PRIVACY POLICY

1. Data protection at a glance

General information

This privacy policy explains what personal data we process when you visit our website, how we use this data, and what rights you have. Personal data is data that can be used to identify you.

Data collection on this website

Who is responsible?

Data processing on this website is carried out by the person named in the section “Responsible Body”.

How do we collect your data?

• Through information you actively provide (e.g., forms, newsletters, lead magnets, chat).
• Automatically collected by technical systems when visiting the website (e.g. IP address, browser, device data).

This will be done depending on your consent via our consent management system.

What do we use your data for?

• Provision and security of the website
• Handling of requests
• Support communication
• Payment processing
• Newsletter & Marketing (only with consent)
• Analysis and statistics (only with consent)
• Provision of AI-powered chat and support functions

Your rights

You have the right to:

• Information
• Correction
• deletion
• Restriction of processing
• Revocation of consent
• Objection to certain processing activities
• Data portability
• Complaint to a supervisory authority

2. Responsible body

Hajo Rappe

Moselstr. 26

40219 Düsseldorf

Germany

Telephone: 0211‑3003544

Email: mail@yourfeedback.solutions

3. Hosting

Our website is powered by Brizy.io provided. Brizy processes technical access data (e.g. IP address, browser, time of access) in order to deliver the website.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and stable hosting).

4. Cloudflare

We use Cloudflare exclusively for DNS provisioning.

It takes place no use of proxy, CDN or security features instead of.

Due to technical reasons, Cloudflare may process IP requests as part of DNS delivery.

Legal basis: Art. 6 para. 1 lit. f GDPR.

Privacy policy: https://www.cloudflare.com/privacypolicy/

5. Consent‑Management

We use Concord.tech, in order to obtain and manage consents in compliance with the law.

According to the documentation, Concord uses, among other things, the following functions:

• Automatic detection and blocking of trackers (cookies, scripts)
• Geo-targeting for region-specific versions of the banner
• automatic multilingualism
• Privacy Center including download & management of stored data

Data collected:

• Consent status
• IP address (anonymized/shortened per region)
• Device data
• Timestamp
• Records of approved consents

Legal basis:

• technically necessary: Art. 6 para. 1 lit. f GDPR
• All other cookies: Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG

6. Cookies

Cookies are only set if their categories have been approved via the consent banner.

All cookies used can be viewed at any time in the Concord Privacy Center.

7. Contact forms & inquiries

When you contact us via form, email or telephone, we process your information to handle your request.

Legal basis:

• Article 6 paragraph 1 letter b GDPR (contract/initiation)
• Article 6 paragraph 1 letter f GDPR (legitimate interest)

8. Leadmagnete, Downloads & Double‑Opt‑In

When you request PDFs, checklists or other digital content, we process your data to provide the content.

At the same time, you are subscribing to the newsletter.

Confirmation is guaranteed to be sent via Double‑Opt‑In.

Legal basis: Art. 6 para. 1 lit. a GDPR.

You can unsubscribe at any time via the unsubscribe link.

9. Newsletter & Marketing-E‑Mails

We send newsletters and marketing emails via Encharge.io.

Data processed:

• Email Address
• Name (optional)
• DOI Confirmation
• Interaction data (opens, clicks)
• Personal event data, if required for personalized evaluations

Legal basis: Article 6 paragraph 1 letter a GDPR

You can unsubscribe at any time via the link in every email.

Encharge uses sub-processors (including AWS and Mailgun) in accordance with documented GDPR measures.

10. Marketing‑Automation & Profiling

When using lead magnets, automated sequences, or personalized reports, additional data may be processed, including:

• Form details
• Website events (after consent)
• Data for creating personalized reports
• Behavior in emails
• AI-supported segmentations

This can be a automated decision-making / profiling represent in accordance with the GDPR.

Legal basis: Art. 6 para. 1 lit. a GDPR.

11. Payment processing – Stripe

When you complete paid offers, we use Stripe as a payment provider.

Stripe is:

• certified according to the “EU-US Data Privacy Framework (DPF)”
• uses SCCs for international data transmission
• collects and processes:
• Name
• E-mail
• Payment details
• Device and technical data
• Fraud prevention data

Legal basis:

• Article 6 paragraph 1 letter b GDPR (payment processing)
• Technical security: Art. 6 para. 1 lit. f GDPR

Privacy policy: https://stripe.com/privacy

12. HubSpot

We use HubSpot only for:

• Contact tracing
• individual emails

It will not Used for newsletters or tracking.

Data processed:

• Contact information
• Meeting minutes (manual)
• Communication history

Legal basis: Art. 6 para. 1 lit. b/f GDPR.

Privacy policy: https://legal.hubspot.com/privacy-policy

13. Support‑Chat

We use ThriveDesk as a support chat system.

According to the provider, ThriveDesk is fully GDPR-compliant. (wordpressgithub)

Data processed:

• Chat input
• IP address
• Browser data
• Time of communication
• Support tickets (if necessary)

Purpose: Support & communication.

Legal basis:

• Article 6 paragraph 1 letter b GDPR (processing of inquiries)
• Article 6 paragraph 1 letter f GDPR (legitimate interest in support)

14. KI‐Chatbot

We use TinyTalk.ai as an AI Chatbot.

According to TinyTalk.ai's privacy policy, data is processed in accordance with GDPR legal bases, including Art. 6 para. 1 lit. a/b/f GDPR.

Data processed:

• Chat entries
• Communication content
• Metadata
• technical data (IP address, browser)

Purpose: Answering questions & AI-supported assistance.

The chat may contain automated decisions / AI analyses.

Legal basis:

• Article 6 paragraph 1 letter a GDPR (consent via consent banner)
• Article 6 paragraph 1 letter f GDPR (interest in modern communication)

15. Analyse‑Tools & Tracking

Analysis tools are only activated if you have given your consent via the Concord banner.

The following can be processed:

• IP (abbreviated)
• Page views
• Click behavior
• technical device information

Legal basis: Art. 6 para. 1 lit. a GDPR.

You can revoke your consent at any time in the Privacy Center.

16. Your rights

You have the right to:

• Right of access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Right to object (Art. 21 GDPR)
• Withdrawal of consent (Art. 7 para. 3 GDPR)
• Data portability (Art. 20 GDPR)

17. Changes to this Privacy Policy

We regularly update this privacy policy whenever services, processes, or legal requirements change.