Privacy Policy
Information on the processing of your personal data
1. Data Controller
Byght GmbH
Christians-Platz 8, 22844 Norderstedt, Germany
Phone: +49 (0) 40 66892413 • Email: info@byght.io
How to reach us regarding data protection matters: Please use the contact details mentioned above and include "Data Protection" in the subject line.
2. General Information – Legal Bases, Purposes, Obligation to Provide Data
We process personal data transparently and for specific purposes. Unless otherwise stated below, the following applies:
Legal bases: Art. 6 para. 1 lit. a (consent), lit. b (contract/pre-contract), lit. f (legitimate interest) GDPR.
Obligation to provide data: You are not obligated to provide data. However, without certain information (e.g., contact details in forms), we cannot process your request.
Recipients: Where necessary, we use instruction-bound data processors (Art. 28 GDPR); details below.
Storage duration: We delete data as soon as the purpose ceases to exist and no legal retention obligations prevent deletion. Specific deadlines are listed in the sections below.
3. Hosting & Website Delivery
Our website is operated by an external service provider.
Host/CDN:
Netlify, Inc.
512 2nd Street, Fl 2, San Francisco, CA 94107
Purpose: Technical operation, content delivery, security/performance (e.g., protection against abuse).
Legal bases: Art. 6 para. 1 lit. b (provision of requested content) and lit. f GDPR (legitimate interest in secure, faster operation).
Recipients/Third-country transfer: When using a host located outside the EEA, data (e.g., IP addresses in server logs) may be transferred to third countries. We safeguard such transfers through appropriate guarantees (e.g., EU Standard Contractual Clauses; EU-US Data Privacy Framework for certified recipients).
Server Log Files
When accessing our pages, the server automatically processes: browser type/version, operating system, referrer URL, hostname, time, IP address.
Purpose: Operational security (defense against attacks), error analysis.
Legal basis: Art. 6 para. 1 lit. f GDPR.
Storage duration: 30 days (security logs), then deletion/anonymization.
5. Contact (Forms, Email, Phone)
When you contact us, we process your information (e.g., name, email, message, phone number).
Purpose: Processing and documentation of your inquiry, follow-up questions if necessary.
Legal basis: Art. 6 para. 1 lit. b GDPR (pre-/contractual communication) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication).
Recipients: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Storage duration: 6–24 months after completion of processing; longer retention only as necessary (e.g., warranty/liability periods).
6. Appointment Scheduling / "Start Demo" (Calendly)
On our website, we link to appointment booking via Calendly (calendly.com). When you click the link, you will be redirected to an external page; Calendly's privacy information applies there.
7. Web Analytics with Google Analytics (GA4)
We use – only with your consent – Google Analytics for reach measurement and improvement of our services.
Provider/Recipients: Google Ireland Limited (Europe); possibly Google LLC (USA).
Technology/Device access: Cookies/IDs and similar technologies (details in the cookie list).
Legal bases: § 25 para. 1 TTDSG (device access) and Art. 6 para. 1 lit. a GDPR (consent). Laws on the Internet
IP anonymization: Activated – the IP is shortened within the EU/EEA; only transferred to servers in the USA in exceptional cases.
Data transfer to third countries: Insofar as a transfer to the USA takes place, we rely on the adequacy decision (EU-US DPF) for certified recipients and otherwise on Standard Contractual Clauses. Google LLC participates in the DPF. Data Privacy Framework policies.google.com
Storage duration: Event data in GA4 is retained – depending on our configuration – for 2 or 14 months; cookie/ID lifetimes see cookie list.
Withdrawal: Consent can be changed at any time via "Cookie Settings"; additionally, you can use an opt-out add-on in your browser (Google supplement).
8. Recipients/Categories of Recipients
Hosting/Technology: Netlify, Inc.
512 2nd Street, Fl 2, San Francisco, CA 94107
Communication (Email): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Analytics/Marketing (with consent): Google Ireland Ltd.; possibly Google LLC (USA).
Appointment booking (optional): Calendly (USA).
Data processing agreements exist with all processors; we safeguard third-country transfers through SCCs and/or DPF (if certified).
9. Your Rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR) at any time.
Objection to data processing under Art. 6 para. 1 lit. e/f GDPR: You can object at any time for reasons arising from your particular situation; we will then no longer process your data unless we can demonstrate compelling legitimate grounds.
Withdrawal of consent: at any time with effect for the future (e.g., via cookie settings or by email).
Right to complain: You can complain to a data protection supervisory authority; you can find a list e.g. at the BfDI.
Contact for exercising rights: see Data Controller above.
10. Security (TLS/SSL)
We use TLS encryption to protect data during transmission; you can recognize this by the "https://" and the lock symbol in your browser.
11. Automated Decisions/Profiling
We do not make decisions based solely on automated processing and do not engage in profiling within the meaning of Art. 22 GDPR.
12. Changes to this Privacy Policy
We adapt this declaration when procedures, services or legal situation change. The current version is published here; see date above.