Skip to content
English
Contact

Privacy Policy

BeastBI GmbH

Description of the affected groups

Personal data or data categories are collected, processed, and used for the following groups to fulfill the intended purpose.

Categories of data subjects affected by the processing:

Customer data, in particular contact details such as telephone, fax, and email data, contact history, and other data necessary for contract fulfillment. Interested party data, in particular contact details and other data such as identification data and click paths.

Employee data: Employees include, in particular: employees, trainees, rehabilitation patients, persons who are considered to be employee-like persons due to their economic dependence, applicants, former employees, and interns. Contract data and performance data are processed to the extent necessary for the decision on establishing an employment relationship or, after the employment relationship has been established, for its implementation or termination.

Supplier data: Suppliers / service providers / intermediaries / brokers / agencies (in particular contact details such as telephone, fax, and email data, contact and order history, and other data necessary for contract fulfillment).

Visitors and users of the online service.

Hereinafter, we refer to the data subjects collectively as "users."

Types of data processed:

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., email, telephone numbers).
  • Content data (e.g., text entries, photographs, videos).
  • Contract data (e.g., subject matter of the contract, term, customer category).
  • Usage data (e.g., websites visited, links clicked, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).
  • Processing of special categories of data (Art. 9 (1) GDPR).

IIn principle, no special categories of data are processed unless they are provided for processing by the users, e.g., entered into online forms.

Purpose of data collection, processing or use

BeastBI GmbH offers software development and digital consulting services in the areas of marketing, tracking, and analytics, and constantly informs interested parties, customers, and partners with new information from the digital world. If personal data (such as names or email addresses) is collected on our websites, this is done on a voluntary basis. For marketing and website optimization purposes, we collect navigation information from website visitors. This is data about your computer and your visit to our website, in particular your IP address, referral source, length of your visit, and pages you visit.

Personal data is collected as part of the following tasks:

  • Providing the online offering, its content, and functions.
  • Personalized display of website content.
  • Maintenance of inventory and usage data.
  • Acquiring new customers.
  • Preparing and responding to contact inquiries and communicating with users.
  • Other services for customers.
  • Provision of contractual services, service, and customer care.
  • Marketing, advertising, and market research.
  • Security measures.

As of March 30, 2025

Relevant legal basis


In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and implement contractual measures as well as to respond to inquiries is Art. 6 (1) (b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

Changes and updates to the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will update this privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Security Measures

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to it, input, transfer, ensuring its availability, and segregation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and the response to data threats. Furthermore, we take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR). The security measures include, in particular, the encrypted transmission of data between your browser and our server or to the servers of our suppliers.

Collaboration with processors and third parties

If, as part of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if the transmission of data to third parties, such as payment service providers, is necessary to fulfill the contract in accordance with Art. 6 (1) (b) GDPR), if you have consented, if a legal obligation requires this, or if it is based on our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing agreement," this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only occur if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means that processing is carried out in compliance with officially recognized specific contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

  • You have the right to request confirmation as to whether the data in question is being processed and to access this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
  • You have the right, in accordance with Art. 16 GDPR, to request the completion of the data concerning you or the rectification of inaccurate data concerning you.
  • You have the right, in accordance with Art. 17 GDPR, to request that the data in question be deleted immediately, or alternatively, to request that the processing of the data be restricted in accordance with Art. 18 GDPR.
  • You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other controllers.
  • Furthermore, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of withdrawal

You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with future effect.

Right of objection

You can object to the future processing of your data at any time in accordance with Art. 21 GDPR. You can object, in particular, to processing for direct marketing purposes.

Access to and Storage of Information on End Devices

Using our website may result in access to information (e.g., IP address) or storage of information (e.g., cookies) on your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR. In cases where such access to information or storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) Sentence 1, (2) No. 2 of the German Telemedia Act (TTDSG). In cases where such a process serves other purposes (e.g., tailoring our website to meet your needs), this is done on the basis of Section 25 (1) TTDSG only with your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time for the future. Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

Cookies and the Right to Object to Direct Marketing

We use temporary and permanent cookies, i.e., small files that are stored on users' devices (for an explanation of the term and function, see the last section of this Privacy Policy). Some of these cookies serve security purposes or are necessary for the operation of our online offering (e.g., for displaying the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users are informed in the course of this Privacy Policy.

A general objection to the use of cookies used for online marketing purposes can be declared for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, not all functions of this website may be available.

Deletion of Data

The data we process will be deleted or restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements, storage takes place in particular for 6 years according to Section 257 Para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to Section 147 Para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Provision of contractual services

We process inventory data (e.g., names and addresses as well as contact details of users), contractual data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 (1) (b) GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.

Users can optionally create a user account, in particular, where they can view their orders. The required mandatory information is communicated to users during registration. User accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data relating to the user account will be deleted, unless retention is required for commercial or tax law reasons in accordance with Art. 6 (1) (c) GDPR. It is the responsibility of users to back up their data before the end of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the term of the contract.

When you register, log in again, or use our online services, we save your IP address and the time of each user action. This data is saved on the basis of our legitimate interests, as well as the user's interest in protecting against misuse and other unauthorized use. We generally do not share this data with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR. We process usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to show users, for example, product information based on services they have previously used. Data is deleted after statutory warranty and similar obligations have expired; the necessity of retaining the data is reviewed every three years. In the case of statutory archiving obligations, deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) retention period); information in the customer account remains until its deletion.

Contacting us

When you contact us (via contact form or email), the user's information will be processed to process the contact request and its handling in accordance with Art. 6 (1) (b) GDPR. User information may be stored in our customer relationship management system and marketing automation platform ("CRM & Marketing System") or a comparable request organization.

We use the CRM, registration, and marketing automation system "HubSpot" from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with offices in Ireland (One Dockland Central, Am Postbahnhof 17, 10243 Berlin) based on our legitimate interests (efficient and rapid processing of user inquiries, applications, and optimization of our online offering). For this purpose, we have concluded a contract with HubSpot containing so-called standard contractual clauses, in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with EU data protection standards. Further information on HubSpot's privacy policy can be found here: https://legal.hubspot.com/de/dpa and https://legal.hubspot.com/de/privacy-policy.

Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information is stored on servers of our software partner, HubSpot. We may use it to contact visitors to our website and determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing.

We delete inquiries if they are no longer required. We review their necessity every two years. We permanently store inquiries from customers who have a customer account and refer to the customer account information for deletion. In the case of statutory archiving obligations, deletion occurs after these expire (end of the retention period under commercial law (6 years) and tax law (10 years)).

Contact form

BeastBI GmbH provides a web form for processing contact requests. When using this form, your personal data will be processed if necessary to process your support request. Processing your support request requires the processing of your contact details (email address), as well as the subject of the request, the category of the request, and the content of the request (ticket description). If necessary, any file attachments you provide (usually screenshots) will also be processed. Furthermore, interacting with the HubSpot support form will technically transmit certain personal data to the provider HubSpot (your IP address and other technical data such as the HTTP referrer, the date and time of the request, the file accessed, etc.).

In addition, with your consent, personal data may be processed whose processing is not necessary for the purpose of processing support requests, but facilitates or accelerates this in your interest. This primarily includes providing your telephone number and possibly also files attached to the support request, provided they contain your personal data whose processing is not necessary for the purpose of the support request.

Please ensure that attached files, especially screenshots, do not contain any personal data of third parties.

If you only provide data that is necessary to process your support request, this data processing is based on our contractual obligation to you to provide the relevant support services (Art. 6 (1) (b) GDPR). If you voluntarily provide additional, non-essential data, the data processing is based on your consent (Art. 6 (1) (a) GDPR).

In connection with the processing of your support request, the above-mentioned personal data will be transferred to the USA. The recipient of the data is HubSpot (HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA). Further information on data protection at Hubspot can be found at: https://legal.hubspot.com/de/privacy-policy

Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we take additional security measures to protect our customers' personal data.

Comments and Posts

Users can only post comments and posts after prior registration. This requires consent to the storage and use of data and acceptance of our privacy policy.

Collection of access data and log files

Based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process user data if they communicate with us within the social networks and platforms, e.g., by posting on our online presences or sending us messages.

Cookies & Reach Measurement

Cookies are information that is transferred from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. We use "session cookies," which are stored only for the duration of the current visit to our website (e.g., to enable the use of our online services). A session cookie stores a randomly generated unique identification number, a so-called session ID. Furthermore, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services, for example, by logging out or closing your browser. Users are informed about the use of cookies for pseudonymous reach measurement in this privacy policy. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may result in functional limitations of this website. You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

HubSpot

We use HubSpot for marketing activities on our website. HubSpot is a US software company with a branch office, HubSpot Ireland Limited, located at 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. We use this integrated software solution for our own marketing, lead generation, and customer service purposes. This includes, among other things, email marketing, which manages the distribution of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages, and contact forms. HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your device and enable us to analyze your use of the website. HubSpot evaluates the collected information (e.g., IP address, geographical location, browser type, duration of visit, and pages viewed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected via HubSpot, as well as the content of our website, is stored on servers of HubSpot's service providers. If you have given your consent in accordance with Art. 6 (1) (a) GDPR, the processing on this website is carried out for the purpose of website analysis. Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed even through this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings accordingly. You can object to the processing of your personal data at any time with effect for the future.

Newsletter & Email Marketing Automation

The newsletter is sent and its success is measured based on the recipient's consent in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 of the German Unfair Competition Act (UWG) or on the basis of legal permission in accordance with Section 7 (3) of the German Unfair Competition Act (UWG). Logging of the registration process is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR and serves as proof of consent to receive the newsletter. Cancellation/Revocation - You can cancel your subscription to our newsletter at any time, i.e., revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If users have only subscribed to the newsletter and then canceled their subscription, their personal data will be deleted.

Integration of third-party services and content

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use content or service offerings from third-party providers within our online offering to integrate their content and services, such as videos (hereinafter collectively referred to as "content"). This always requires that the third-party providers of this content perceive the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavor to only use content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" enable information such as visitor traffic on the pages of this website to be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as be linked to such information from other sources.

The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):

  1. Videos from the "YouTube" platform of the third-party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.
  2. Within our online offering we use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages that contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website using your IP address. With the help of the LinkedIn Insight Tag, we can in particular analyze the success of our campaigns within LinkedIn or determine target groups for these based on user interaction with our online offering. If you are registered with LinkedIn, LinkedIn can assign your interaction with our online offering to your user account. Even if you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn can assign your visit to our website to you and your user account. Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed to standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  3. Functions of the Twitter service or platform (hereinafter referred to as “Twitter”) may be integrated into our online offering. Twitter is an offering from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These functions include the display of our posts on Twitter within our online offering, the link to our Twitter profile, the option to interact with the posts and functions of Twitter, and to measure whether users reach our online offering via the advertisements we place on Twitter (so-called conversion measurement). Since personal data is transferred to the USA, additional protective mechanisms are required to ensure the data protection level of the GDPR. To guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed even through this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
  4. External code of the JavaScript framework “jQuery”, provided by the third-party provider jQuery Foundation, https://jquery.org.

Data Protection Officer

In accordance with GDPR Article 37, BeastBI GmbH appoints Heinz Klemann (Heinz@lions-of-liberty.com) as Data Protection Officer.