Privacy Policy

1. Introduction

Welcome to Orcrist Technologies GmbH ("we", "us", "our"). We are committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, process, and protect your personal data when you visit our website (orcrist.org) and use our services, in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

2. Data Controller

The data controller responsible for processing your personal data is:

Orcrist Technologies GmbH
Westerlandstr. 13
13189 Berlin
Deutschland

Represented by: Michael Heid

Contact Email: [email protected]

Full legal details can be found in our Imprint.

3. Data We Collect and How We Use It

We collect different types of data for various purposes:

• Server Log Files: When you access our website, your browser automatically transmits data to our server. This includes your IP address, date and time of access, browser type and version, operating system, referrer URL, and the requested page. This data is collected based on our legitimate interest (Art. 6(1)(f) GDPR) for ensuring the security and stability of our systems and is typically deleted after a short period unless required for security incident investigation.
• Cookies: We use cookies to enhance your browsing experience. Essential cookies are necessary for website functionality. We also use cookies for analytics and marketing purposes (e.g., Google Analytics, HubSpot) but only with your explicit consent (Art. 6(1)(a) GDPR) obtained through our cookie consent banner. You can manage your preferences or withdraw consent at any time via the cookie settings ( Cookie Settings). See section 4 for more details.
• Contact Form: If you use our contact form, we collect your name, email address, and message to respond to your inquiry. This processing is based on your consent (Art. 6(1)(a) GDPR) or for fulfilling pre-contractual measures if your inquiry relates to our services (Art. 6(1)(b) GDPR). We use HubSpot to manage contact form submissions. Data is retained as long as necessary to handle your request and for potential follow-up communication, subject to legal retention periods.
• Google Analytics: With your consent (Art. 6(1)(a) GDPR), we use Google Analytics to analyze website traffic. Google collects data such as your IP address (anonymized), pages visited, and time spent on site. This helps us understand user behavior and improve our website. Data is transferred to Google servers, potentially in the US. We have configured IP anonymization. You can opt-out via our cookie settings.
• HubSpot: We use HubSpot for CRM, marketing automation, and website analytics (tracking page views). With your consent (Art. 6(1)(a) GDPR for tracking cookies), HubSpot collects data about your interaction with our site and any information you provide via forms. This helps us manage customer relationships and personalize communication. Data may be transferred to HubSpot servers, potentially in the US. You can manage cookie consent via our settings.
• Calendly: We embed Calendly to allow you to schedule meetings. When you use this service, Calendly collects personal data necessary for scheduling (e.g., name, email, meeting details). This processing is based on your consent when initiating the scheduling (Art. 6(1)(a) GDPR) or for pre-contractual measures (Art. 6(1)(b) GDPR). Please refer to Calendly's privacy policy for details.

4. Cookies and Consent Management

We use a cookie consent management tool ("vanilla-cookieconsent") to inform you about the cookies used on our site and to obtain and manage your consent.

• Essential Cookies: These are technically necessary for the website's operation and cannot be disabled. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR).
• Analytics & Marketing Cookies: These include cookies from Google Analytics and HubSpot. We only use these cookies if you provide explicit consent (Art. 6(1)(a) GDPR) via the cookie banner.
• Managing Preferences: You can view and change your cookie preferences at any time by clicking the cookie settings icon/button ( Cookie Settings) typically found in the footer or via the initial consent banner. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Data Transfer to Third Countries

Some services we use (Google Analytics, HubSpot, Calendly) may transfer your data to servers located outside the European Economic Area (EEA), particularly the United States. We ensure that such transfers are based on appropriate safeguards as required by GDPR, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions, where applicable. We rely on your explicit consent (Art. 49(1)(a) GDPR) for these transfers when you accept analytics/marketing cookies via our consent tool.

6. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): Request information about the personal data we process about you.
• Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): Request deletion of your personal data, subject to certain conditions.
• Right to Restriction of Processing (Art. 18 GDPR): Request limitation of the processing of your data under certain circumstances.
• Right to Data Portability (Art. 20 GDPR): Request to receive your data in a structured, commonly used, machine-readable format or have it transferred to another controller.
• Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests (Art. 6(1)(f) GDPR) on grounds relating to your particular situation. You have an unconditional right to object to processing for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw your consent at any time for future processing.
• Right to Lodge a Complaint (Art. 77 GDPR): Lodge a complaint with a supervisory authority, such as the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise these rights, please contact us using the details provided in Section 2.

7. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes measures like SSL/TLS encryption for data transmission. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Log files are typically kept for a short duration for security purposes. Contact form data is kept as long as needed to address your inquiry and for reasonable follow-up. Data processed based on consent is retained until you withdraw consent or it's no longer needed for the stated purpose.

9. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this privacy policy or our data protection practices, please contact us at: [email protected]