Privacy Policy

Last updated: February 2026

1. Introduction and Controller

The protection of your personal data is important to us. In this privacy policy, we inform you about the processing of personal data when using our website.

Controller:
ByteNubes GmbH
Seeholzenstr. 2
82166 Gräfelfing, Germany
Email: kontakt@ki-fuer-muenchen.de

2. Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing:

• Master data (e.g., names, addresses)
• Contact data (e.g., email, phone numbers)
• Content data (e.g., form entries)
• Usage data (e.g., pages visited, access time)
• Meta/communication data (e.g., device information, IP addresses)

3. Legal Basis for Processing

We process personal data based on the following legal grounds under the GDPR:

• Consent (Art. 6 (1) (a) GDPR) - The data subject has given consent to the processing of their personal data.
• Contract performance (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract or pre-contractual measures.
• Legitimate interests (Art. 6 (1) (f) GDPR) - Processing is necessary for the purposes of legitimate interests pursued by the controller.

4. Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as access to, entry of, disclosure of, ensuring availability of, and separation of data.

SSL/TLS Encryption: This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content.

5. Rights of Data Subjects

As a data subject, you have various rights under the GDPR:

• Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed.
• Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate data.
• Right to erasure (Art. 17 GDPR): You have the right to request deletion of your data.
• Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured format.
• Right to object (Art. 21 GDPR): You have the right to object to processing based on your particular situation at any time.
• Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw any given consent at any time.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

6. Cookies and Local Storage

Cookies are small text files stored on your device. We only use cookies for technically necessary functions. Tracking cookies are only set with your explicit consent.

Cookie settings: You can revoke your consent at any time via the cookie banner or adjust your browser settings.

Local storage: We use your browser's local storage (localStorage/sessionStorage) for:

• Cookie preferences
• Newsletter status (whether you have subscribed or dismissed the popup)

This data is stored exclusively locally on your device and is not transmitted to us.

7. Contact Form and Email Contact

When you contact us via contact form or email, your information will be processed to handle your inquiry.

Processed data: Name, email address, phone number (optional), company (optional), topic, and message.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR) and legitimate interests (Art. 6 (1) (f) GDPR).

Storage duration: Data will be deleted once it is no longer necessary for the purpose of collection. This is the case when the respective conversation has ended and no legal retention obligations apply.

7.1 FormSubmit.co (Form Processing)

For submitting contact forms and download requests, we use FormSubmit.co. Your form data is forwarded to our email address via FormSubmit.co.

Provider: FormSubmit (formsubmit.co)
Processed data: All data entered in forms (name, email, message, etc.) is processed for forwarding to us. FormSubmit does not store data permanently.
Spam protection: FormSubmit uses a honeypot method for spam protection. No CAPTCHAs or tracking cookies are used.

More information: FormSubmit.co

7.2 Download Requests (Checklists, Whitepapers)

When you download free content such as checklists, we collect your email address and optionally your name. This data is used exclusively to provide the download and potentially for further information about our services.

Legal basis: Consent (Art. 6 (1) (a) GDPR).
Withdrawal: You can withdraw your consent at any time by emailing kontakt@ki-fuer-muenchen.de.

8. Newsletter

8.1 Provider

For sending our newsletter, we use Brevo (formerly Sendinblue).

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany
Website: www.brevo.com
Privacy Policy: Brevo Privacy Policy

8.2 Data Collected

• Email address (required)
• First name (optional)
• Signup timestamp
• IP address (for Double Opt-in verification)
• Language preference

8.3 Purpose of Processing

Sending the weekly newsletter with AI insights and blog updates.

8.4 Legal Basis

Consent pursuant to Art. 6 (1) (a) GDPR. Signup uses a Double Opt-in process: after entering your email address, you will receive a confirmation email. Only after clicking the confirmation link will you be added to the mailing list.

8.5 Storage Duration

Your data will be stored until withdrawal (unsubscription from the newsletter).

8.6 Withdrawal

You can withdraw your consent at any time:

• Via the unsubscribe link at the end of each newsletter email
• By email to kontakt@ki-fuer-muenchen.de

8.7 Performance Measurement

The newsletter may contain tracking pixels and links with tracking parameters to measure the success of newsletter campaigns (open rates, click rates). This data is evaluated in pseudonymized form.

9. Hosting and Infrastructure

9.1 Website Hosting (IONOS)

Our website is hosted by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany).

Processed data types: Content data, usage data, meta/communication data.

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Server location: Servers are located in Germany. Your data is not transferred to countries outside the European Union.

9.2 Cloudflare Workers (API Services)

For processing newsletter signups, we use Cloudflare Workers, a serverless execution service.

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
European Office: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany
Privacy Policy: Cloudflare Privacy Policy

Processed data: When signing up for the newsletter, your data (email, optionally first name) is forwarded to Brevo via Cloudflare Workers. Cloudflare processes:

• IP address (for request processing)
• Form data (for forwarding)

Storage duration: Cloudflare does not permanently store personal data. Processing occurs solely for forwarding to Brevo.

Legal basis: Consent (Art. 6 (1) (a) GDPR) for newsletter signup.

Third-country transfer: Cloudflare is certified under the EU-US Data Privacy Framework and offers Standard Contractual Clauses per Art. 46 GDPR. More information: Cloudflare GDPR Compliance

10. Web Analytics with Plausible Analytics

We use Plausible Analytics, a privacy-friendly web analytics service. Plausible Analytics is cookieless - no cookies are set and no personal data is stored.

GDPR Compliance: Plausible Analytics was specifically designed for GDPR compliance. No IP addresses are stored and no personal data is collected. Therefore, no consent is required.

Data collected: Only anonymized usage statistics such as page views, time on site, and referrer are collected, without any way to identify individual visitors.

No data transfer outside the EU: Plausible Analytics is operated on servers in the European Union.

More information: Plausible Analytics Data Policy

11. Appointment Booking with Cal.com

For appointment booking, we use Cal.com. The following data is processed during booking:

• Name
• Email address
• Requested appointment
• Optional: phone number, message

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Storage duration: Data will be deleted after the appointment is completed or cancelled, unless legal retention obligations apply.

More information: Cal.com Privacy Policy

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Responsible supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de

13. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will apply to your next visit.

14. Questions About Data Protection

If you have questions about data protection, please send us an email at: kontakt@ki-fuer-muenchen.de