DATA PROTECTION

Thank you for your interest in SKYSEED. We take the protection of your personal data seriously. This privacy policy explains what data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable German law.

1. Definitions

This privacy policy uses the terminology defined in the GDPR to ensure clarity and legal consistency.
‍Personal data: Any information relating to an identified or identifiable natural person.
‍Data subject: A natural person whose personal data is processed.
‍Processing: Any operation performed on personal data, such as collection, storage, or deletion.
‍Restriction of processing: Marking stored personal data to limit future use.
‍Profiling: Automated processing to evaluate aspects of a person, such as behaviour or preferences.
‍Pseudonymization: Processing data in a way that it cannot be linked to a specific person without additional information.
‍Controller: The party determining how and why personal data is processed.
‍Processor: A party processing data on behalf of the controller.
‍Recipient: A party to whom personal data is disclosed.
‍Third party: Anyone other than the data subject, controller, or processor.
‍Consent: A clear affirmative action indicating agreement to data processing.

2. Controller Contact

SKYSEED GmbH, Rollbergstraße 28a, 12053 Berlin, Germany, is the controller within the meaning of the GDPR. You can reach us by phone at +49 1522 1582331 or via email at simon@skyseed.eco. Further information is available on our website at www.skyseed.eco 

3. Data Collection on Our Website

When you access the website of SKYSEED, a series of general data and information is collected automatically and stored in the server log files. This may include the browser types and versions used, the operating system used by the accessing device, the website from which an accessing system reaches our website (so-called referrer), the sub-pages accessed on our site, the date and time of access, an Internet Protocol (IP) address, the Internet service provider of the accessing system, and other similar data and information that serve to prevent danger in the event of attacks on our IT systems.
SKYSEED does not use this information to draw conclusions about the individual concerned. Rather, the data is required to (1) correctly deliver the content of our website, (2) optimise the content and advertising of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information in the event of a cyberattack.
This data is therefore analysed statistically and with the aim of increasing data protection and data security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

4. Data Retention

The personal data of data subjects is processed and stored by SKYSEED only for the period necessary to achieve the purpose of storage or as far as this is granted by European or national legislators in laws or regulations to which SKYSEED is subject.
If the purpose of storage no longer applies, or if a storage period prescribed by European or national legislation expires, the personal data is routinely blocked or deleted in accordance with legal requirements. Blocking may occur instead of deletion where legal obligations (e.g. commercial or tax law retention requirements) prevent immediate deletion.
We regularly review the necessity of data retention and ensure that data is not kept longer than required. The data will be erased or anonymised as soon as it is no longer required for the purposes for which it was collected, unless further retention is required to comply with a legal obligation, for the establishment, exercise or defence of legal claims, or for reasons of public interest.

5. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
‍a) Right to Confirmation You have the right to request confirmation as to whether or not personal data concerning you is being processed.
‍b) Right to Access You have the right to obtain information about the personal data we hold about you, including the purposes of processing, the categories of data concerned, the recipients to whom the data has been disclosed, and the envisaged period of storage. You may also request a copy of your data.
‍c) Right to Rectification If the data we process is incorrect or incomplete, you have the right to request that we correct or complete this data without undue delay.
‍d) Right to Erasure ("Right to be Forgotten") You may request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected, if you withdraw consent, if you object to processing and there are no overriding legitimate grounds, or if processing was unlawful or required by legal obligation.
‍e) Right to Restriction of Processing You may request that we restrict the processing of your personal data under certain circumstances—for example, if you contest the accuracy of the data or if the data is no longer needed but you require it for legal claims.
‍f) Right to Data Portability You may request that we provide the data you have submitted to us in a structured, commonly used, and machine-readable format so that it can be transferred to another controller, where technically feasible.
‍g) Right to Object You may object at any time to the processing of your personal data on grounds relating to your particular situation, especially where the data is processed on the basis of Art. 6(1)(e) or (f) GDPR. If your data is used for direct marketing, you may object at any time without the need to justify your decision.
‍h) Right to Withdraw Consent If we process your data based on your consent, you may withdraw this consent at any time. The withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
‍i) Right to Lodge a Complaint with a Supervisory Authority You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the GDPR. In Berlin, the competent authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Phone: +49 30 13889-0
Fax: +49 30 2155050
To exercise your rights, please contact us using the details provided in Section 2.

6. Data Protection for Applications and in the Application Process

We collect and process the personal data of applicants for the purpose of conducting the application process. The processing may take place electronically. This is particularly the case if an applicant submits corresponding application documents to us by electronic means, for example, via email or through a web form on our website.
If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in accordance with legal requirements.
If no employment contract is concluded, the application documents will be automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. A legitimate interest in this context may include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

7. Protection of Minors

The protection of children's privacy is important to us. We do not knowingly collect or process personal data from persons under the age of 16. In general, we are not able to determine the age of users visiting our website and therefore do not implement specific verification measures.
We do not intentionally target or address our services to children. If we become aware that we have inadvertently collected personal data from a child without the required consent of a parent or legal guardian, we will promptly delete such data from our records.
We recommend that parents and guardians actively supervise their children’s online activities and help enforce this policy by instructing their children never to provide personal data on our website without their permission.

8. Email Contact

If you contact us via the email addresses provided on our website, we will store and process the personal data you submit, such as your name, email address, and message content, for the purpose of handling your inquiry. The legal basis for this processing is Art. 6(1)(b) GDPR, as the communication typically relates to the initiation or performance of a contract.
Your data will be stored only as long as is necessary to respond to your inquiry and to meet any follow-up obligations. As a general rule, inquiry-related data is kept for 12 months unless a different purpose arises from the communication (e.g. an offer, order, or contractual relationship), or unless legal or contractual retention obligations apply.

9. Cookies

Our website uses cookies. Cookies are small text files that are stored in your browser or on your device when you visit a website. They help us provide certain functionalities, improve user experience, and analyse website traffic.
When you visit our website, a banner informs you about the use of cookies and gives you the option to consent to non-essential cookies. The legal basis for the processing of data through cookies depends on the type of cookie used:
‍Art. 6(1)(a) GDPR applies where we use cookies that require your explicit consent, such as for analytics or marketing purposes.
‍Art. 6(1)(f) GDPR applies where cookies are strictly necessary for the operation of the website and do not require consent.

We use the following types of cookies:
‍Session cookies: These are temporary cookies that are deleted when you close your browser. They allow us to recognise your browser during a single session.
‍Persistent cookies: These remain stored on your device for a set period or until you delete them manually. They allow us to remember your preferences or actions across multiple sessions.
‍Essential cookies: These are necessary for the website to function properly. Without these cookies, certain features (e.g. form submissions or language settings) would not work correctly.
You can configure your browser to block some or all cookies or to notify you before a cookie is stored. Disabling cookies may affect the functionality and availability of certain services on our website. You can also delete cookies manually from your browser at any time.
If you have given consent to the use of certain cookies and later wish to withdraw it, you can change your preferences through the cookie banner or in your browser settings. Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

10. Third-Party Tools and Services

Our website integrates services and functionalities provided by third-party companies. These integrations may involve the transfer of certain data to external providers and are used to improve the design, performance, and communication capabilities of our digital offerings. The following outlines the key tools and services used:

‍Instagram
‍We use components of the Instagram service on our website. Instagram is an audiovisual platform that enables users to share photos and videos and distribute this content through other social networks. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When a user visits a page on our website containing an Instagram plugin, the browser is automatically prompted to download content from Instagram. This informs Instagram of which specific sub-page of our site the user is visiting. If the user is logged into Instagram at the time, this interaction is recorded and associated with their personal Instagram account. If the user does not want this data to be transmitted to Instagram, they must log out of their account before visiting our site. Further information is available in Instagram’s privacy policy:
‍https://www.instagram.com/about/legal/privacy/ 

‍LinkedIn
‍We also use social plugins from LinkedIn, operated by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you visit a page on our website that contains a LinkedIn component, your browser connects directly to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn button and are logged into your LinkedIn account, LinkedIn can associate your visit with you and your user account. If you do not wish LinkedIn to associate this information, please log out of your LinkedIn account before accessing our site.
LinkedIn also uses third-party providers and tracking tools that may place cookies on your device. These cookies can be managed or rejected at https://www.linkedin.com/legal/cookie-policy. For further information, visit LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. 

‍Plausible Analytics
‍We use the privacy-friendly web analytics service Plausible Analytics, provided by OÜ Plausible Insights, Västriku tn 2, Tartu 50403, Estonia. Plausible does not use cookies and does not collect personal data. The service operates in accordance with the principles of data minimisation and transparency. No user profiles are created, and no personal identifiers such as IP addresses are stored. For more information, see: https://plausible.io/data-policy. 

‍Webflow
‍This website is hosted using Webflow’s Content Delivery Network (CDN), a service provided by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. The CDN replicates parts of the website to distributed servers to improve loading times, availability, and protection against brute-force attacks. As part of this process, anonymised IP addresses may be temporarily stored on Webflow servers for up to 24 hours. No personal data is stored or tracked by Webflow beyond this purpose. Webflow is certified under the EU-U.S. Data Privacy Framework. Their current privacy policy is available at: https://webflow.com/legal/eu-privacy-policy. 

‍Pipedrive
‍We use Pipedrive as our customer relationship management (CRM) system. Pipedrive is provided by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. When you contact us via forms or email, your contact details may be processed and stored in Pipedrive to manage inquiries and maintain customer relationships. The legal basis for this processing is Art. 6(1)(b) GDPR for contract-related communication and Art. 6(1)(f) GDPR for our legitimate interest in efficient customer service. Pipedrive's privacy policy is available at: https://www.pipedrive.com/en/privacy

11. Legal Basis of Processing

We process your personal data only when we have a valid legal basis to do so under the GDPR. These legal bases vary depending on the specific context and purpose of processing:
‍Art. 6(1)(a) GDPR – Consent: When you explicitly give us permission to process your personal data for a specific purpose, such as subscribing to a newsletter or consenting to analytics cookies, we rely on your consent. You can withdraw this consent at any time with future effect.
‍Art. 6(1)(b) GDPR – Performance of a Contract: If you contact us with the intention of entering into a contract, or if you are already our customer, we process your data as necessary to carry out pre-contractual measures or to fulfil our contractual obligations, such as responding to inquiries, delivering services, or invoicing.
‍Art. 6(1)(c) GDPR – Legal Obligation: In some cases, we are required to process personal data to comply with legal obligations. This includes, for example, obligations under tax law, commercial law, or employment law.
‍Art. 6(1)(d) GDPR – Vital Interests: Though rare in our context, we may process personal data to protect the vital interests of a person—for instance, in an emergency where health or safety is at risk and we must share information with medical personnel.
‍Art. 6(1)(f) GDPR – Legitimate Interests: We may also process your data when it is necessary for the purposes of our legitimate interests, provided that your interests or fundamental rights and freedoms do not override these. This may include IT security, website optimisation, fraud prevention, or maintaining business operations and customer communications.

12. Legitimate Interests

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business activities in favor of the well-being of all our employees and shareholders. We ensure that any such processing is proportionate and respects the fundamental rights and freedoms of the data subjects involved.

13. Data Retention Periods

We retain personal data only as long as necessary to fulfil the purpose for which it was collected or to meet legal obligations. If the purpose for storage no longer applies, or if a legal retention period expires, the data is routinely deleted or blocked in accordance with the statutory provisions.

14. Mandatory Data Provision

In certain cases, the provision of personal data is required by law (e.g. tax regulations) or may result from contractual arrangements (e.g. information necessary to conclude a contract). It may also be necessary for entering into a contract that a data subject provides us with personal data that is subsequently processed by SKYSEED.Failure to provide the required personal data may result in us being unable to conclude or perform a contract with the data subject. If you are uncertain whether the provision of personal data is legally or contractually required, or necessary for a contractual relationship, you are welcome to contact us. We will clarify on a case-by-case basis whether providing the personal data is obligatory and what consequences may arise from not providing it.

15. Automated Decision-Making and Profiling

As a responsible company, SKYSEED does not use automated decision-making, including profiling, as referred to in Article 22 GDPR. This means we do not make decisions based solely on automated processing that would have legal effects on you or similarly significantly affect you.
Should this change in the future, we will ensure that such processing complies with all legal requirements and that affected individuals are informed accordingly and can exercise their rights under the GDPR.
This privacy policy was originally created using the generator provided by DGD Deutsche Gesellschaft für Datenschutz GmbH in cooperation with Cologne-based data protection lawyer Christian Solmecke and has since been adapted for SKYSEED’s specific use.

16. Data Security

SKYSEED takes appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are tailored to the level of risk and are based on the current state of technology and the nature of the processing.
Our safeguards include secure data storage, access controls, and internal procedures to ensure data security. We regularly review and update these measures to keep pace with technical developments.