When you visit Freshflow.ai (hereinafter referred to as "Website") and use the services offered thereon, personal data of you will be processed, your data will be collected, stored, used and transmitted. In accordance with Art. 13 of the EU General Data Protection Regulation (GDPR), this data protection policy informs you about this processing and your related rights.
We, Freshflow GmbH, Unter den Linden 24, 10117 Berlin, Germany, email@example.com, are controllers within the meaning of Art. 4 (7) GDPR of the processing of your personal data on the Website.
Each time you visit the Website, even if you are merely informing yourself, we process the following data that your browser automatically transmits to our server:
If you approach us by email or via our contact form, data that you provide will be stored so that we can take care of your request and, if appropriate, respond to you. This data includes your email address and your name, but also any other contact information you provide us with, as well as your request. The legal basis for this processing is our legitimate interest to communicate with you and to provide customer support in accordance with Art. 6 (1) lit. f GDPR.
As soon as we no longer require this information to be able to help you, we will delete it within a few days. There is only one exception to this rule: We must store some information because the law requires us to do so (e.g., because of commercial or tax law retention obligations). In these cases, however, we restrict the processing of and our access to your data as far as possible.
To provide you with a convenient contact form, we use technology of Formspree Inc., (Formspree) which may result in the personal data described above in this section being transferred outside the European Economic Area (EEA), including to the United States of America.
We process your personal data to optimize the Website and our products, in which we hold a legitimate interest. For this purpose, we use the widely known tool Google Analytics. The legal basis for such processing is Art. 6 (1) lit. a GDPR.
Google Analytics analyses user behavior on the Website on our behalf. This allows us to track, inter alia, how long a visitor stays on the Website and exactly which pages he or she has visited. This allows us to see which of our pages are the most popular, and which ones we might be able to design better. Therefore, pseudonymized user profiles may be created.
For these purposes, Google sets cookies, which are used to transfer traffic information to Google servers in the U.S. However, your IP address is shortened (the last digits of the IP address are deleted) to protect your privacy which is in your legitimate interest and therefore in accordance with Art. 6 (1) lit. f GDPR. This shortened IP address will then be transferred to Google servers in the USA, but can no longer be associated with your person. While Google is also responsible for shortening your IP address, this processing will take place in the USA in exceptional cases only. Normally, the shortening takes place on servers within the EU or other contracting states of the Agreement on the European Economic Area. According to Google, the full IP address transmitted in this process is not merged with other data that Google has about you.
If you visit the ‘Careers’ section on the website, you will be referred to our HR service provider Notion (notion.so). We and Notion will process personal information that you share when visiting the Careers section as part of an application for an open position at Freshflow. The purpose of such processing is to enable us to grow our team of talents at Freshflow, and the legal basis of processing is Art. 6 (1) lit. b GDPR or – if the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) applies – Sec. 26 (1) BDSG.
A transfer of your personal data may also take place for the following purposes:
In order to be able to carry out the processing operations described in this data protection policy, we may transfer your personal data to external service providers in some cases. These transfers also include the transfer of personal data to countries that are not part of the European Economic Area (EEA) (third country transfers). If the European Commission has not issued a decision on an adequate level of protection of personal data for a country to which we transfer your data, we will take our own measures in accordance with the requirements of the GDPR to ensure an adequate level of protection.
These are the recipients of personal data which may require a third country transfer:
We process your personal data only as long as it is necessary for the fulfilment of our contractual obligations to you, for the protection of our legitimate interests or those of third parties. Excluded from this principle is such data that we must store due to legal obligations. These include, for example, the retention obligations under commercial and tax law. These retention periods are – as of now – up to ten years.
To the extent provided by law under the GDPR, you have the following rights with respect to personal data relating to you:
If you withdraw your consent to a processing of your personal data, please note that this does not affect the lawfulness of that processing up to that point in time.
If we process your personal data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR), you can object to the processing by contacting us (e.g. by email, contact data above).
Cases in which we base processing on our legitimate interest are expressly described in this data protection policy. If you exercise your right to object, we kindly ask you to explain to us the reasons why we should not process your personal data. In the event of your justified objection, we will discontinue or restrict our processing.
You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.