Privacy Policy

Last updated: June 26, 2024

I. General Information

Riddle Technologies AG, Lenaustr. 1, 66125 Saarbrücken, places great importance on protecting your personal data. We would like to inform you here about what personal data we collect when you use our website convert-app.com and for what purposes it is processed.

The processing of personal data is always carried out in accordance with the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-new) and the German Digital Services Act (DDG). The scope of processing of personal data depends on whether you visit our website for informational purposes only or make use of our services.

II. Data Controller

The controller within the meaning of the GDPR is:

Riddle Technologies AG
Lenaustr. 1
66125 Saarbrücken
Germany

Phone: +49 6897 9392500
Email: hello@riddle.com

Represented by the Management Board: Boris Pfeiffer, Jan-Luca Pfeiffer

III. Data Protection Officer

Our Data Protection Officer can be reached at:

Riddle Technologies AG
Attn. Mr. Pikolleck
Lenaustr. 1
66125 Saarbrücken
Email: datenschutz@riddle.com

You may contact our Data Protection Officer at any time with all questions and suggestions regarding data protection.

IV. Definitions

The terms used in this privacy policy correspond to the definitions of the GDPR:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: A natural person whose personal data is processed.
• Processing: Any operation performed on personal data, whether or not by automated means (e.g. collection, recording, storage, modification, transmission, deletion).
• Restriction of Processing: The marking of stored personal data with the aim of limiting their future processing.
• Pseudonymization: The processing of personal data in such a manner that the data can no longer be attributed to a specific person without the use of additional information.
• Controller: The natural or legal person who determines the purposes and means of the processing of personal data.
• Processor: A natural or legal person who processes personal data on behalf of the controller.
• Recipient: A natural or legal person to whom personal data is disclosed.
• Third Party: A natural or legal person other than the data subject, controller, processor and persons who are authorized to process the data under the direct authority of the controller.
• Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes.

V. General Information on Data Processing

Categories of personal data

In the course of using our website, we process the following categories of personal data:

• Master data (e.g. names, addresses, roles)
• Contact data (e.g. email addresses, phone numbers)
• Content data (e.g. text entries, images, videos)
• Usage data (e.g. access data, pages visited)
• Metadata/Communication data (e.g. IP addresses, timestamps)

Recipients of personal data

Disclosure of personal data to third parties is made exclusively on the basis of a legal permission, consent or legal obligation (Art. 6(1)(b) GDPR).

Storage duration

The storage duration of personal data is based on statutory retention periods. After expiry of the period, the data is routinely deleted unless it is still required for contract fulfillment or contract initiation.

Transfer to third countries

A transfer of personal data to third countries is only carried out under the special conditions of Art. 44 et seq. GDPR, in particular on the basis of an adequacy decision or using Standard Contractual Clauses.

VI. Data Processing When Visiting the Website

1. Log files (server log files)

Each time our website is accessed, the following data is automatically collected:

• Date and time of access (timestamp)
• IP address of the accessing computer
• Request details and destination address
• Name of the retrieved file and amount of data transferred
• HTTP status code

The IP address is not permanently stored in this context. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in ensuring trouble-free operation of the website). There is no right to object.

2. Malware detection and log data analysis

The data collected in the log files is automatically analyzed to detect and eliminate malfunctions and to defend against attacks on our IT systems. The legal basis is Art. 6(1)(f) GDPR. There is no right to object.

3. Cookies

Our website uses cookies. Cookies are small text files exchanged between your browser and our server. They make it possible to provide certain functions of the website. If cookies are deactivated for our website, it may not be possible to display or use the website to its full extent.

The legal basis is Art. 6(1)(f) GDPR. You can restrict or deactivate cookies via your browser settings.

4. Hosting

The hosting services we use serve to provide infrastructure and platform services, computing capacity, storage space and security services for the operation of this website. In doing so, we or our hosting provider process master data, contact data, content data, contract data, usage data and meta/communication data.

The legal basis is Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (data processing agreement).

5. Registration function

If you register on our website, the data you provide during registration will be collected and stored. This data will not be passed on to third parties.

6. Google Analytics and Google Tag Manager

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

We have activated IP anonymization on this website. As a result, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address is not merged with other Google data.

Google Analytics is used to analyze and improve our website. The statistics obtained allow us to improve our offering and make it more interesting for you as a user.

You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en

This website also uses Google Tag Manager. Google Tag Manager itself is a cookie-free application and does not collect any personal data. The Tag Manager triggers other tags that may collect data.

The legal basis is Art. 6(1)(a) GDPR (consent).

Further information: Terms of Use, Google Privacy Policy

7. LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" by LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of the following data: IP address, device properties and page events.

The data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us but provides anonymized reports on the target audience and ad performance. LinkedIn also enables retargeting without identifying the website visitor.

Further information on data protection at LinkedIn can be found in LinkedIn's Privacy Policy. You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations (opt-out).

8. YouTube video embedding

We embed YouTube videos on our website in "extended data protection mode". Without playing a video, no data is transmitted to YouTube. Only when you play a video is data (including your IP address) transmitted to YouTube servers.

If you are logged into your Google account, you enable YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your Google account before visiting our website.

YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles.

Further information can be found in Google's Privacy Policy.

VII. Data Processing When Establishing Contact

1. Contact by email

If you contact us by email, the data you provide (e.g. name, email address) as well as the IP address of your computer and the date/time of the email are stored in order to process your inquiry.

The legal basis is Art. 6(1)(b) GDPR (contract fulfillment or pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest).

2. Contact form on the website

If you use our contact form, the following data is collected: surname, first name and email address (required fields). In addition, the system collects the IP address as well as the date and time of registration.

The legal basis is Art. 6(1)(b) or Art. 6(1)(f) GDPR.

3. Contact by post and fax

Data transmitted by post or fax (name, address, content) is stored for the purpose of processing your inquiry.

The legal basis is Art. 6(1)(b) or Art. 6(1)(f) GDPR.

4. Chat service

The chat function is provided by Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin) as an instant messaging service. Data collected by Sendinblue GmbH during use is processed exclusively by Sendinblue GmbH and is not passed on to Riddle.

Sendinblue privacy policy: https://www.sendinblue.com/legal/privacypolicy/

VIII. Newsletter Subscription

When you subscribe to our newsletter, the following data is stored:

• Email address
• Selected newsletter
• IP address
• Date and time of registration

As part of the registration process, your consent is obtained and reference is made to this privacy policy. Confirmation of registration is carried out via a double opt-in procedure with a confirmation link.

The legal basis is Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest).

Distribution via Brevo (Sendinblue)

Our newsletters are sent via Brevo (Sendinblue GmbH), 17 rue de Salneuve, 75017 Paris, France. Your email address is stored on Sendinblue servers in Germany.

Sendinblue uses the data for sending and analyzing the newsletters on our behalf. Sendinblue may also use this data to optimize its own offering. However, Sendinblue does not use the personal data of our newsletter recipients to contact them directly or to pass it on to unauthorized third parties.

Sendinblue is a TÜV Rheinland-certified service provider. A data processing agreement pursuant to Art. 28 GDPR has been concluded.

The legal basis is Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG.

Newsletter unsubscription

You can unsubscribe from the newsletter at any time. You will find a corresponding link at the end of each newsletter. Unsubscribing ends both distribution via Brevo and statistical analysis.

IX. Additional Data Processing

Google Workspace API / Sheets API

As part of our services, lead data may be synchronized between Riddle and Google. This only takes place when the user has an active connection.

Use is subject to the Google API Services User Data Policy. Google user data is not transferred or sold to third-party AI tools and is not used for training AI/ML models.

X. Your Rights

1. Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed. If so, you have the right to access this data and the following information:

• Processing purposes
• Categories of personal data
• Recipients or categories of recipients
• Planned storage duration or criteria for determining the duration
• Existence of a right to rectification, erasure or restriction
• Existence of a right to lodge a complaint with a supervisory authority
• Origin of the data (if not collected from you)
• Existence of automated decision-making including profiling

2. Right to rectification (Art. 16 GDPR)

You have the right to obtain the immediate rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete data completed.

3. Right to erasure (Art. 17 GDPR)

You have the right to obtain the immediate erasure of your personal data if one of the following grounds applies:

• The data is no longer necessary for the purposes for which it was collected.
• You withdraw your consent and there is no other legal basis for the processing.
• You object and there are no overriding legitimate grounds.
• The data has been unlawfully processed.
• Erasure is required to fulfill a legal obligation.

The right to erasure does not exist insofar as the processing is necessary for exercising the right to freedom of expression, for fulfilling a legal obligation, for reasons of public interest or for the assertion of legal claims.

4. Right to restriction of processing (Art. 18 GDPR)

You have the right to request restriction of processing if:

• You dispute the accuracy of the data (for the duration of the review).
• The processing is unlawful and you decline erasure.
• We no longer need the data but you need it for the assertion of legal claims.
• You have lodged an objection (pending review).

Restricted data may only be processed with your consent or for the assertion of legal claims.

5. Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit this data to another controller, provided that the processing is based on consent (Art. 6(1)(a) GDPR) or a contract (Art. 6(1)(b) GDPR) and is carried out by automated means.

6. Right to object (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. The controller shall then no longer process the personal data unless it can demonstrate compelling legitimate grounds which override the interests of the data subject.

7. Right to withdraw consent (Art. 7(3) GDPR)

You have the right to withdraw a given consent under data protection law at any time. The withdrawal shall not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.

8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data infringes the GDPR, without prejudice to any other administrative or judicial remedy.

XI. Changes to this Privacy Policy

We reserve the right to amend this privacy policy with effect for the future. The current version is always available on our website. We recommend that you review this privacy policy regularly for any changes.