Privacy Policy
1. Introduction
Below, we provide information about the processing of personal data when using
our website https://www.delicious-data.com/
our web application https://app.delicious-data.com/
our profiles on social media.
Personal data includes all data that can be related to a specific natural person, such as their name or IP address.
1.1. Contact Information
The responsible party according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is Delicious Data GmbH, Sonnenstraße 32, 80331 Munich, Germany, Email: info@delicious-data.com. We are legally represented by Valentin Belser, Jakob Breuninger, Daniel Smeds.
Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.
1.2. Scope of Data Processing, Processing Purposes, and Legal Foundations
We provide detailed information on the scope of data processing, processing purposes, and legal foundations below. Generally, the following can be considered as legal grounds for data processing:
Art. 6 Para. 1 Sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
Art. 6 Para. 1 Sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the fulfillment of a contract, e.g., when a visitor to our site purchases a product or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
Art. 6 Para. 1 Sentence 1 lit. c GDPR applies when the processing of personal data fulfills a legal obligation, as can be the case in tax law.
Art. 6 Para. 1 Sentence 1 lit. f GDPR serves as a legal basis when we can rely on legitimate interests for processing personal data, e.g., for cookies necessary for the technical operation of our website.
1.3. Data Processing Outside the EEA
To the extent that we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 Para. 3 GDPR guarantee the security of the data during transfer, where applicable, as is the case for Great Britain, Canada, and Israel.
When transferring data to service providers in the USA, the legal basis for data transfer is an adequacy decision by the EU Commission if the service provider is additionally certified under the EU US Data Privacy Framework.
In other cases (e.g., if no adequacy decision exists), the standard contractual clauses generally serve as the legal basis for data transfer, unless we provide a different note. These are a framework adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 Para. 2 lit. b GDPR, they ensure the security of data transfer. Many providers have provided contractual guarantees that extend beyond standard contractual clauses, protecting the data beyond these. These include, for example, guarantees regarding data encryption or an obligation for the third party to inform affected parties if law enforcement accesses the data.
1.4. Storage Duration
Unless explicitly stated within this privacy policy, stored data is deleted once it's no longer necessary for its intended purpose and no legal retention obligations oppose deletion. If data is not deleted because it’s necessary for other legally permissible purposes, its processing will be restricted, meaning the data is locked and not processed for other purposes. This applies, for example, to data we must retain due to commercial or tax law.
1.5. Rights of the Affected Parties
Affected parties have the following rights regarding their personal data:
Right to access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to revoke consent at any time.
Affected parties also have the right to file a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact information for data protection authorities is available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
1.6. Obligation to Provide Data
Customers, interested parties, or third parties must only provide us with those personal data necessary for the establishment, execution, and termination of the business relationship or other relationships or data we are legally obliged to collect. Without these data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to execute an existing contract or other relationship.
Mandatory information is marked as such.
1.7. No Automated Decision-Making in Individual Cases
For the establishment and execution of a business relationship or other relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will provide separate information, if required by law.
1.8. Contact
When contacting us, e.g., via email or phone, the information provided (e.g., names and email addresses) is stored by us to answer questions. The legal basis for processing is our legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f GDPR) in answering inquiries directed at us. The data collected in this context is deleted after storage is no longer necessary, or processing is restricted if legal retention obligations exist.
1.9. Customer Surveys
From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested therein. It is our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Art. 6 Para. 1 Sentence 1 lit f GDPR. We delete the data once the survey results have been analyzed.
2. Newsletter
We reserve the right to inform customers who have already used our services or purchased goods about our offers via email or other channels from time to time, unless they have objected to this. The legal basis for this data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising at any time without any additional costs, for example via the link at the end of each email or by email to our email address mentioned above.
Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration takes place by selecting the appropriate field on our website, by ticking the box in a paper document or through another clear action whereby interested parties declare their consent to process their data, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Consent can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or informing us at our email address mentioned above. Processing of data until revocation remains lawful even in the event of revocation.
Based on the consent of the recipients (Art. 6 Para. 1 Sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.
We send newsletters using the HubSpot tool from HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes content, usage, meta/communication data, and contact data in the EU. More information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.
3. Data Processing on Our Website
3.1. Notice for Website Visitors from Germany
Our website stores information on the end device of website visitors (e.g., cookies) or accesses information already stored on the end device (e.g., IP addresses). Specific information can be found in the following sections.
This storage and access are based on the following provisions:
As far as this storage or access is absolutely necessary for us to provide the service explicitly requested by website visitors (e.g., to operate a chatbot used by the visitor or to ensure the IT security of our website), it is based on § 25 Para. 2 No. 2 of the Telecommunications-Digital Services Data Protection Act (TDDG).
Otherwise, this storage or access is based on the consent of website visitors (§ 25 Para. 1 TDDG).
Subsequent data processing takes place according to the following sections and based on GDPR regulations.
3.2. Informational Use of the Website
When using the website for informational purposes, meaning when visitors do not transmit separate information to us, we collect personal data sent by the browser to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
These data are:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Transferred data volume
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.
These data are also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.
3.3. Web Hosting and Website Provision
Our website is hosted by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA. The processing of personal data (e.g., IP addresses, form inputs) takes place exclusively in the Frankfurt region (EU). Static pages and scripts are additionally distributed via Vercel's global edge cache network; these contain no personal data.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in a reliably reachable web presence. Transfers to third countries (outside the EEA) take place on the basis of an adequacy decision (EU-US Data Privacy Framework). More information can be found in the provider's privacy policy at https://vercel.com/legal/privacy-policy.
3.4. Contact Form
When contacting us through the contact form on our website, we store the data requested there and the message content.
The legal basis for processing is our legitimate interest in answering inquiries directed at us. Therefore, the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
The data collected in this context is deleted once storage is no longer necessary, or processing is restricted if legal retention obligations exist.
3.5. Job Advertisements
We publish job advertisements on our website, associated pages, or third-party websites.
The processing of data provided during applications is carried out to conduct the application process. Insofar as these are necessary for our decision to establish an employment relationship, the legal basis is Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 1 BDSG. We have marked or indicated the data necessary for the application process. If applicants do not provide this data, we cannot process the application.
Additional data are voluntary and not required for an application. If applicants provide additional information, the basis is their consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR).
We kindly ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CVs and cover letters. They are not necessary for an application. If applicants nevertheless provide such information, we cannot prevent its processing in the context of the CV or cover letter. Its processing is then based on the applicant's consent (Art. 9 Para. 2 lit. a GDPR).
Finally, we process applicants' data for additional application processes if they have given us their consent. In this case, the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR.
Applicants' data are shared with the responsible personnel department employees, our processors in the recruiting sector, and other employees involved in the application process.
If we enter an employment relationship with the applicant following the application process, we delete the data only after the employment relationship ends. Otherwise, we delete the data at the latest six months after rejecting an applicant.
If applicants have given us their consent to use their data for additional application processes, we delete their data one year after receiving the application.
3.7. Scheduling Appointments
Visitors to our website can book appointments with us. In addition to the data entered, we process meta or communication data. We have a legitimate interest in offering interested parties an easy way to schedule appointments. Therefore, the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
For appointment scheduling we use Cal.com. We use the EU instance cal.eu (provider: Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA); data processing takes place exclusively on servers within the EU. Contact data (name, email address) and the contents of the appointment request are processed. More information can be found in the provider's privacy policy at https://cal.com/privacy.
3.8. Technically Necessary Cookies
Our website uses cookies. Cookies are small text files stored in the web browser on the visitor's end device. Cookies help make the offer more user-friendly, efficient, and secure. If these cookies are necessary for our website's operation or functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing a functioning website to customers and other visitors.
Specifically, we use technically necessary cookies for the following purpose or purposes:
Cookies that handle language settings and
3.9. Third-party Providers
3.9.1. HubSpot
We use HubSpot to generate leads, automate marketing, and analyze. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited web pages, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in managing data easily and cost-effectively.
The data is deleted when the purpose for its collection is no longer applicable, and no retention obligations oppose it. More information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.
3.9.2. Slack
We use Slack as our central internal communication and project-management tool. Submissions from our web forms are additionally mirrored to a private channel via webhook so the team can respond to incoming leads in a timely manner. The provider is Slack Technologies Limited, Salesforce Tower, 60 R801, North Dock, Dublin 1, Ireland. We use Slack's EU hosting, so data processing takes place exclusively on servers within the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in efficient internal collaboration and communication. More information can be found in the provider's privacy policy at https://slack.com/intl/en-gb/trust/privacy/privacy-policy.
3.9.3. Google Workspace
Web form submissions and appointment confirmations are processed in our Google Workspace mailboxes and calendars. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Workspace's EU data residency, so data processing takes place exclusively on servers within the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in reliable communication and calendar management. More information can be found in the provider's privacy policy at https://policies.google.com/privacy.
3.9.4. Microsoft 365
Web form submissions and appointment confirmations are processed in our Microsoft 365 mailboxes and calendars. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. We use Microsoft 365's EU data residency (EU Data Boundary), so data processing takes place exclusively on servers within the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in reliable communication and calendar management. More information can be found in the provider's privacy policy at https://www.microsoft.com/en-gb/privacy/privacystatement.
3.9.5. Plausible Analytics
We use Plausible Analytics for the statistical analysis of user behavior on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible works without cookies, collects no personal data, and hosts exclusively in the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in aggregate reach measurement. More information can be found in the provider's privacy policy at https://plausible.io/privacy.
3.9.6. Discourse
We operate our community platform at community.delicious-data.com using Discourse. The provider is Civilized Discourse Construction Kit, Inc. (CDCK), Vijzelstraat 68, 1017HL Amsterdam, The Netherlands. We use Discourse's EU hosting, so data processing takes place exclusively on servers within the EU (Dublin, Ireland data center). The provider processes contact data (username, email address), content data (posts, profile), and meta/communication data (IP address, device information).
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing a moderated community platform for our customers and prospects. More information can be found in the provider's privacy policy at https://meta.discourse.org/privacy.
4. Data Processing in Our Application
4.1. Access and Use of the Application
Our application is available for download in the Google Play Store for Android devices. When users download the application, the necessary information is transferred to the store, i.e., username, email address, and account customer number, time of download, payment information, and individual device identification number. We have no influence over this data collection and are not responsible for it. We only process data to the extent necessary to download the mobile application onto the user's mobile device.
For iOS device users and other platforms where our application is not available as a native application or who prefer not to obtain it, our application is accessible via the web browser. In this case, no download occurs through an application store. Data processing for browser-based usage takes place in accordance with the following sections, particularly for informational use (see 2.3.) and third-party tool usage.
4.2. Hosting
Our application is hosted by Microsoft Azure (hosted on servers within the EU), Google Cloud (hosted on servers within the EU), Hetzner Online (hosted on servers within the EU). The provider processes personal data transmitted via the application, e.g., content, usage, meta/communication data, or contact data. It is our legitimate interest to provide an application, so the legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
4.3. Informational Use of Our Application
When users use our application, we collect data necessary for us to offer users the functions of our application and ensure stability and security. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
The data processed to this extent are:
IP address
Date and time of request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific interface)
Access status/HTTP status code
Transferred data volume
Operating system and its interface
Language and version of the operating system
4.4. Data Processing to Provide Functions
In the application, we process data to provide users with application functions. The legal basis for processing is the usage contract concluded with the user for the application.
The data processed to this extent are:
Other identifier besides UUID
The data entered by the user in the application
Only the data entered by the user in the application
Location data
Universal Unique Identifier of the device (UUID)
4.5. User Account
Users can open a user account in the application. We process the data requested during this process to fulfill the usage contract concluded with the user for the account, so the legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR. We delete the data when users delete their user account.
4.6. Third-party Tools
4.6.1. Amplitude
We use Amplitude for product analysis. The provider is Amplitude, Inc., 631 Howard St. Floor 5. San Francisco, CA 94105, USA. The provider processes meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times) in the EU.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Processing occurs based on consents. Affected parties can revoke their consent anytime by contacting us via the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing until revocation.
The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://amplitude.com/privacy.
4.6.2. heyData
We use a data protection seal from the provider heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany (privacy policy: https://heydata.eu/datenschutzerklaerung) to provide website visitors with confirmation of our data protection compliance. The provider is the recipient of personal data within the mentioned processing.
Since the data is masked after collection, website visitors cannot be identified. More information can be found in the provider's privacy policy at https://heydata.eu/en/privacy-policy.
4.7. AI-supported Data Analysis
We provide our customers with a feature in our protected web application app.delicious-data.com that enables the analysis and preparation of business data using artificial intelligence. For this, data from our customers' analysis systems (e.g., sales data, revenue figures) can be sent to external language models (LLMs).
We strive not to transfer personal data to these external service providers. The data provided by our customers for analysis are generally non-personal. However, it cannot be completely ruled out that customers enter information in free text fields that contain personal data such as names or email addresses. Processing this data serves our customers' legitimate interest in optimizing and analyzing their business processes.
Below we list the service providers used for this purpose.
4.7.1. Open Router
We use Open Router as a technical interface to forward analysis requests to various providers of AI language models. The provider is OpenRouter, Inc., located at 169 Madison Avenue, New York, NY 10016, USA.
The provider processes the requests we transmit, as well as meta/communication data in the USA.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in providing our customers with flexible access to various AI providers and efficiently designing their analysis processes.
The transmission of potentially personal data to a country outside the EEA occurs on the legal basis of adequacy decision. The security of data transferred to the third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection. The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://openrouter.ai/privacy.
4.7.2. Google AI Platform
We use Google AI Platform services as subcontractor processors to analyze and answer our transmitted requests. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
The provider processes the business data we transmit, which may contain personal data, as well as meta/communication data in the USA.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in enabling our customers to optimize and analyze their business processes by using AI technologies.
The transmission of potentially personal data to a country outside the EEA occurs on the legal basis of adequacy decision. The security of data transferred to the third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection. The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://business.safety.google/privacy/.
4.7.3. OpenAI (ChatGPT)
We use OpenAI services to analyze and answer our transmitted requests using the ChatGPT language model. The provider is OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA.
The provider processes the business data we transmit, which may contain personal data, as well as meta/communication data in the USA.
The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We have a legitimate interest in enabling our customers to optimize and analyze their business processes by using AI technologies.
The transmission of potentially personal data to a country outside the EEA occurs on the legal basis of adequacy decision. The security of data transferred to the third country (i.e., outside the EEA) is ensured because the EU Commission decided under an adequacy decision pursuant to Art. 45 Para. 3 GDPR that the third country offers an adequate level of protection. The data is deleted when the purpose for its collection is no longer applicable, and no retention obligation opposes it. More information can be found in the provider's privacy policy at https://openai.com/policies/privacy-policy.
5. Data Processing on Social Media Platforms
We are represented in social media networks to present our organization and services there. These network operators regularly process user data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used to display advertisements matching the users' interests on network pages and elsewhere on the Internet. To do this, network operators store information about user behavior in cookies on the users' computers. It is also not excluded that the operators merge this information with other data. More information and tips on how users can object to processing by the page operators are provided in the privacy statements of the respective operators listed below. It is also possible that operators or their servers are located in non-EU countries, meaning they process data there. This may pose risks to users, e.g., because the enforcement of their rights is complicated or government agencies access data.
If network users contact us through our profiles, we process the data provided to answer the inquiries. This is our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.
5.1. Facebook
We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. An option to object to data processing can be found via ad settings: https://www.facebook.com/settings?tab=ads.
We are jointly responsible with Facebook for processing the data of visitors to our profile based on an agreement within the meaning of Art. 26 GDPR. Facebook explains which data is processed under https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected parties can assert their rights either against us or against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Affected parties will receive a quicker response if they contact Facebook directly.
5.2. Instagram
We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.
5.3. YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=en.
5.4. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=en_EN. An option to object to data processing can be found via ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5.5. Xing
We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy is available here: https://privacy.xing.com/en/privacy-policy.
6. Changes to this Privacy Policy
We reserve the right to change this privacy policy with future effect. A current version is always available here.
7. Questions and Comments
We are happy to answer any questions or comments regarding this privacy policy using the contact information provided above.