# Privacy Policy > Source: https://hi-desk.de/en/privacy/ --- # Privacy Policy We, HiDesk, take the protection of your personal data very seriously. In this privacy policy, we inform you about how we collect, process, and use your data when you visit our website hi-desk.de. This declaration complies with the requirements of the General Data Protection Regulation (GDPR) as well as other applicable data protection laws. ## 1\. Controller The controller for data processing within the meaning of the GDPR is: Dialogine GmbH Weyertal 109 50931 Köln privacy@hi-desk.de ## 2\. Collection and Processing of Personal Data ### 2.1 When Visiting the Website When you access our website, information is automatically transmitted by the browser you use to our server. This information is temporarily stored in so-called server log files. The following data is collected: - IP address (anonymized) - Date and time of access - Name and URL of the retrieved file - Website from which access was made (referrer URL) - Browser used and, if applicable, the operating system of your device - Name of your internet service provider This data is used exclusively to ensure smooth operation of the website, to improve our offer, and to defend against attacks. This data is not combined with other data sources. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest). ### 2.2 Contact When you contact us via contact form, email, or telephone – including in particular when booking a free consultation – we collect the data you voluntarily provide (e.g., name, email address, phone number, content of your message) to process your inquiry. This data is only stored for the duration of processing your inquiry and then deleted, unless there are legal retention obligations. The legal basis for this is Art. 6 para. 1 lit. b GDPR (contract fulfillment or pre-contractual measures). ### 2.4 Appointment Booking When you book an appointment via our website or by phone, we collect the personal data required for the booking, in particular your name and email address, and if applicable your phone number and desired appointment time. Processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures). We may use external appointment booking service providers with whom data processing agreements pursuant to Art. 28 GDPR are in place. Data will be deleted after the appointment has been handled, unless statutory retention obligations apply. ### 2.5 Interactive Live Demo We offer the possibility of an interactive live demo of our AI phone assistant. To conduct the demo, at least your phone number is processed in order to initiate the demo call. Processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or for the performance of pre-contractual measures at your request (Art. 6 para. 1 lit. b GDPR). Data will be deleted after the demo is completed, unless there are other grounds for processing. ### 2.6 HiDesk Chat – Clara We offer an AI-powered chat assistant called "Clara" on our website. When you use this chat, your entered messages and technical metadata (e.g., timestamps) are processed to handle your inquiry. No permanent user profiles are created. Processing is based on our legitimate interest in efficient customer support (Art. 6 para. 1 lit. f GDPR). The information on AI services in section 3 applies accordingly to the AI processing of chat content. ### 2.7 Login Functionality Registered users can log in to their HiDesk account. During registration and login, we process the following personal data: - Email address - Password (stored in hashed form) - Login timestamp and session data - IP address (for security verification) Processing is required for the performance of the contract and the provision of the user account (legal basis: Art. 6 para. 1 lit. b GDPR). Session data will be deleted after logout or upon session expiry. ### 2.8 Report Waiting Queue Through the "Report Waiting Queue" feature, users can report companies with long telephone waiting times. The name of the reported company, its phone number if applicable, and the timestamp of the report are processed. Where personal data of contact persons of the reported company (e.g., employees) is processed, this is done on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). Reported companies whose personal data is processed will, where legally required, be informed of the data collection pursuant to Art. 14 GDPR. Data will be deleted once the purpose of processing has ceased. ## 3\. Third-Party Services We use various third-party services to provide and improve our services. These services may process your personal data: ### 3.1 Google Analytics We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to analyze and optimize the use of our website. Google Analytics uses cookies and processes anonymized IP addresses. Processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. ### 3.2 Google Tag (gtag.js) We use Google Tag (gtag.js), a tagging framework provided by Google Ireland Limited, to measure website traffic and user interactions. Google Tag enables us to send event data to Google Analytics and other Google services. Data collected may include pages visited, interactions performed, and device information. Processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time via our cookie settings. ### 3.3 PostHog We use PostHog for website analytics to understand page visits and selected interactions on our website. PostHog is only activated after your consent and helps us improve our website. Processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time via our cookie settings. ### 3.4 Meta Pixel (Facebook) We use the Meta Pixel (formerly Facebook Pixel), a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The Meta Pixel allows us to track visitor actions on our website and measure the effectiveness of our advertising campaigns. Data collected may include pages visited, actions taken, and device information. This data may be transmitted to Meta servers in the USA. Processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time via our cookie settings. ### 3.5 Azure OpenAI Europe We use Microsoft's Azure OpenAI services hosted in Europe for AI-powered features. Data is processed within the EU in accordance with Microsoft's privacy policies and our data processing agreement. ### 3.6 Vonage/Nexmo We use Vonage/Nexmo for telecommunications services. Call data and phone numbers may be processed to provide our AI receptionist service. ### 3.7 Netcup We use Netcup as our hosting provider. Server data is stored and processed in Germany in accordance with German data protection laws. ### 3.8 Supabase We use Supabase for database and authentication services. User data is processed in accordance with Supabase's privacy policies and GDPR requirements. ## 4\. Cookies Our website uses cookies to make use more comfortable and secure. Cookies are small text files that are stored on your device. There are the following types of cookies on our website: - Necessary cookies: These are required for the basic functionality of the website (legal basis: Art. 6 para. 1 lit. f GDPR). - Analytics cookies and similar technologies (e.g., Google Analytics, Google Tag, Meta Pixel, and PostHog): These are only enabled with your consent (legal basis: Art. 6 para. 1 lit. a GDPR). You can adjust your cookie settings at any time via the \[Cookie Settings\] link on our website or deactivate cookies in your browser. Please note that this may affect the functionality of the website. ## 5\. Data Sharing Data is only shared with third parties if: - You have given your express consent according to Art. 6 para. 1 lit. a GDPR, - This is legally permissible and necessary for the performance of a contract with you (Art. 6 para. 1 lit. b GDPR), - There is a legal obligation (Art. 6 para. 1 lit. c GDPR), - This is necessary to protect our legitimate interests, provided your interests do not override (Art. 6 para. 1 lit. f GDPR). Service providers who assist us in data processing (e.g., hosting providers) are contractually obligated to process data exclusively according to our instructions (data processing according to Art. 28 GDPR). ## 6\. Your Rights According to the GDPR, you have the following rights regarding your personal data: - Right of access (Art. 15 GDPR): You can request information about the data we process. - Right to rectification (Art. 16 GDPR): You can request the correction of incorrect data. - Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided there are no legal retention obligations. - Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing. - Right to data portability (Art. 20 GDPR): You can receive your data in a structured format. - Withdrawal of consent (Art. 7 para. 3 GDPR): You can withdraw your consent at any time without affecting the lawfulness of previous processing. Important Notice – Right to Object (Art. 21 GDPR) Right to object (Art. 21 GDPR): You can object to the processing of your data, especially for direct marketing or legitimate interest. To exercise your rights, please contact us at info@hi-desk.de. You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR, Art. 77 GDPR. ## 7\. Data Security We implement technical and organizational measures to protect your data against unauthorized access, loss, or misuse. Our website uses SSL/TLS encryption to secure the transmission of your data. ## 8\. Changes to this Privacy Policy We reserve the right to adapt this privacy policy as needed to account for legal or technical changes. The current version can always be found on our website. ## Contact If you have any questions about this Privacy Policy, please contact us at info@hi-desk.de. [privacy@hi-desk.de](mailto:privacy@hi-desk.de)