Data Protection Information

– www.optilyz.com –

In the course of using this website, personal data of you will be processed by us as the data controller and stored for the duration required to fulfill the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

Personal data is, according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person (hereinafter “data subject or user”).

1. Name and Contact details of the Controller

This data protection information applies to the processing of data on the website www.optilyz.com by the responsible party:

optilyz GmbH

Neue Schönhauser Str. 19

10178 Berlin

(hereinafter „optilyz“)

External data protection officer

ePrivacy GmbH

represented by Prof. Dr. Christoph Bauer

Große Bleichen 21, 20354 Hamburg

Email: service@eprivacy.eu 
Telephone: +49 (0)40 609451 810

For all questions regarding data protection concerns, you can contact us and our data protection officer via datenschutz@optilyz.com.

If you have a particularly sensitive request, please contact our data protection officer by mail, as communication by e-mail can always have security gaps.

2. Processing of Personal data and Purpose of Processing

a) Webhosting

For the provision of this wesbite we use the web hosting service Amazon Web EMEA Sàrl, 5 rue Plaetis, 2338 Luxemburg, Luxemburg (hereinafter „AWS“).

The commissioning of a web hosting service is necessary for the offer of a website. The use of AWS takes place according to art. 6 (1) (f) GDPR due to our legitimate economic interest to provide our offer on this website. In connection with the hosting, AWS processes personal data on our behalf, which is generated during the use of the website.

We have concluded a data processing agreement with AWS. Through this agreement, the web honsting provider assures that it processes the data in accordance with the GDPR and ensures the protection of the rights of the data subject. AWS stores and processes data in the USA. Only pseudonyms are transmitted. It is not possible to draw conclusions about your person. We have concluded standard contractual clauses approved by the EU Commission with AWS. Standard contractual clauses represent suitable guarantees to compensate for the deficit in the level of data protection in the USA. For more information on the transfer of data to unsafe third countries, see section 3e).

b) When visiting the Website

You can access the website www.optilyz.com, without having to disclose any information about your identity. The browser used on your terminal device only automatically sends information to the server of our website (e.g. date and time of access, name and URL of the file accessed, browser type and version, website from which access is made (referrer URL)).

This also includes the IP address of your requesting end device. The IP-Address is temporarily stored in a so-called log file and is automatically deleted after 2 weeks:

The IP address is processed for technical and administrative purposes of connection establishment and stability, to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.

The legal basis for the processing of the IP address is art. 6 (1) (f) GDPR. Our legitimate interest follows from the mentioned security interest and the necessity of a trouble-free availability of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.

In addition, we use cookies and pixel tags as well as analysis services when you visit our website. You can find more detailed explanations of this in sections 4 and 5 of this data protection information.

c) When subscribing to our newsletter

If you have explicitly consented in accordance with art. 6 (1) (a) GDPR, we will use your e-mail address to send you our newsletter on a regular basis. For the receiving of the newsletter, the specification of an e-mail address is sufficient.

You can unsubscribe at any time by clicking on the “Unsubscribe” link at the end of the newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to datenschutz@optilyz.com.

We use the service of Prospect.io, Rue des Péres Blancs 4, 1040 Brussels, Belgium (hereinafter „Prospect.io“). We have concluded an order processing contract with Prospect.io.

d) When using the contact form

We offer you the possibility to send us a contact request via the contact form provided online so that we can contact you personally. Here we collect the following mandatory information:

  • name,

  • business e-Mail-adress and

  • your phone number.

The aforementioned data are necessary so that we know from whom the request originates and to be able to contact you personally.

This data processing is carried out in the context of answering the contact request on the basis of our legitimate interest pursuant to art. 6 (1) (f) GDPR.

The personal data collected by us for the use of the contact form will be deleted as soon as your inquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations.

In order to provide the contact form, we transmit data to Zapier (see section 3b).

e) To create a Customer Log-In

There is a log-in area on our website. In this area you can view and manage your campaigns. To log in, we require a valid e-mail address. In addition, we process the name of the contact person and, if applicable, a telephone number. We need this data to identify you and to be able to assign the respective campaigns to a customer. We process your data on the basis of our legitimate interest according to art. 6 (1) (b) GDPR. The processing of personal data is necessary for the performance of the contract between you and us.

f) When booking a demo, case study or using other services.

Through a contact form on our website you can book a demo about our products. Through our website it is also possible to book case studies or use other services. To do this, you must provide your name, phone number and an e-mail address. We need the data to contact you regarding the demo. The data processing is carried out according to art. 6 (1) (b) GDPR for the fulfillment of contractual obligations.

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from German Commercial Code, German Criminal Code or Fiscal Code of Germany), will be automatically deleted after the statutory retention period.

3. Disclosure of personal data

a) Transmission to Salesforce Sales Cloud

We use the Salesforces Sales Cloud by Salesforce Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, US (hereinafter “Sales Cloud”). Sales Cloud is a customer relationship management (CRM) system. We use the Sales Cloud for customer care. For this purpose, we process customer data. We describe the legal basis of the respective processing in the respective processing purposes described in section 2.

Sales Cloud processes your personal data in the USA. Salesforce Inc. has introduced so-called binding corporate rules in accordance with art. 47 GDPR. These rules have been approved by the EU Commission and are binding for all companies of the Salesforce Group. The binding internal data protection rules constitute suitable safeguards for the transfer to the USA (see section 3e).

b) Zapier

We use the services of Zapier Inc, 548 Market St. #62411, San Francisco, CA 94104, USA (hereinafter “Zapier”), among other things, to display contact forms (see section 2d) or other functions. We describe the legal basis of the respective processing in the respective processing purposes described in section 2.

Zapier transmits and stores the data on servers in the USA. We have entered into a contract with Zapier for commissioned processing involving the standard contractual clauses approved by the EU Commission.The conclusion of the standard contractual clauses provides appropriate safeguards pursuant to Article 46 (1) of the GDPR (see section 3e).

c) Typeform

We use the service provider TYPEFORM S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain (hereinafter: Typeform) to create web forms on our website for certain requests (see section 2d).

Typeform processes the data on our behalf on the basis of a data processing agreement. This ensures that Typeform only processes data in accordance with applicable data protection law.

You can find more information about Typeform’s privacy policy here.

d) Disclosure of personal data to third parties

We only transfer personal data to third parties if the following requirements are fulfilled:

  • you have given your explicit consent to this pursuant to art. 6 (1) (a) GDPR,

  • as far as this is legally permissible and necessary according to art. 6 (1) (b) GDPR for the processing of contractual relationships with you,

  • in the event that a legal obligation exists for the disclosure pursuant to art. 6 (1) (c) GDPR or

  • insofar as this is legally permissible and necessary to protect our interests or those of third parties pursuant to art. 6 (1) (f) GDPR.

The data disclosed may be used by the third party exclusively for the purposes stated.

e) Transfer of personal data to third countries

A transfer of personal data to a third country or an international organization will only take place if we inform you about it and the requirements of art. 44 et seq. GDPR are given.

A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered to be insecure if the EU Commission has not issued an adequacy decision for that country pursuant to art. 45 (1) GDPR confirming that adequate protection for personal data exists in the country.

The USA is a so-called unsafe third country. This means that the USA does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the U.S.: There is a risk that U.S. authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal protection against these accesses in the U.S. or the EU.

We inform you in this privacy information when and how we transfer personal data to the USA or other unsecure third countries. We only transfer your personal data if

  • sufficient guarantees are provided by the recipient in accordance with art. 46 GDPR for the protection of the personal data,

  • you have explicitly consented to the transfer, after which we have informed you of the risks, in accordance with art. 49 (1) GDPR,

  • the transfer is necessary for the fulfillment of contractual obligations between you and us

  • or another exception from art. 49 GDPR applies.

Guarantees according to art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to ensure a level of protection comparable to the GDPR.

4. Cookies and similar functions

We use cookies and similar functions on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

In the cookie, information is stored that occurs in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

We also use functions similar to cookies, such as pixel tags, tracking pixels or beacon trackers, as part of our online offering. Pixels are small graphics that are integrated via the HTML code of our site. The pixel tag itself does not store or change any information on your end device, so pixels do not cause any damage to your end device and do not contain viruses, Trojans or other malware.

The use of cookies or similar functions (hereinafter “cookies”) serves on the one hand to make our offer technically available to you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website and to recognize whether you are already logged into your user account, as well as to offer services that you have requested. These are automatically deleted after you leave our site. These cookies are considered technically necessary. We may therefore set them without your prior consent. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests in the technical provision of our offer in accordance with art. 6 (1) (b) GDPR.

On the other hand, we use cookies as part of our offer to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time and are only set on the basis of your consent (see section 5).

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of even technically-required cookies may mean that you cannot use all the functions of our website.

a) Consent management with CookieFirst

To manage consent for the use of cookies and similar technologies, we use the consent management service of Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, the Netherlands, (hereinafter: CookieFirst) on our website. In this context, the date and time of the visit, browser information, consent information, device information, opt-in and opt-out data, and the anonymized IP address of the requesting device are processed. The legal basis for this is Art. 6 (1) (c) GDPR. The use of the CookieFirst tool serves to obtain and manage their legally required consents to data processing and is to be regarded as fulfillment of the legal obligation in the sense of the aforementioned provision. They can revoke their consent for the future at any time, also using the same tool.

b) Google Tag Manager

The Google Tag Manager of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) is used on our website. We use Google Tag Manager to manage the tools about which we provide information in this privacy policy. We list details regarding these tools separately in this information.

The Tag Manager itself (which implements the tags) triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

The personal data processed by Google Tag Manager is transferred to servers in the USA and processed there. The transmitted data are only pseudonyms, an identification of your name is not possible. We have concluded a contract with Google incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3e on data transfer to the USA).

You can find more information about Google Tag Manager here.

5. Webanalysis

The tracking and targeting measures listed below and used by us are based on your consent pursuant to art. 6 (1) (a) GDPR. You can revoke your consent at any time for the future via our consent management tool (CookieFirst). You can access the consent management tool at any time via the blue and white fluted circle in the lower left corner of the website.

With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is geared to your actual or presumed interests.

The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

a) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). In this context, pseudonymous usage profiles are created and cookies are used (see section 4).

The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there.

The use of Google Analytics is based on your consent pursuant to 6 (1) (a) GDPR. You can revoke your consent at any time via the consent management tool. Google processes the information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage for the purposes of market research and tailoring these internet pages to your needs.

We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address is not merged with other data from Google.

We do not use the Universal Analytics with User ID offered by Google.

If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf.

The user data collected via cookies is automatically deleted after 14 months.

The information generated by the cookies set by Google Analytics about the use of our website is transferred to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. We have concluded a contract with Google incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3e on data transfer to the USA).

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics-Help. Information on Google’s use of data can be found in their  privacy policy.

b) Google AdWords Conversion Tracking (incl. Remarkting-Pixel)

We use Google Conversion Tracking and Remarketing on our website by means of pixel tags of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. In the process, Google Adwords sets a cookie on your computer (see section 4) if you have accessed our website via a Google ad.

These cookies lose their validity after 100 days. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. In addition, we have concluded an order processing contract with Google for the use of Google AdWords. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

Each AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have chosen conversion tracking. We learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally disables the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain.

We use the remarketing function. This allows us to send out ads based on your previous user or browsing behavior.

The information generated by the cookies and pixel tags set by Google AdWords Conversion Tracking about the use of our website is transmitted to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. We have concluded a contract with Google incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3e on data transfer to the USA).

Further information on data protection in connection with Google AdWords Conversion Tracking can be found, for example, in the Google Analytics-Help. Information on Google’s use of data can be found in their  privacy policy.

In addition, you can prevent data processing for the purpose of displaying interest-based advertising via Google’s Ads Settings Manager.

Google’s privacy policy on conversion tracking can be found here.

c) Google Marketing Platform (Google DoubleClick)

We use on the basis of your consent, 6 (1) (a) GDPR on our website the Google Marketing Platform, a web analytics and advertising service of Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

•    Browser-Type/-Version,    

•    used Operating System,

•    Referrer-URL (the previously visited page),

•    Host name of the accessing computer (IP-Adress),

•    Time of the server request,

is transferred to a Google server in the USA and stored there. We have concluded order processing agreements with Google. Through this agreement, Google assures that they process the data in accordance with our instructions and ensure the protection of the rights of the data subject.

The information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

You can also make settings for the display of interest-based advertising by DoubleClick via Google’s ad settings manager.

Further information on data protection in connection with the Google Marketing Platform can be found here.

DoubleClick collects and analyzes information in order to optimize advertising. The technologies used enable us to target you with individually interest-based advertising. For example, we record which of our contents you were interested in. Based on this information, we can also show you offers on third-party sites that are specifically targeted to your interests, as determined by your previous user behavior. The collection and analysis of your user behavior is exclusively pseudonymous and does not allow us to identify you. The user data collected via cookies is automatically deleted after 24 months.

The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. The USA are so-called unsafe third countries (see also section 3 e). This means that there is no adequacy decision of the European Commission for the USA. Your data is therefore not subject to a level of data protection in the USA comparable to that in the EU.

Google relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable with the EU. We transfer data to Google only on the basis of your consent.

You can revoke or adjust your consent at any time with effect for the future. 

d) Hotjar

Furthermore, we use the analysis service Hotjar of Hotjar Ltd. (St Julian’s Business Centre 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, hereinafter: “Hotjar”) on our site. Hotjar is a tool for analyzing user behavior. Using Hotjar, we can measure, evaluate and track the behavior of visitors to our website, such as mouse movements, clicks and scroll height. We use Hotjar based on your consent according to 6 (1) (a) GDPR. You can revoke your consent at any time for the future.

For this purpose, Hotjar uses, among other things, cookies on the end devices of the site visitors (see section 4) and may store data of site visitors such as browser information, operating system, time spent on the site, etc. in anonymized form.

You can prevent this data processing by Hotjar by deactivating the use of cookies in your web browser settings and deleting cookies that are already active. Another way to prevent data processing by Hotjar is to activate the “Do-Not-Track” function in your browser. You can find out how to set this here.

For more information about Hotjar’s privacy policy, please see their privacy policy.

e) LinkedIn Insight-Tag

On our website, we use the analysis and conversion tracking technology of the platform LinkedIn Inc. (2029 Stierlin Ct, Mountain View, CA 94043, USA, hereinafter “LinkedIn”). We use the service based on your consent in accordance with 6 (1) (a) GDPR. You can revoke your consent for the future at any time via the Consent Management Tool.

With LinkedIn’s aforementioned technology, you can be shown more relevant ads based on your interests. Furthermore, LinkedIn provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. For this purpose, LinkedIn uses a Javascript code (Insight tag), which in turn places a cookie (see number 4) in your web browser or uses a pixel.

The LinkedIn Insight tag collects data about the use of our website, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views. Data collected via the LinkedIn Insight tag is encrypted and anonymized within 7 days. The anonymized data is deleted within 180 days. LinkedIn does not share any personal data with the website owner, but only provides aggregate reports on website audience and ad performance.

In connection with the use of LinkedIn Insight Tag, the collected information is also processed on servers of LinkedIn Inc. in the USA.

The information generated by the cookies set by LinkedIn Insight-Tag about the use of our website is transmitted to servers in the USA and processed there (see section 3e). The transmitted data are only pseudonyms, a connection to your name is not possible. LinkedIn relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to the EU.

You can find more information about privacy at LinkedIn here.

f) Analysis by SalesViewer®️

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH, Huestraße 30, 44787 Bochum, Germany (hereinafter: SalesViewer). The use of SalesViewer is based on your consent in accordance with 6 (1) (a) GDPR. You can revoke your consent at any time via the Consent Management Tool. For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.

The data stored as part of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

By using Salesviewer, data may be collected, processed, and stored, from which user profiles are created under a pseudonym. Cookies may be used for this purpose (see section 4.).

SalesViewer processes this data on our behalf. We have concluded an order processing agreement with SalesViewer in which SalesViewer undertakes to comply with the applicable data protection regulations. You can find more information about data protection in connection with SalesViewer here.

6. Customer Relation Management with Freshdesk and Freshchat

To accept and manage contact requests, we use the customer service system Freshdesk, a service of Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA. When contacting us (via contact form or e-mail), your information is stored in Freshdesk for processing the contact request and its handling.

Furthermore, we use the tool Freshchat, which is also a service of Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA, to quickly and easily contact us. Through “Freshchat”, you can communicate with us via live chat without providing any personal information of your own. When using the live chat, the chat history and your IP address will be transmitted to “Freshworks”.

From the data processed during the use of “Freshchat”, user profiles can be created under a pseudonym. For this purpose, cookies (see section 4.) can be used to recognize the user. The data collected by Freshchat will not be used to personally identify the visitor to our website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym.

The processed data may be transferred to servers in the USA and other insecure third countries and processed there (see section 3 e). Freshworks relies on standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to the EU.

The corresponding data processing takes place on the basis of art. 6 (1) (b) GDPR and may be necessary for the implementation of the contract with you or for pre-contractual measures. In addition, the data processing is based on our legitimate interests pursuant to art. 6 (1) (f) GDPR. Our legitimate economic interest lies in optimizing the management of contact requests and improving customer care in order to provide our services.

You can find more information about data protection at Freshworks here.

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from German Commercial Code, German Criminal Code or Fiscal Code of Germany), will be automatically deleted after the statutory retention period.

7. Google Meet

We use Google Hangouts / Meet (hereinafter “Google Meet”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. Google Meet is a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). When selecting third-party providers and their services, we observe the legal requirements.

In this context, data of the communication participants is processed and stored on Google’s servers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents. If users are referred to Google Meet in the course of communication, business or other relationships with us, Google Meet may process usage data and metadata for security, service optimization or marketing purposes.

optilyz has concluded an order processing contract with Google for the use of Google. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

The corresponding data processing takes place on the basis of art. 6 (1) (b) GDPR and may be necessary for the implementation of the contract with you or for pre-contractual measures. In addition, the data processing is based on our legitimate interests pursuant to art. 6 (1) (f) GDPR. Our legitimate economic interest lies in the improvement of customer care for the provision of our services.

You can find more information about “Google” and Google privacy here.

The information generated by the cookies set by Google Meet about the use of our website is transmitted to servers in the USA and processed there (see section 3e). The transmitted data are only pseudonyms, a conclusion to your name is not possible. Google Meet invokes standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable with the EU. If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from HGB, StGB or AO), will be automatically deleted after the statutory retention period has expired.

8. Microsoft Teams

We use Microsoft Teams, of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter Microsoft Teams) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. The data processing is carried out in accordance with art. 6 (1) (b) GDPR for the fulfillment of contractual obligations.

In this context, data of the communication participants is processed and stored on the servers of Microsoft Teams, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents. If users are referred to Microsoft Teams in the course of communication, business or other relationships with us, Microsoft Teams may process usage data and metadata for security, service optimization or marketing purposes.

If you have inquired about our products but have not concluded a contract with us, your personal data will be deleted after completion of the respective inquiry. If you are a customer of ours and your contact request is related to your contractual relationship, your data, in particular data relevant under tax and commercial law (from HGB, StGB or AO), will be automatically deleted after the statutory retention period.

Microsoft Teams transfers and processes your data in the USA. We have concluded an order processing agreement with Microsoft including the EU standard contractual clauses approved by the EU Commission. This ensures a level of data protection comparable to that in the EU. For more information on the processing of personal data in the USA, please refer to section 3e). More information about the processing by Microsoft Teams can be found here.

9. Google Fonts

For the uniform display of fonts, we use so-called web fonts, which are provided by Google. When you call up a website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must establish connections to Google’s servers. Through this, Google obtains knowledge that our website was called up via your IP address.

The information generated by the cookies set by Google Fonts about the use of our website is transmitted to Google servers in the USA and processed there (see section 3e). The transmitted data are only pseudonyms, an inference to your name is not possible. Google Fonts invokes standard contractual clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to that in the EU.

Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information about Google Web Fonts here and in Google’s privacy policy.

10. Data subject rights

You have the right:

  • to revoke your consent at any time in accordance with art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;

  • in accordance with art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  • in accordance with art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;

  • pursuant to art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

  • to request the restriction of the processing of your personal data in accordance with art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with art. 21 GDPR;

  • in accordance with art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, and

  • to complain to a supervisory authority in accordance with art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

11. Information about your right to object according to art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of art. 6 (1) (f) GDPR (processing of data on the basis of a balance of interests); this also applies to art 4 No. 4 GDPR profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your objection is directed against the processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct advertising.

If you wish to exercise your right to object, simply send an e-mail to datenschutz@optilyz.com.

12. Data security

All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s to the http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

13. Current status and modification of this privacy policy

This privacy policy is currently valid and has the status June 2021.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print out the current data protection declaration at any time on the website at

https://optilyz.com/privacy-policy/