(1) Below we inform you about the collection of personal data when using our website and our web application BrandPatrol.
(2) The term "personal data" means all data that can be related to you personally, e.g., name, address, email address, user behavior. The definitions of the General Data Protection Regulation (GDPR), especially Art. 4 GDPR, are decisive.
(3) For matters relating to Switzerland, the Swiss Data Protection Act (DSG) also applies. Terms such as "personal data," "processing," or "processor" are to be understood in the sense of both laws.
(4) We generally process personal data only to the extent necessary to provide our website, our SaaS services, or to fulfill a contract—or if consent has been given in accordance with Art. 6 para. 1 lit. a GDPR or another legal basis applies (Art. 6 para. 1 lit. b–f GDPR).
(5) Your data will be deleted as soon as the purpose of storage no longer applies, unless statutory retention obligations exist or further storage is necessary for contract fulfillment.
(6) If we use third-party providers or process data for analysis or marketing purposes, we will inform you in detail in the following sections.
The controller within the meaning of the GDPR is:
BrandPatrol GmbH
Managing Directors: Olaf Kopmann, Birger Krah
Mühlenhagen 130
20539 Hamburg
Germany
Email: hello@brandpatrol.io
Register court: Amtsgericht Hamburg
Commercial register number: (please add if already available)
An external data protection officer is not currently appointed. If you have any questions about data protection, please contact hello@brandpatrol.io.
(1) You have the following rights regarding your personal data:
(2) If you have given consent to the processing of personal data, you can revoke this consent at any time with effect for the future.
(3) You also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of your personal data. The competent supervisory authority for our company is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 20459 Hamburg
Email: mailbox@datenschutz.hamburg.de
Web: https://datenschutz-hamburg.de
(1) If you visit our website without actively transmitting information (informational use), we only collect the personal data that your browser automatically transmits to our server. These are:
(2) This data is stored in so-called log files. It is not merged with other personal data.
(3) The collection and storage of this data is technically necessary to display our website to you, ensure stability and security, and prevent misuse.
(4) An evaluation for marketing purposes does not take place as part of this data processing. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure provision of our website.
(5) The aforementioned data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected—usually after the end of the respective session.
(1) Our website uses cookies and similar technologies (hereinafter collectively referred to as "cookies"). Cookies are small text files that are stored on your device and contain information to recognize you on a later visit or to provide certain functions. Cookies cannot execute programs or transmit viruses.
(2) We use the following types of cookies:
(3) We use the Consent Management Platform (CMP) from Usercentrics to obtain your consent to the use of cookies and to document it in compliance with data protection regulations. When you access our website, you will see a corresponding notice. Consent is stored on the basis of Art. 6 para. 1 lit. c GDPR.
(4) The legal basis for the use of technically necessary cookies is Art. 6 para. 1 lit. f GDPR. For all other types of cookies, data processing is carried out exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give via the cookie banner and can revoke at any time.
(5) You can adjust your cookie settings at any time via the "Cookie Settings" footer link. You can also block or delete cookies via your browser settings. Please note that this may restrict the functionality of the website.
(1) In addition to the purely informational use of our website, we offer various services—including booking a trial access, contacting us via form, and using our BrandPatrol web application. This usually requires the provision of additional personal data.
(2) We process this data to provide the respective service, e.g., to process your request or to set up a user account. The general principles of data processing according to Sections I and IV of this privacy policy apply.
(3) We sometimes use external service providers for technical implementation (e.g., hosting, CRM, support). These service providers are carefully selected, contractually obligated in accordance with Art. 28 GDPR, and regularly monitored.
(4) If we offer services together with partners or pass on data to third parties (e.g., for payment processing or analysis), you will be informed separately—especially if these service providers are based outside the EU or EEA. Information on data transfer to third countries can be found in Section XIII of this privacy policy.
(1) If you contact us, e.g., by email or via our contact form, we process the personal data you provide. This includes in particular:
(2) This data is processed exclusively to handle your request and for technical security (e.g., abuse detection, spam prevention).
(3) The legal bases for processing are:
(4) Your data will not be passed on to third parties unless this is technically necessary for processing the request (e.g., hosting).
(5) Your data will be deleted as soon as it is no longer required to achieve the purpose—typically after your request has been processed, unless statutory retention obligations prevent this.
(6) You can object to the processing of your personal data at any time. In this case, however, your request cannot be processed further.
(1) If you subscribe to our newsletter, we will regularly inform you by email about news regarding BrandPatrol, product developments, specialist articles, and relevant industry topics.
(2) Only your email address is required to register. Providing additional data (e.g., name) is voluntary and serves only for personalized addressing.
(3) We use the so-called double opt-in procedure. After registration, you will receive an email in which you must confirm your consent. Only after this confirmation will your email address be used for sending the newsletter.
(4) When registering, we also store your IP address and the time of registration and confirmation. This data serves as proof of your consent and to clarify possible misuse.
(5) The newsletter is sent on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time, e.g., via the unsubscribe link at the end of each newsletter email.
(6) We may use external service providers for sending the newsletter. These are carefully selected, contractually obligated in accordance with Art. 28 GDPR, and may only process the data within the scope of our instructions.
(7) After you unsubscribe, your data will be deleted from the active mailing list. Storage may continue for up to 3 years for legal reasons (e.g., proof of consent), but only for this purpose and in a blocked form.
(1) We operate a blog on our website where we regularly publish articles on brand management, consistency, AI-based audits, and current developments at BrandPatrol.
(2) The content of the blog can be read without registration or login. If you wish to comment on posts (if this function is enabled), we require personal data such as name and email address. This information is processed solely for the display and technical provision of the comment.
(3) The legal basis for processing the data you provide in the context of the comment function is Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest in a moderated, constructive exchange).
(4) You can revoke your consent at any time and object to the processing. Comments and the associated data can be deleted at any time upon request—please contact us at hello@brandpatrol.io.
(5) If the comment function is not active, no personal data is processed in connection with the blog.
(1) You can apply to us on your own initiative or for advertised positions—e.g., by email or via an application form, if provided. We process the personal data you provide, e.g.:
(2) We process your data exclusively for the purpose of carrying out the application process. The legal basis is Art. 6 para. 1 lit. b GDPR (initiation of an employment relationship) or Art. 6 para. 1 lit. f GDPR (legitimate interest in a structured selection process).
(3) Data is not passed on to third parties. All data is processed exclusively internally or stored on our systems hosted in Germany.
(4) If no employment relationship is established, your data will be deleted no later than four weeks after the end of the application process—unless you have expressly consented to longer storage (e.g., for a talent pool) or statutory retention obligations exist.
(5) You can withdraw your application at any time and object to the processing. Please send an email to hello@brandpatrol.io.
(1) To use certain functions of our BrandPatrol web application (e.g., free trial access, analysis dashboards, consistency checks), registration is required. We process the following personal data:
(2) The processing of this data serves to set up and manage your user account, authenticate you, and technically provide our services.
(3) The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment) or Art. 6 para. 1 lit. a GDPR (consent), if additional voluntary information is provided.
(4) You can end your registration at any time by deleting your user account or sending an email to hello@brandpatrol.io. Your data will be deleted in this case, unless statutory retention obligations prevent this.
(5) The data provided during registration is also used to inform you of important changes (e.g., technical adjustments, feature updates, or legally relevant notices).
(6) Data is only passed on to third parties if this is necessary for contract fulfillment (e.g., payment service providers, hosting). All third-party providers are integrated in compliance with data protection regulations (see Sections XV and XVI).
(1) The BrandPatrol web application is operated on servers of the following providers:
(2) Where possible, your personal data is stored exclusively on servers within the European Union. In some cases, however, processing on servers in so-called third countries, especially the USA, cannot be ruled out.
(3) Render and Supabase may have access to connection data, among other things, if this is necessary for technical provision, maintenance, or error analysis. Both providers are contractually bound as processors in accordance with Art. 28 GDPR.
(4) Data transfers to third countries only take place under the following conditions:
(5) Further information on the providers used can be found in Section XVI ("External Tools and Services").
(1) If you book paid services on our website (e.g., a subscription for BrandPatrol), we process the personal data required for this. This includes in particular:
(2) Data processing is carried out to execute and process the contractual relationship in accordance with Art. 6 para. 1 lit. b GDPR. The legal basis for voluntary information or marketing consents is Art. 6 para. 1 lit. a GDPR.
(3) Without processing your data, it is not possible to conclude a contract and use the paid functions of our application.
(4) Your data will be deleted as soon as it is no longer required for contract fulfillment and any statutory retention obligations (e.g., tax law) have expired.
(5) Your data will only be passed on to technical service providers for payment processing, invoicing, or infrastructure (see Sections XV & XVI), who have been commissioned in compliance with data protection regulations.
(1) We use the service provider Stripe to process payments:
(2) When using paid functions (e.g., subscriptions), your payment data (e.g., credit card number, name, billing address) is transmitted directly to Stripe. We do not store complete payment data on our servers.
(3) Processing is carried out to process the payment and fulfill contractual obligations. The legal basis is Art. 6 para. 1 lit. b GDPR (contract) and Art. 6 para. 1 lit. f GDPR (our legitimate interest in a secure and efficient payment process).
(4) Stripe is certified under the EU-U.S. Data Privacy Framework and thus undertakes to comply with EU data protection standards. Further information on data processing by Stripe can be found at: https://stripe.com/de/privacy
(5) Without the use of a payment service provider such as Stripe, it is not possible to purchase paid services on our platform.
We use the Consent Management Platform from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, to obtain your consent for cookies and tracking technologies and to document it in compliance with data protection regulations.
When you access our website, Usercentrics is loaded to request your consent. The following data is processed:
The legal basis is Art. 6 para. 1 lit. c GDPR (legal obligation to obtain documented consents). Consent data is stored for three years. More info: https://usercentrics.com/de/datenschutzerklaerung/
Our website uses Google Tag Manager (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). We use Google Tag Manager to manage website tags. The Tag Manager itself does not process personal data but serves to trigger other tools (e.g., Google Analytics).
The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in efficient management of tracking technologies.
We use Google Analytics to analyze and optimize our website. Cookies are used to collect the following information:
The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The collected data may be transferred to Google servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework. Further information can be found at: https://policies.google.com/privacy
You can revoke your consent at any time via the cookie banner or disable tracking in your browser.
(1) If you create a user account on our platform and use functions such as brand analyses, scans, or dashboards, we process your data as described in Sections XII–XIV. No further processing takes place.
(2) Hosting, support, analysis, and payment processing are carried out by the service providers named in Sections XIII–XVI.