Privacy Policy

Information about how we collect, process, and protect your personal data transparently, GDPR-compliant, and securely.

Information about how we collect, process, and protect your personal data transparently, GDPR-compliant, and securely.

Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.



Data Collection on Our Website

Who is responsible for data collection on this website?

The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is:

NoscAi GmbH
Jungfernstieg 34
20354 Hamburg

Email: support@nosc.ai



How do we collect your data?

Your data is collected, firstly, when you provide it to us. This may, for example, include data you enter into a contact form. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.



How long do we store your personal data?

Your personal data will be deleted after:

  • 14 days after you delete your customer account with us. You can delete your account via your personal customer area in the “NoscAi Account.”

  • 5 years in the event of corresponding inactivity of the customer account.

  • 5 years for orders placed as a guest.



What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. The legal basis for processing is Art. 6(1)(f) GDPR. We have a legitimate interest in enabling optimized communication between our server and your end device.



What rights do you have regarding your data?

You have the right at any time to receive information, free of charge, about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the topic of data protection, you can contact us at any time at the address provided in the legal notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.



Analytics Tools and Third-Party Tools

When visiting our website, your browsing behavior may be statistically evaluated. This is done primarily using cookies and so-called analytics programs. Analysis of your browsing behavior is generally anonymous; browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy. You can object to this analysis. We will inform you about objection options in this privacy policy.



General Information and Mandatory Disclosures

Preamble

We place the highest value on protecting your data and safeguarding your privacy. Below, we explain which data we process, when, for what purpose, and on what legal basis. This is intended to clarify how our services work and how the protection of your personal data is ensured. Pursuant to Art. 4 No. 1 GDPR, personal data is all data that can be assigned to an identified or identifiable natural person.

Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Insofar as processing is based on Art. 6(1)(f) GDPR, you have a right to object pursuant to Art. 21 GDPR. Processing of data constitutes any operation related to personal data within the meaning of Art. 4 No. 2 GDPR.

Within the following individual sections, specific reference will again be made to the right to object. There you will find further information on how to exercise your right to object.



Purpose of Processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for initiating, performing, and fulfilling a contract, as well as for carrying out pre-contractual measures. If the provision of personal data is necessary for initiating or executing a contractual relationship or in the context of pre-contractual measures, processing is lawful in accordance with Art. 6(1)(b) GDPR. If you provide us with explicit consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, or promotional contact), the lawfulness of this processing is based on your consent in accordance with Art. 6(1)(a) GDPR.



Information on the Responsible Entity

The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is:

NoscAi GmbH
Jungfernstieg 34
20354 Hamburg
Email: support@nosc.ai

The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, or similar).



Withdrawal of Your Consent to Data Processing

You may withdraw your consent to the collection, agreement, and use of personal data at any time with effect for the future.

An informal notification by email to us is sufficient for this. The lawfulness of data processing carried out until the withdrawal remains unaffected by the withdrawal.



Right to Lodge a Complaint with the Competent Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html



Right to Data Portability

In accordance with Art. 20 GDPR, you have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, either for yourself or for a third party, in a common, machine-readable format. If you request direct transfer of the data to another controller, this will only be done where technically feasible.



SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.



Encrypted Payment Transactions on This Website

If, after concluding a paid contract, there is an obligation to transmit your payment data to us (e.g., account number for direct debit authorization), this data is required for payment processing.

Payment transactions via common payment methods (Visa/MasterCard, direct debit procedure) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the browser address line changing from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Rights of Data Subjects

In accordance with Art. 15(1) GDPR, you are entitled to a comprehensive right of access to personal data concerning you that is being processed, as well as further information. In addition, pursuant to Art. 16 GDPR, you may request correction of your data. Art. 17(1) GDPR grants you the right to deletion of your personal data. In accordance with Art. 18 et seq. GDPR and Art. 20 GDPR, you may exercise your right to restriction of processing and your right to data portability. For requests of this kind, please contact support@nosc.ai. Please note that for such requests, we must ensure that the request is made by the data subject concerned.

Objection to Advertising Emails

The use of contact data published within the scope of legal notice obligations for sending unsolicited advertising and information materials is hereby objected to. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.



Data Protection Officer

Legally Required Data Protection Officer

We have appointed a data protection officer for our company.

Data Protection Officer:
Anosch Aziz-Koch



Data Collection on Our Website

Cookies

Some of the web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can configure your browser to notify you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.

Cookies that are necessary for carrying out electronic communication or for providing certain functions you request (e.g., shopping cart function) are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free and optimized provision of its services through the storage of cookies. If other cookies are stored (e.g., cookies for analyzing your browsing behavior), these are treated separately in this privacy policy.

Below are explanations of the most common types of cookies for your understanding.

  1. Session cookies
    While you are active on a website, a session cookie is temporarily stored in your computer’s memory, in which a session identifier is stored to prevent, for example, repeated logins when changing pages. Session cookies are deleted when you log out or lose their validity once your session has automatically expired.


  2. Persistent or log cookies
    A persistent or log cookie stores a file on your computer for the period specified in the expiration date. These cookies allow websites to remember your information and settings during your next visit. This leads to faster and more convenient access, since, for example, you do not need to set your language preference for our portal again. Once the expiration date has passed, the cookie is automatically deleted when you visit the website that created it.


  3. Third-party cookies
    Third-party cookies come from providers other than the operator of the website. They can be used, for example, to collect information for advertising, customized content, and web statistics.




CookieYes (Consent Management)

This website uses CookieYes as a Consent Management Platform (CMP). The provider is CookieYes Limited, 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

CookieYes is used to obtain and manage the consent required under data protection law for the use of cookies and comparable technologies in accordance with § 25 TTDSG and Art. 7 GDPR. The technically necessary cookie "cookieyes-consent" is set, which stores your consent preferences.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent).

Further information: https://www.cookieyes.com/privacy-policy/



Framer

We host our website with Framer. The provider is Framer B.V., Singel 542, 1017 AZ Amsterdam, Netherlands (hereinafter: Framer). When you visit our website, Framer collects various log files, including your IP address.

Framer is a tool for creating and hosting websites. Framer stores cookies or comparable recognition technologies that are necessary for displaying the website, providing certain functions, and ensuring security (necessary cookies).

Further information can be found in Framer’s privacy policy:
https://www.framer.com/legal/privacy-statement/

Framer is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a technically stable, secure, and efficient presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

If personal data is transferred to third countries, this is done on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular through the conclusion of standard contractual clauses of the EU Commission, where necessary.



Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.



Contact Form and Appointment Booking

If you contact us via a form on the website or request an appointment, the data you enter will be processed.

This may include:

  • Name

  • Email address

  • Phone number

  • Practice / Company

  • Message

Processing is carried out exclusively for handling your request.

Legal basis:

Art. 6(1)(b) GDPR
(Processing for carrying out pre-contractual measures)



HubSpot

We use HubSpot services for managing contact inquiries, forms, and marketing communication.

Provider:

HubSpot Inc.
25 First Street
Cambridge, MA 02141
USA

HubSpot is an integrated software solution that enables us to manage various aspects of our online marketing and customer communication. This includes in particular:

  • Provision of contact forms

  • Processing of inquiries

  • Appointment scheduling

  • Analysis of the use of our website and marketing activities

If you contact us via a form on our website, the data you enter is transmitted to HubSpot and stored there.

In addition, HubSpot may use cookies or similar technologies to analyze user behavior on our website and evaluate the effectiveness of our marketing measures.



Analytics Tools and Advertising

Google Analytics 4

This website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics 4 uses cookies and similar technologies that enable analysis of your use of our website.

Measurement ID: G-NJT7RXGSZ8

The information generated by these technologies about your use of our website is generally transmitted to and stored on a Google server. Transmission may also occur to servers of Google LLC in the USA. Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.



IP Anonymization

Google Analytics 4 anonymizes your IP address by default, so that no complete IP address is stored or transmitted.



Legal Basis

Processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time via the cookie settings on our website.



Objection to Data Collection

You can prevent the collection of your data by Google Analytics by revoking your consent via our cookie banner. In addition, you can download and install the browser plugin for disabling Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de



Data Processing Agreement

We have concluded a data processing agreement with Google.

Further information on data protection at Google can be found at: https://policies.google.com/privacy



Google Tag Manager

This website uses Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a service that manages the loading of other components (so-called "tags"). Google Tag Manager itself does not collect personal data and does not access cookies. It merely triggers the execution of other tags, which may in turn collect data. These tags are only activated after the corresponding consent has been given via our cookie banner.

Container ID: GTM-5W9ZF9C2

Legal basis: Art. 6(1)(a) GDPR (consent) for tags loaded via Tag Manager; Art. 6(1)(f) GDPR (legitimate interest) for loading Tag Manager itself.

Further information: https://policies.google.com/privacy



Meta Pixel (Facebook)

This website uses the Meta Pixel (formerly Facebook Pixel). The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

The Meta Pixel enables us to track user behavior after they have clicked on a Facebook or Instagram advertisement (conversion tracking). In addition, the pixel can be used to create target audiences for advertisements (retargeting). The cookie _fbp is set in this process.

Pixel ID: 1376540516757766

The data collected may also be used by Meta for its own advertising purposes and profiling. In this regard, we refer to Meta's privacy policy.

Data transfer to third countries: When using the Meta Pixel, data may be transferred to servers of Meta Platforms Inc. in the USA. Meta is certified under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent). Consent can be revoked at any time via the cookie settings on our website.

Further information on data protection at Meta: https://www.facebook.com/privacy/policy/



Plugins and Tools

Google Fonts

This website uses Google Fonts for the uniform display of typefaces. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you access a page, your browser loads the required fonts directly from Google servers (fonts.gstatic.com). Your IP address is transmitted to Google in the process.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform and appealing presentation of our website).

Note: We are currently working on hosting the fonts locally to avoid data transmission to Google servers.

Further information: https://policies.google.com/privacy

Made in Germany