Skip to content
Privacy policy
Privacy policy
Privacy policy
Privacy policy

Data Protection Information

– www.optilyz.com –

In the course of using this website, your personal data will be processed by us as the data controller and stored for the duration required to fulfil the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

Depending on the processing (term in the GDPR) or handling (term in the Swiss DPA) (hereinafter uniformly referred to as “processing”) of personal data, or personal data (uniformly referred to as “personal data”), the Swiss data protection law (Federal Data Protection Act of 25 September 2020, hereinafter FADP, SR 235.1) may also or exclusively apply in addition to the European data protection law (Regulation (EU) 2016/679, hereinafter the General Data Protection Regulation, (GDPR)).

Personal data is, according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person (hereinafter “data subject or user”).

1. Name and Contact details of the Controller

This data protection information applies to the processing of data on the website www.optilyz.com by the responsible party:

optilyz GmbH
Neue Schönhauser Str. 19
10178 Berlin

(hereinafter „optilyz“)

External data protection officer
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Burchardstrasse 14, 20095 Hamburg

For all questions regarding data protection concerns, you can contact us and our data protection officer via datenschutz@optilyz.com.

If you have a particularly sensitive request, please contact our data protection officer by mail, as communication by email can always have security gaps.

2. Processing of Personal data and Purpose of Processing

We process personal data on the basis of the relevant legal basis according to the GDPR or the processing principles according to Art. 6 to 8 DPA.

a) Webhosting

For the provision of this website we use the web hosting service Amazon Web EMEA Sàrl, 5 rue Plaetis, 2338 Luxemburg, Luxemburg (hereinafter „AWS“).

The commissioning of a web hosting service is necessary for the offer of a website. The use of AWS takes place according to Art. 6 (1) (f) GDPR due to our legitimate economic interest in providing our offer on this website. In connection with the hosting, AWS processes personal data on our behalf, which is generated during the use of the website.

We have concluded a data processing agreement with AWS. Through this agreement, the web hosting provider assures that it processes the data in accordance with the GDPR and ensures the protection of the rights of the data subject. AWS stores and processes data in the USA. Only pseudonyms are transmitted. It is not possible to draw conclusions about your person. We have concluded standard contractual clauses approved by the EU Commission and provided with the additions required for Switzerland pursuant to Art. 16 Para. 2 lit. c FADP with AWS. Standard contractual clauses represent suitable guarantees to compensate for the deficit in the level of data protection in the USA. For more information on the transfer of data to unsafe third countries, see section 3 h).

b) When visiting the Website

You can access the website www.optilyz.com, without having to disclose any information about your identity. The browser used on your terminal device only automatically sends information to the server of our website (e.g., date and time of access, name and URL of the file accessed, browser type and version, the website from which access is made (referrer URL)).

This also includes the IP address of your requesting end device. The IP-Address is temporarily stored in a so-called log file and is automatically deleted after 2 weeks:

The IP address is processed for technical and administrative purposes of connection establishment and stability, to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.

The legal basis for the processing of the IP address is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the mentioned security interest and the necessity of a trouble-free availability of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.

In addition, we use cookies and pixel tags as well as analysis services when you visit our website. You can find more detailed explanations of this in sections 4 and 5 of this data protection information.

c) When subscribing to our newsletter

If you have explicitly consented in accordance with Art. 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. For the receiving of the newsletter, the specification of an email address is sufficient.

You can unsubscribe at any time, in accordance with the GDPR and with Art. 3 para. 1 lit. o Swiss Act against Unfair Competition (UWG) by clicking on the “Unsubscribe” link at the end of the newsletter. Alternatively, you can also send your unsubscribe request at any time by email to datenschutz@optilyz.com.

We use the service of CleverReach GmbH & Co. KG, CRASH Building, Schafjueckenweg 2, 26180 Rastede, Germany (hereinafter „CleverReach“). We have concluded an order processing contract with CleverReach.

d) When using the contact form

We offer you the possibility to send us a contact request via the contact form provided online so that we can contact you personally. Here we collect the following mandatory information:

  • name,
  • business email-adress and
  • your phone number.

The aforementioned data are necessary so that we know from whom the request originates and to be able to contact you personally.

This data processing is carried out in the context of answering the contact request on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

The personal data collected by us for the use of the contact form will be deleted as soon as your inquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations.

In order to provide the contact form, we transmit data to Zapier (see section 3b).

e) To create a Customer Log-In

There is a log-in area on our website. In this area you can view and manage your campaigns. To log in, we require a valid email address. In addition, we process the name of the contact person and, if applicable, a telephone number. We need this data to identify you and to be able to assign the respective campaigns to a customer. We process your data on the basis of our legitimate interest according to Art. 6 (1) (b) GDPR. The processing of personal data is necessary for the performance of the contract between you and us.

f) When booking a demo, case study or using other services.

Through a contact form on our website, you can book a demo of our products. Through our website, it is also possible to book case studies or use other services.  To do this, you must provide your name, phone number, and email address. We need the data to contact you regarding the demo. The data processing is carried out according to Art. 6 (1) (b) GDPR for the fulfilment of contractual obligations.  

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after the completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from German Commercial Code, German Criminal Code, or Fiscal Code of Germany), will be automatically deleted after the statutory retention period.

3. Disclosure of personal data

a) Transmission to Salesforce Sales Cloud

We use the Salesforces Sales Cloud by Salesforce Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, US (hereinafter “Sales Cloud”). Sales Cloud is a customer relationship management (CRM) system. We use the Sales Cloud for customer care. For this purpose, we process customer data. We describe the legal basis of the respective processing in the respective processing purposes described in section 2.

The personal data processed by Sales Cloud is transferred to and processed on servers in the US. Sales Cloud has a TADPF certification for this third country transfer

or acts on the basis of the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP). If you consent to being included in our CRM, you therefore consent at the same time to your data being transferred to the USA in accordance with Art. 17 FADP.

b) Zapier

We use the services of Zapier Inc, 548 Market St. #62411, San Francisco, CA 94104, USA (hereinafter “Zapier”), among other things, to display contact forms (see section 2d) or other functions. We describe the legal basis of the respective processing in the respective processing purposes described in section 2.

Zapier transmits and stores the data on servers in the USA. We have entered into a contract with Zapier for commissioned processing involving the standard contractual clauses approved by the EU Commission applicable for the EU and provided with the additions required for Switzerland pursuant to Art. 16 para. 2 lit. c FADP. The conclusion of the standard contractual clauses provides appropriate safeguards pursuant to Article 46 (1) of the GDPR (see section 3 h).

c) PostHog

We use the services of PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA (hereinafter “PostHog”), among other things, to collect usage information for the software we provide, including email addresses and company names that you provided when setting up your account to better support our customers. The legal basis for the processing of your data is 6 (1) (b) GDPR.

PostHog transmits and stores the data on servers in the EU only, but they are a US company. We have entered into a contract with PostHog for commissioned processing involving the standard contractual clauses approved by the EU Commission applicable for the EU and provided with the additions required for Switzerland pursuant to Art. 16 para. 2 lit. c FADP.  The conclusion of the standard contractual clauses provides appropriate safeguards pursuant to Article 46 (1) of the GDPR (see section 3 h) or Art. 16 para. 2 lit. d FADP.

d) LaunchDarkly

We use the services of Catamorphic Co., 1999 Harrison St , Suite 1100, Oakland, CA 94612, USA (hereinafter “LaunchDarkly”), among other things, to specify which of our features you have access to in the software we provide, based on information including email addresses and company names that you provided when setting up your account. The legal basis for the processing of your data is 6 (1) (b) GDPR.

LaunchDarkly transmits and stores the data on servers in the US. We have entered into a contract with LaunchDarkly for commissioned processing involving the standard contractual clauses approved by the EU Commission applicable for the EU and provided with the additions required for Switzerland pursuant to Art. 16 para. 2 lit. c FADP. The conclusion of the standard contractual clauses provides appropriate safeguards pursuant to Article 46 (1) of the GDPR (see section 3 h) or Art. 16 para. 2 lit. d FADP.

e) Sentry

We use the services of Functional Software, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA (hereinafter “Sentry”), among other things, in order to be able to track technical errors in our software. In the context of this, user data such as company names or IP and email addresses may also be transmitted. The legal basis for the processing of your data is 6 (1) (b) GDPR.

Sentry is an US company. Sentry has a TADPF certification for this third country transfer or acts on the basis of the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP).

f) Typeform

We use the service provider TYPEFORM S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain (hereinafter: Typeform) to create web forms on our website for certain requests (see section 2d).

Typeform processes the data on our behalf on the basis of a data processing agreement. This ensures that Typeform only processes data in accordance with applicable data protection law.

You can find more information about Typeform’s privacy policy here.

g) Google reCAPTCHA

We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

The personal data processed by Google is transferred to servers in the USA and processed there. Google has a TADPF certification for this third-country transfer or acts on the basis of the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP).

h) Disclosure of personal data to third parties

We only transfer personal data to third parties if the following requirements are fulfilled:

  • you have given your explicit consent to this pursuant to Art. 6 (1) (a) GDPR,
  • as far as this is legally permissible and necessary according to Art. 6 (1) (b) GDPR for the processing of contractual relationships with you,
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) (c) GDPR or
  • insofar as this is legally permissible and necessary to protect our interests or those of third parties pursuant to Art. 6 (1) (f) GDPR.

The data disclosed may be used by the third party exclusively for the purposes stated as well as in accordance with Art. 8 and 9 FADP are processed within the scope of the order and with the necessary data security.

i) Transfer of personal data to third countries

In connection with data processing, data may be transferred to third countries, i.e. to recipients outside the EU or the European Economic Area (EEA). Insofar as a decision of the European Commission on the existence of an adequate level of protection (cf. Art. 45 (3) DSGVO or Art. 16 para 2 FADP) exists with regard to the third country, no additional measures are required for the data transfer. In the case of a data transfer to recipients based in the USA, this is carried out on the basis of the so-called Transatlantic Data Privacy Framework (TADPF) of 10.07.2023, provided that the recipient has the corresponding certification or on the basis of the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP). A list of the currently certified companies is available here. In other cases, as well as in the case of data transfers to other so-called non-secure third countries, a data transfer only takes place if the requirements of Art. 46 et seq. DSGVO or Art. 16, 17 FADP re met. Specifically, this means that a transfer to a third country only takes place if

  • the recipient provides sufficient so-called guarantees in accordance with Article 46 of the GDPR or Art. 16 para 2 FADP for the protection of personal data,
  • you have expressly consented to the transfer, after which we have informed you of the risks, in accordance with Art. 49 (1) lit. a DSGVO or Art. 17 para 1 lit. a FDAP,
  • the transfer is necessary for the performance of contractual obligations between you and us (Art. 17 Abs. 1 lit. b FADP), or
  • another exception pursuant to Art. 49 DSGVO or Art. 17 FADP applies.

Which of the aforementioned bases applies in individual cases is shown in the respective processing.

Data transfers to recipients based in the USA who do not have TADPF certification and in respect of whom an adequate level of data protection cannot be established by means of guarantees within the meaning of Art. 46 of the Data Protection Regulation (DSGVO) or Art. 16 FADP shall only take place with your consent within the meaning of Art. 49 Para. 1 lit. a DSGVO or Art. 17 Abs. 1 lit. a FADP. We would like to point out that in the case of recipients based in the USA without TADPF certification, no adequate level of data protection can be guaranteed that would be comparable to that in the EU. There is therefore a risk that US authorities may gain access to the personal data on the basis of the surveillance programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective means of redress against these accesses in the US or the EU.

4. Cookies and similar functions

We use cookies and similar functions on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

In the cookie, information is stored that occurs in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

We also use functions similar to cookies, such as pixel tags, tracking pixels or beacon trackers, as part of our online offering. Pixels are small graphics that are integrated via the HTML code of our site. The pixel tag itself does not store or change any information on your end device, so pixels do not cause any damage to your end device and do not contain viruses, Trojans or other malware.

The use of cookies or similar functions (hereinafter “cookies”) serves on the one hand to make our offer technically available to you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website and to recognize whether you are already logged into your user account, as well as to offer services that you have requested. These are automatically deleted after you leave our site. These cookies are considered strictly necessary according to sec. 25 (2) no. 2 TDDDG (German Data Protection and Privacy in Telecommunications and Telemedia Act). We may therefore set them without your prior consent. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests in the technical provision of our offer. The storing of strictly necessary cookies and the processing of data collected through strictly necessary cookies is carried out on the basis of sec. 25 (2) no. 2 TDDDG in conjunction with Art. 6 (1) sentence 1 (f) GDPR.

On the other hand, we use cookies as part of our offer to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time and are only set on the basis of your consent according to sec. 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) sentence 1 (a) GDPR (see section 5).

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of even strictly necessary cookies may mean that you cannot use all the functions of our website.

a) Consent management with CookieFirst

To manage consent for the use of cookies and similar technologies, we use the consent management service of Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, the Netherlands, (hereinafter: CookieFirst) on our website. In this context, the date and time of the visit, browser information, consent information, device information, opt-in and opt-out data, and the anonymized IP address of the requesting device are processed. The legal basis for this is Art. 6 (1) (c) GDPR. The use of the CookieFirst tool serves to obtain and manage their legally required consent to data processing and is to be regarded as the fulfilment of the legal obligation in the sense of the aforementioned provision. They can revoke their consent for the future at any time, also using the same tool. For Switzerland, the revocation pursuant to Art. 45 c Telecommunications Act (TCA) applies.

b) Google Tag Manager

The Google Tag Manager Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: “Google”) is used on our website. We use Google Tag Manager to manage the tools about which we provide information in this privacy policy. We list details regarding these tools separately in this information. We use the Google Tag Manager based on our legitimate interest according to Art. 6 (1) (f) GDPR in the integration of tags. Google processes the information on our behalf.

The Tag Manager itself (which implements the tags) triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

The personal data processed by the Google Tag Manager is transferred to servers in the USA and processed there. The transmitted data are only pseudonyms; it is not possible to infer your name. Google has a TADPF certification for this third country transfer. For Switzerland, if you consent to processing by Google, you consent at the same time to your data being transferred to the USA in accordance with Art. 17 FADP.

You can find more information about Google Tag Manager here.

5. Webanalysis

The tracking and targeting measures listed below process personally identifiable information based on your consent pursuant to Art. 6 (1) (a) GDPR. The cookies or similar functions required for tracking and targeting measures are set on the basis of sec. 25 (1) sentence 1 TDDDG in conjunction with Art.6 (1) sentence 1 (a) DSGVO. You can revoke your consent at any time in the future via our consent management tool (CookieFirst). You can access the consent management tool at any time via the blue and white fluted circle in the lower left corner of the website.

With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is geared to your actual or presumed interests.

The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: “Google”). In this context, pseudonymous usage profiles are created and cookies are used (see section 4).

The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there.

The processing of personally identifiable information on Google Analytics is based on your consent pursuant to 6 (1) (a) GDPR. You can revoke your consent at any time via the consent management tool. Google processes the information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage for the purposes of market research and tailoring these internet pages to your needs.

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address is not merged with other data from Google.

We do not use the Universal Analytics with User ID offered by Google.

If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf.

The user data collected via cookies is automatically deleted after 14 months.

The information generated by the cookies set by Google Analytics about the use of our website is transmitted to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. Google has a TADPF certification for this third-country transfer.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics-Help. Information on Google’s use of data can be found in their privacy policy. For Switzerland, if you consent to processing by Google, you consent at the same time to your data being transferred to the USA in accordance with Art. 17 FADP.

b) Google AdWords Conversion Tracking (incl. Remarkting-Pixel)

We use Google Conversion Tracking and Remarketing on our website by means of pixel tags of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter “Google”), in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. In the process, Google Adwords sets a cookie on your computer (see section 4) if you have accessed our website via a Google ad. Data processing by Google AdWords is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time via the Consent Management Tool.

These cookies lose their validity after 100 days. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. In addition, we have concluded an order processing contract with Google for the use of Google AdWords. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

Each AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have chosen conversion tracking. We learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally disables the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain.

We use the remarketing function. This allows us to send out ads based on your previous user or browsing behaviour.

The information generated by the cookies and pixel tags set by Google AdWords Conversion Tracking about the use of our website is transmitted to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. Google has a TADPF certification for this third country transfer. For Switzerland, if you consent to processing by Google, you consent at the same time to your data being transferred to the USA in accordance with Art. 17 FADP.

Further information on data protection in connection with Google AdWords Conversion Tracking can be found, for example, in the Google Analytics-Help. Information on Google’s use of data can be found in their privacy policy.

In addition, you can prevent data processing for the purpose of displaying interest-based advertising via Google’s Ads Settings Manager.

Google’s privacy policy on conversion tracking can be found here.

c) Google Marketing Platform (Google DoubleClick)

We use on the basis of your consent, 6 (1) (a) GDPR on our website the Google Marketing Platform, a web analytics and advertising service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

  • Browser-Type/-Version,
  • used Operating System,
  • Referrer-URL (the previously visited page),
  • Host name of the accessing computer (IP-Address),
  • Time of the server request,

is transferred to a Google server in the USA and stored there. We have concluded order processing agreements with Google. Through this agreement, Google assures that they process the data in accordance with our instructions and ensure the protection of the rights of the data subject.

The information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

You can also make settings for the display of interest-based advertising by DoubleClick via Google’s ad settings manager.

Further information on data protection in connection with the Google Marketing Platform can be found here.

DoubleClick collects and analyses information in order to optimize advertising. The technologies used enable us to target you with individually interest-based advertising. For example, we record which of our contents you were interested in. Based on this information, we can also show you offers on third-party sites that are specifically targeted to your interests, as determined by your previous user behaviour. The collection and analysis of your user behaviour is exclusively pseudonymous and does not allow us to identify you. The user data collected via cookies is automatically deleted after 24 months.

The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transferred to Google servers in the USA and processed there. Google has a TADPF certification for this third country transfer. For Switzerland, if you consent to process by Google, you consent at the same time to your data being transferred to the USA in accordance with Art. 17 FADP.

You can revoke or adjust your consent at any time with effect for the future.

d) LinkedIn Insight-Tag

On our website, we use the analysis and conversion tracking technology of the platform LinkedIn Inc. (2029 Stierlin Ct, Mountain View, CA 94043, USA, hereinafter “LinkedIn”). We use the service based on your consent in accordance with 6 (1) (a) GDPR. You can revoke your consent for the future at any time via the Consent Management Tool.

With LinkedIn’s aforementioned technology, you can be shown more relevant ads based on your interests. Furthermore, LinkedIn provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. For this purpose, LinkedIn uses a Javascript code (Insight tag), which in turn places a cookie (see number 4) in your web browser or uses a pixel.

The LinkedIn Insight tag collects data about the use of our website, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views. Data collected via the LinkedIn Insight tag is encrypted and anonymized within 7 days. The anonymized data is deleted within 180 days. LinkedIn does not share any personal data with the website owner but only provides aggregate reports on website audience and ad performance.

In connection with the use of LinkedIn Insight Tag, the collected information is also processed on servers of LinkedIn Inc. in the USA.

The information generated by the cookies set by LinkedIn Insight-Tag about the use of our website is transmitted to servers in the USA and processed there (see section 3 h). The transmitted data are only pseudonyms, a connection to your name is not possible. LinkedIn relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to the EU or the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP). 

You can find more information about privacy at LinkedIn here.

6. Customer Relation Management with Freshdesk and Freshchat

To accept and manage contact requests, we use the customer service system Freshdesk, a service of Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA. When contacting us (via contact form or email), your information is stored in Freshdesk for processing the contact request and its handling.

Furthermore, we use the tool Freshchat, which is also a service of Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA, to quickly and easily contact us. Through “Freshchat”, you can communicate with us via live chat without providing any personal information of your own. When using the live chat, the chat history and your IP address will be transmitted to “Freshworks”.

From the data processed during the use of “Freshchat”, user profiles can be created under a pseudonym. For this purpose, cookies (see section 4.) can be used to recognize the user. The data collected by Freshchat will not be used to personally identify the visitor to our website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym.

The processed data may be transferred to servers in the USA and other insecure third countries and processed there (see section 3 e). Freshworks relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to the EU or the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP).

The corresponding data processing takes place on the basis of Art. 6 (1) (b) GDPR and may be necessary for the implementation of the contract with you or for pre-contractual measures. In addition, the data processing is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate economic interest lies in optimizing the management of contact requests and improving customer care in order to provide our services.

You can find more information about data protection at Freshworks here.

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from German Commercial Code, German Criminal Code or Fiscal Code of Germany), will be automatically deleted after the statutory retention period.

7. Google Meet

We use Google Hangouts / Meet (hereinafter “Google Meet”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. Google Meet is a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). When selecting third-party providers and their services, we observe the legal requirements.

In this context, data of the communication participants is processed and stored on Google’s servers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents. If users are referred to Google Meet in the course of communication, business or other relationships with us, Google Meet may process usage data and metadata for security, service optimization or marketing purposes.

optilyz has concluded an order processing contract with Google for the use of Google. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

The corresponding data processing takes place on the basis of Art. 6 (1) (b) GDPR and may be necessary for the implementation of the contract with you or for pre-contractual measures. In addition, the data processing is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate economic interest lies in the improvement of customer care for the provision of our services.

You can find more information about “Google” and Google privacy here.

The information generated by the cookies set by Google Meet about the use of our website is transmitted to servers in the USA and processed there (see section 3 h). The transmitted data are only pseudonyms, a conclusion to your name is not possible. Google Meet invokes standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable with the EU or the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP).

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after the completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from HGB, StGB or AO), will be automatically deleted after the statutory retention period has expired.

8. Microsoft Teams

We use Microsoft Teams, of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter Microsoft Teams) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings. The data processing is carried out in accordance with Art. 6 (1) (b) GDPR for the fulfilment of contractual obligations.

In this context, data of the communication participants is processed and stored on the servers of Microsoft Teams, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents. If users are referred to Microsoft Teams in the course of communication, business or other relationships with us, Microsoft Teams may process usage data and metadata for security, service optimization or marketing purposes.

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from HGB, StGB or AO), will be automatically deleted after the statutory retention period.

Microsoft Teams transfers and processes your data in the USA. Microsoft has a TADPF certification for this third country transfer or acts on the basis of the standard contractual clauses adapted according to Swiss requirements (Art. 16 para. 2 lit. d FADP) or consent (Art. 17 para. 1 lit. a FADP).

9. Data subject rights

You have the right:

  • to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • in accordance with Art. 15 GDPR or Art. 25 FADP to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR or Art. 32 FADP to immediately demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR or Art. 32 FADP to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR or Art. 28 FADP, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR or Art. 32 FADP. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
  • For Switzerland the right to object in accordance with Art. 30 para 3 lit. b FADP applies.

10. Information about your right to object according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR (processing of data on the basis of a balance of interests); this also applies to Art 4 No. 4 GDPR profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your objection is directed against the processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct advertising.

If you wish to exercise your right to object, simply send an email to datenschutz@optilyz.com.

11. Data security

All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s to the http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

12. Current status and modification of this privacy policy

This privacy policy is currently valid and has the status October 2023.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print out the current data protection declaration at any time on the website at

https://optilyz.com/privacy-policy