Book a demo

Privacy Policy

How we handle your personal data is explained in this privacy policy. It is based on the General Data Protection Regulation (GDPR). Except the third party providers that we name in this document, we do not pass any data to third parties. If you have any questions, please contact us.

Content

Controller

The controller for processing of data is

Laya Technologies GmbH
Hansastr. 10
80686 Munich

Data protection officer:

Rechtsanwalt Frank Hütten
Noll & Hütten Rechtsanwälte GbR
Donnersbergerstr. 41
80634 München
E-Mail: dataprivacy@laya.ai
Tel.: +49 89 124 146 046

General Information

Provision of data

As a rule, it is neither legally nor contractually required to provide personal data in order to use our website. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we shall inform the user of this circumstance and the consequences of not providing the data in this privacy policy.

Data transfer to third countries

We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). Insofar as there is an adequacy decision by the European Commission for the transfer of data to a third country, we refer to this in this privacy policy. Furthermore, users can obtain a copy of the appropriate safeguards from us, insofar as these are not already contained in the privacy policies of the service providers or third-party providers.

Automated decision-making

In the event that we use automated decision-making, including profiling, this privacy policy will inform you of this fact, the logic involved and the scope and intended effects of such processing. Otherwise, there shall be no automated decision-making process.

Processing for other purposes

Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, data is intended to be further processed for other purposes, we will inform you of these other purposes prior to such further processing and provide all other relevant information (Art. 13 (3) GDPR).

Website hosting

Every time our website is called up, the user’s browser transmits various data. For the duration of the visit on the website, the following data is processed and stored in log files even after the connection has ended:

Browser type and version used
Operating system
Pages and files accessed
Amount of data transmitted
Date and time of retrieval
User’s provider
IP address in anonymous form
Referrer URL

The processing of this data is necessary in order to deliver the website to the user and to optimise it for the user’s end device. Storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are not rendered anonymous before being stored in log files.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the website and to improve website security. Log files are automatically deleted after 30 days.

Our website is designed and operated by the provider Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

Cookies, pixel tags and mobile identifiers

On our website, we use technologies to recognise the used end device. These can be cookies, pixel tags and/or mobile identifiers.

The recognition of an end device can generally be used for different purposes. It may be necessary in order to provide functions of our website, for example to make a shopping cart available. In addition, these technologies can be used to track user behaviour on the site, for example for advertising purposes. We describe the technologies we use and the purpose of their use separately and in detail in this privacy policy.

For a better understanding, we will explain below how cookies, pixel tags and mobile identifiers work in general:

Cookies are small text files that contain certain information and are stored on the user’s end device. In most cases, the information consists of an identification number that is assigned to an end device (cookie ID).
A pixel tag is a transparent graphic file that is integrated into a page and enables a log file analysis.
A mobile identifier is a unique number (mobile ID) stored on a mobile device which can be read out by a website.

Cookies may be required for our website to function properly. The legal basis for the use of cookies of this nature is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the functions of our website.

We use cookies that are not required for the operation of our website in order to make our offer more user-friendly or to be able to trace the use of our website. The legal basis here depends on whether user consent must be obtained or whether we can invoke a legitimate interest. The user can revoke given consent, among other things, by means of browser settings at any time.

The user can prevent and object to the processing of data by means of cookies by choosing suitable browser settings. An objection may lead to some functions on the website no longer being available. We will inform you separately about further possibilities for objecting to the processing of personal data by means of cookies in this privacy policy. Where necessary, we provide links which can be used to state an objection. These are labelled “opt-out”.

Establishing contact

In the event contact is established, we process the user’s details, date and time for the purpose of processing the enquiry, including any queries.

Fo customer relations management, we use the CRM system HubSpot CRM. Provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

The legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to answer our user’s enquiries. Additional legal basis is provided by Art. 6(1) b) GDPR, if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.

The data will be deleted as soon as the enquiry, including any queries, has been answered. We will check at regular intervals, but at least every two years, whether any data accumulated in connection with contacts must be deleted.

Affiliate links

We participate in affiliate programmes. This means that we place links to partner companies. If a user clicks on such an affiliate link, we may receive a commission. In this case it is necessary to assign the activities of the user on the pages of the partner company to our site. This is achieved through the link or in another way, for example through cookies. Accumulated data will be processed exclusively for this purpose.

Insofar as we obtain user consent, Art. 6 (1) a) GDPR is the legal basis for the processing. Otherwise, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest lies in financing our services.

The processed data will be deleted as soon as it is no longer required to settle the commission.

Users have the possibility to register for newsletters on our site. In this context, we process the data entered during registration in order to send a confirmation e-mail to the user’s e-mail address. Upon confirmation, we process the data in order to be able to send newsletters. For the purpose of personalisation, we may also process the name of the user, if the user has provided it.

At registration, date and time as well as the IP address of the user are stored to be able to prove an entry. Upon deregistration, we process this data for verification purposes and delete it after three years at the end of the year.

To improve our content, we measure how successful our newsletters are, for example how often they are opened by users and which links are clicked on. For this purpose, e-mails contain a pixel tag. We do not track the activities of individual users.

The legal basis for the processing is user consent according to Art. 6 (1) a) GDPR. Otherwise, the legal basis for the processing is Art. 6 (1) f) GDPR. Legitimate interests on our part are sending newsletters, personalised addressing of the user and proof that the user has registered for the newsletter.

Mailchimp

We use Mailchimp to send newsletters. Provider: The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

Amazon SES

We use Amazon Simple Email Service (Amazon SES) to send and receive emails. Provider: Provider: Amazon Web Services Inc, P.O. Box 81226, Seattle, WA 98108-1226.

In this context, we process the user’s e-mail address.

Insofar as we obtain the user’s consent for sending e-mails, the processing of data is based on the legal basis of Art. 6 (1) a) GDPR. Otherwise, it is based on Art. 6 (1) f) GDPR. Our legitimate interest lies in simple and efficient communication with our users.

To protect personal data, we have concluded standard contractual clauses approved by the EU Commission with Amazon Web Services: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Hubspot E-Mail-Marketing

We use Hubspot to send newsletters. Provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

Registration for a user account

Users can register for our offer on our website. In this context, we will process the data entered during registration. We have the specified e-mail address confirmed by sending a link (double opt-in) to prevent misuse of the registration function. For this purpose, we also process the date and time and the IP address of the user. For verification purposes, we also process the date, time and IP address of the user when the confirmation link is clicked.

The data will be deleted when the user account is deleted after three years at the end of the year, unless a longer legal obligation to retain the data is opposed.

The legal basis for the processing is Art. 6 (1) a) GDPR insofar as we obtain user consent. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is based on Art. 6 (1) b) GDPR. Otherwise, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest is to provide users with access to our offer requiring registration, to protect us from misuse of the registration function and to be able to prove proper registration. After the deletion of the user account, our legitimate interest also consists in the defence of possible claims.

Job applications

When users apply for a job, we process personal data for the purpose of the application process. In addition to the data transmitted by the user, we also process other data that is collected during the application process (e.g. during a job interview). Should we include data in an applicant pool, this will only be done on the basis of the user’s prior consent. In this case, the data will be processed beyond the conclusion of the application procedure so that contact can be established in the event of suitable job offers.

Applicant data will be deleted three months after completion of the application procedure. In the event of inclusion in an applicant pool, the data will be retained for a maximum of two years, unless the consent given is revoked beforehand.

The legal basis for the processing is Art. 6 (1) b) GDPR. If consent is given for inclusion in an applicant pool, the processing is based on Art. 6 (1) a) GDPR. At the end of the application procedure, processing takes place on the basis of Art. 6 (1) f) GDPR. Our legitimate interest consists in the defence of possible claims under Allgemeines Gleichbehandlungsgesetz [German General Equal Treatment Act].

Other third-party services

Facebook Pixel

We use Facebook pixels for online marketing purposes. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The Facebook pixel allows us to display interest-based advertising based on the use of our website via Facebook. For this purpose, a cookie is set on the user’s end device, which can be used to assign an identification number to the user. In addition, further advertising-relevant data of the user such as browser information, device information, the pages visited, the time of the visit and referring URLs are processed. We only receive summary results from Facebook, which enable us to track how successful our advertising measures are. We use Facebook pixels without advanced matching.

Users can opt-out of Facebook’s collection and use of information for interest-based advertising on the following pages: http://www.aboutads.info/choices and http://www.youronlinechoices.eu

Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, it is based on Art. 6 (1) f) GDPR. Our legitimate interest is to be able to display advertising relevant to users.

In the use of Facebook pixels, we and Facebook are jointly responsible in the sense of Art. 26 GDPR. We have therefore entered into an agreement with Facebook in which it is specified who fulfils which obligations under the GDPR. According to this agreement, we are responsible for providing information for the joint processing of personal data in accordance with Art. 13 and 14 GDPR. It has been agreed between us and Facebook that Facebook is responsible for enabling the rights under articles 15 to 20 GDPR with regard to the personal data stored by Facebook after joint processing.

The agreement on joint responsibility can be found here: https://www.facebook.com/legal/controller_addendum

Information on how Facebook processes personal data, the information pursuant to Art. 13 GDPR including the legal basis on which Facebook bases this, as well as the possibilities for the user to exercise his or her rights Facebook, can be found in Facebook’s privacy policy.

Google Analytics

We use Google Analytics to analyse the use of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To be able to track user activities on the website, a cookie is placed on the end device. We use Google Analytics with the extension anonymize IP. The user’s IP address is automatically truncated before being transmitted to servers in the USA. Among other things, the approximate geographical location, end device, screen resolution, browser and visited pages including the length of stay are evaluated.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interests are optimising our website, improving our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14 months.

Opt-Out

HubSpot Analytics

We use HubSpot for our online marketing. Provider: HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

HubSpot enables us to combine various activities on one platform, including sending newsletters, managing our social networking channels, and web analytics. In order to analyse the use of our website, Hubspot uses cookies and pixel tags. Among other things, the approximate geographical location, end device, screen resolution, browser and visited pages including the length of stay are evaluated.

Opt-Out

Sentry

We use Sentry.io to analyse technical errors on our website. Provider: Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA.

Program errors are recorded by Sentry.io and reported to us. In this context, user data is also processed if it is related to a program error. Data on the end device used, the software installed on it and the settings is also processed. In addition, browser type and operating system used, data on the network used, the URL of the page on which an error occurred, the URL of the previously visited page and the IP address are also processed.

The legal basis for the use of Sentry.io is Art. 6 (1) f) GDPR. Our legitimate interest is secure and error-free website operation.

Personal data will be deleted after 24 months at the latest.

Datadog

We use Datadog to analyse technical errors on our website. Provider: Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018, USA.

Program errors are recorded by Datadog and reported to us. In this context, user data is also processed if it is related to a program error. Data on the end device used, the software installed on it and the settings is also processed. In addition, browser type and operating system used, data on the network used, the URL of the page on which an error occurred, the URL of the previously visited page and the IP address are also processed. Datadog uses personal data exclusively to provide the service for us and to support us in troubleshooting.

The legal basis for the use of Datadog is Art. 6 (1) f) GDPR. Our legitimate interest is secure and error-free website operation.

Personal data will be deleted after 24 months at the latest.

Privacy Poli c y of Datadog

Facebook Pixel

We use Facebook pixels for online marketing purposes. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

The Facebook pixel allows us to display interest-based advertising through Facebook based on the use of our website. For this purpose, cookies are set on the user’s end device or other technologies such as tracking pixels are used. In addition, further advertising-relevant data of the user such as browser information, device information, the pages visited, the time of the visit and referring URLs are processed. Facebook only provides us with summary results that allow us to track the success of our advertising efforts and to analyse and gain insight into users and their use of our website, products and services.

We use the Facebook pixel with advanced matching. Facebook matches the information we provide through Facebook pixels with Facebook profiles so that we can serve ads to our customers and their like on Facebook, Instagram and other networks.

Users can opt-out of Facebook’s collection and use of information for interest-based advertising on the following pages: http://www.aboutads.info/choices and http://www.youronlinechoices.eu.

For the use of Facebook pixels, we obtain the user’s consent in accordance with Art. 6 (1) a) GDPR.

When using Facebook pixels, we and Facebook are jointly responsible in the sense of Art. 26 GDPR. We have therefore entered into an agreement with Facebook in which it is specified who fulfils which obligations under the GDPR. According to this agreement, we are responsible for providing information for the joint processing of personal data in accordance with Art. 13 and 14 GDPR. It has been agreed between us and Facebook that Facebook is responsible for enabling the rights under articles 15 to 20 GDPR with regard to the personal data stored by Facebook after joint processing.

The agreement on joint responsibility can be found here: https://www.facebook.com/legal/controller_addendum

Amazon CloudFront

We utilise the content delivery network (CDN) Amazon CloudFront. Provider: Amazon Web Services Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.

Content is loaded from CDN servers. In order to establish a connection, it is technically necessary to transmit the user’s IP address.