Die deutsche Version dieser Datenschutzerklärung finden Sie unter rethink-product.com/datenschutz.

Privacy Policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data

II. The rights of users and data subjects

III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the „controller“) for purposes of data protection law is:

Stefanie Kruse
Richardstraße 62
22089 Hamburg

+49 40 3346 1473
stefanie@rethink-product.com

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Visiting our website

We use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”) to provide our online offering.

The hosting services on which this website is based are provided by Raidboxes GmbH (Hafenstrasse 32, 48153 Münster, Germany). Raidboxes GmbH automatically collects and stores server log files with information that your browser transmits to us. This information includes

  • Browser type
  • operating system
  • referrer URL (previously visited page)
  • host name (IP address).

Raidboxes GmbH cannot assign this data to a specific person. The data is not merged with other data sources. The data is deleted after a statistical evaluation after 7 days at the latest. Further information can be found in the Raidboxes GmbH’s privacy policy and list of sub-processors used by Raidboxes GmbH.

We have entered into a data processing agreement (DPA). This agreement regulates the scope, type and purpose of Raidboxes GmbH’s access to data. The access options are limited only to necessary accesses that are required to fulfill the hosting services.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR.

Sending and archiving e-mails

To send, receive and store e-mails, we process the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails. This data may also be processed to detect spam.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR.

The emails will be archived in order to meet the requirements of tax and commercial law obligations for a maximum period of 11 years.

The legal basis for this processing is Art. 6 para. 1 lit. c) GDPR.

The services for sending and archiving emails are provided by Google LLC (1600 Amphitheatre Pkwy, Mountain View, California 94043-1351). Information on data processing can be found in the Google Cloud Privacy Notice and in the list of the sub-processors used for Google Workspace.

We would like to point out that there is a possibility that user data may be processed outside the European Union, particularly in the USA.

We have entered into a data processing agreement (DPA). This contract regulates the scope, type and purpose of Google LLC’s access to data. It incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. In addition, Google LLC is certified under the Privacy Shield Agreement. You can view the Privacy Shield certificate for Google LLC.

We would further like to point out that e-mails are generally not sent encrypted on the Internet. We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

Booking a discovery call

If you book a video discovery call, the data you provide (in particular your name and email address, as well as any other data you choose to share) will be used for the purpose of processing your request.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR (in cases of inquiries about our services), otherwise Art. 6 Para. 1 lit. f) GDPR (legitimate interest).

The services for booking and conducting video calls are provided by Google LLC (1600 Amphitheatre Pkwy, Mountain View, California 94043-1351). Information on data processing can be found in the Google Cloud Privacy Notice and in the list of the sub-processors used for Google Workspace.

We would like to point out that there is a possibility that user data may be processed outside the European Union, particularly in the USA.

We have entered into a data processing agreement (DPA). This contract regulates the scope, type and purpose of Google LLC’s access to data. It incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws. In addition, Google LLC is certified under the Privacy Shield Agreement. You can view the Privacy Shield certificate for Google LLC.

Contact Form

If you contact us via the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR (in cases of inquiries about our services), otherwise Art. 6 Para. 1 lit. f) GDPR (legitimate interest).

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

Delivery of Digital Products

We send digital products (e.g. eBooks) by email using Brevo, a service for managing email addresses and sending messages. Therefore, we process your email address, without which it is not possible to deliver the digital products via email. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. The logging of the registration procedure is carried out for the purpose of proving its proper execution on the basis of Art. 6 para. 1 lit. f) GDPR (legitimate interest). Usage data, such as click and opening rates, are processed anonymously by Brevo.

Opt-out: You can object to receiving promotional emails at any time. You will find a link to unsubscribe from our email list either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably email.

Deletion and restriction of processing: We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blocklist solely for this purpose.

Brevo is a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. The processing of personal data takes place in compliance with the GDPR, mainly within the European Union. Subcontractors from third countries (e.g. for customer service or technical maintenance) may be used. Details can be found in Brevo’s privacy policy.

We have entered into a data processing agreement (DPA) with Sendinblue GmbH. This contract regulates the scope, type and purpose of Sendinblue GmbH’s access to data.

Contract Processing

The data transmitted by you for the use of our service offer is processed by us for the purpose of contract processing and is necessary in this respect. Conclusion and execution of the contract are not possible without the provision of your data. The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

LinkedIn

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We would like to point out that this might cause user data to be processed outside the European Union, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.

Further information about data processing can be found in the LinkedIn Privacy Policy.

Based on the Model Data Protection Statement by Anwaltskanzlei Weiß & Partner

Last updated: 21.04.2024