providers (Art. 28 GDPR)

  • Cloud hosting providers (AWS/Azure EU regions)
  • Payment processors (with adequate safeguards)
  • Customer support tools (EU-based or adequacy decision)
  • Security and monitoring services

All processors have signed Data Processing Agreements (DPAs) under GDPR Article 28.

Legal Requirements

We may disclose data when required by German or EU law, court orders, or to protect our rights and the rights of others.

International Transfers

We primarily process data within the EU/EEA. Any transfers to third countries are protected by adequacy decisions, Standard Contractual Clauses, or other appropriate safeguards under GDPR Chapter V.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Art. 15)

Obtain copies of your personal data

Right to Rectification (Art. 16)

Correct inaccurate or incomplete data

Right to Erasure (Art. 17)

"Right to be forgotten" under certain conditions

Right to Restrict Processing (Art. 18)

Limit how we process your data

Right to Data Portability (Art. 20)

Transfer your data to another service

Right to Object (Art. 21)

Object to processing based on legitimate interest

Right to Withdraw Consent

Withdraw consent for processing at any time

Right to Lodge Complaint

File complaint with supervisory authority

How to Exercise Your Rights

Contact us at [email protected] or through your account settings. We will respond within one month (extendable by two months for complex requests).

Supervisory Authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Account dataDuration of contract + 3 years
Usage logs12 months
Financial records10 years (German law)
Marketing consentUntil withdrawn
8. Data Security

We implement appropriate technical and organizational measures to ensure data security:

Technical Measures

  • AES-256 encryption at rest and in transit
  • Multi-factor authentication
  • Regular security assessments
  • Intrusion detection systems
  • Automated backup and recovery

Organizational Measures

  • ISO 27001 certified processes
  • Regular staff training
  • Strict access controls
  • Data breach response procedures
  • Privacy by design principles
9. Contact Information & Updates

Privacy Contacts

General Privacy Questions

[email protected]

Data Protection Officer

[email protected]

Policy Updates

We may update this privacy policy from time to time. Material changes will be communicated via email or platform notification at least 30 days before taking effect. Continued use of our services constitutes acceptance of the updated policy.