Privacy Policy
Welcome to the website of GoodIP GmbH (“we” or “us”) as controller of personal information (Art 4 Nr. 7 GDPR):
GoodIP GmbH
Severinstr. 3a
81541 Munich
Germany
Email: info@goodip.de
Tel: +49 89 3078 1244
Represented by:
Dr. Bastian July & Dr. Tillmann Stieger (managing directors)
Commercial Register:
Amtsgericht München, HRB 234688
Your privacy is of great importance to us. This Privacy Policy provides information on how we collect, use, and protect your personal information.
We care about the security of the personal data collected on our website and as provided by you in use of our Services (“Services”), e.g., our web-based Service GoodIP GO as well as about the protection of privacy of our authorized users, their guests and any other data subject that uses our Services or visits our website. We continually take steps to protect your information against loss, misuse, unauthorized access, unauthorized disclosure, unauthorized adaptation, manipulation, or destruction. If you access our website or tools
(i) from a Member State of the European Union, the European Data Protection Regulation 2016/679 (GDPR) applies.
(ii) from Switzerland, the Swiss Federal Data Protection Act (FADP) applies in addition.
(iii) from the UK, the UK GDPR applies.
(iv) from the State of California, USA, the California Consumer Privacy Act of 2018 (CCPA) may also apply to the processing of personal information.
1. Information we may collect on our website
You may generally visit our website without identifying yourself. Please note that identifying you is not possible for us without any additional information you provide over our forms or services or you consent to use your information by a third party.
You may provide personal information to us as follows:
1.1. Contact us and Case study page
Over our website you have several options to contact us directly: When you use our 'Contact Us' or 'Case Study' pages, we collect your full name, email address, and company name (if provided) by an online form. This information is used to communicate with you and respond to your inquiries or to provide access to our case studies. Any personal data provided over the respective forms is therefore processed based on Art. 6 (1) b GDPR as necessary for a contract or in order to take steps prior to entering into a contract and is solely happening on your request as the data subject. We will therefore use any personal data provided to us solely to get in touch with and to respond to your request as well as to provide access to detailed case studies and follow up with information about our products and services.
1.2. Use of Calendly to schedule a meeting with us
For scheduling meetings, we use Calendly, a third-party service provided by Calendly Inc. 115 E. Main St. Ste A1B, Buford, GA 30518, USA. Calendly may collect your name and email address for scheduling purposes. Calendly's use of information is subject to their own privacy policy and cookie usage. We have concluded a data processing contract as in Art. 28 GDPR with Calendly to ensure that our customers personal data is processed in compliance with applicable data protection regulation. This data processing contract is including EU Model Clauses to ensure that all personal data will be processed under EU data protection standards even if it shall be transferred to the USA as a country where there is not an adequate data protection standard as seen from an EU perspective. Calendly Inc. has obtained self-certification under the EU - U.S. Data Privacy Framework, which provides adequate data protection standards within Calendly. You may find the self-certification of Calendly under this link:
We are processing respective personal data provided by you based on Art. 6 (1) b GDPR as necessary for a contract or in order to take steps prior to entering into a contract and is solely happening on your request as the data subject. We regard the use of this service as essential to schedule meetings effectively, what will assumably be in your interest as well.
1.3. Use of Cookies
Our website uses cookies, pixels, local storage objects, and similar devices (collectively, "cookies" unless otherwise noted) to distinguish you from other users of the website, but not to identify you. You do not need to allow all cookies to visit our website. However, enabling cookies may allow for a more tailored browsing experience and is required for certain parts of the website to work.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. When you visit our site, strictly necessary cookies will be automatically placed on your device. You can change the cookie settings that will be placed when you visit our website by changing the settings on your browser or by visiting the Cookie Preference Centre by clicking on the Cookie button at the bottom of this website. Strictly necessary cookies do not require your consent. However, the use of Google Analytics is not strictly necessary why we ask for consent over the cookie banner before the respective Google Analytics Cookie is saved to your device.
1.4. Use of Google Analytics
Our website uses Google Analytics 4 to track and report website traffic, helping us understand visitor interactions and improve our website's user experience. Google Analytics 4 is a service provided by Google Inc. that is providing their services to EU customers by Google Ireland Limited, Gordon House, Barrow Street 4, Ireland. We may track your website visit if you provide us with your consent over our cookie banner. If you provide your consent, legal basis to process potentially personal data within Google Analytics is Art. 6 (1) a GDPR as well as Art. 25 Telecommunications-Telemedia Data Protection Act (TTDSG).
If you provide your consent, the following cookies will be set to your device:
Tool | Cookie | Type | Purpose | Duration |
---|---|---|---|---|
Google Analytics | _ga | Permanent | Contains a randomly generated user ID. Google Analytics can use this ID to recognize returning users on this website and merge the data from previous visits. | 7 days |
Google Analytic | _ga_ JZJ5TNGGVK | Permanent | Contains a randomly generated user ID. Google Analytics can use this ID to recognize returning users on this website and merge the data from previous visits. | 7 days |
Please note that it is at any time possible to revoke your respective consent regarding the use of Google Analytics. You may use our Cookie tool itself to revoke the option. In addition, you may also use the following links to opt-out any processing by Google Analytics:
Any data provided to us by Google in statistics is fully anonymized, so it will not be possible for us to link any website visit to an identified individual. We analyse our users’ behaviour to enhance the website experience of our website visitors as in Art. 6 (1) f GDPR and believe that your interests as a data subject will not exceed this interest as you have provided your consent to being tracked by Google over our cookie banner.
We have concluded a data processing contract as in Art. 28 GDPR with Google to ensure that our customers personal data is processed in compliance with applicable data protection regulation. This data processing contract is including EU Model Clauses to ensure that all personal data will be processed under EU data protection standards even if it shall be transferred to the USA as a country where there is not an adequate data protection standard as seen from an EU perspective. Google LLC has obtained self-certification under the EU-U.S. Data Privacy Framework, which provides adequate data protection standards within Google. You may find the self-certification of Google under this link:
1.5. Hosting of our website
Our website is hosted on Netlify, which may also support our email communications through serverless functions. Netlify is a service provided by Netlify Inc., 512 2nd Street, Floor 2, San Francisco, CA 94107, USA. We have concluded a data processing contract as in Art. 28 GDPR with Netlify to ensure that our customers personal data is processed in compliance with applicable data protection regulation. This data processing contract is including EU Model Clauses to ensure that all personal data will be processed under EU data protection standards even if it shall be transferred to the USA as a country where there is not an adequate data protection standard as seen from an EU perspective. Netlify Inc. has obtained self-certification under the EU-U.S. Data Privacy Framework, which provides adequate data protection standards within Netlify. You may find the self-certification of Netlify Inc. under this link:
Netlify will process personal information as described in their privacy policy, available under:
We use Netlify to provide a quick website loading and enhanced the user experience when visiting our website. The hosting provider will have to pass through personal information as gathered on the website to us. In this function Netlify will only process personal data on our behalf but not for their own use. We process any personal information in connection with Netlify by Art 6 (1) f GDPR as we have a legitimate interest to provide the best experience for our users. As the website user visits our website on a voluntary basis, we have reason to believe that their interest of privacy protection is not exceeding our interests, especially because Netlify is obligated to process personal data in a GDPR compliant manner.
1.6. Use of Typeform
We create surveys with Typeform. Typeform is a service provided by TYPEFORM S.L., c/Pallars 108, 08018 Barcelona, Spain. Categories of (personal) data processed: technical connection data of the server access (IP address, date, time, requested page, browser information) and information about your request. Our purpose of processing is the delivery of forms over our website. We process this data in accordance with Art. 6 (1) f GDPR, as we have a legitimate interest in efficiently retrieving data voluntarily provided by you in order to be able to process your request quickly and accurately. Since data is only processed to the extent that you voluntarily provide it to us within a form, we assume that your interests do not outweigh our legitimate interest. We have concluded an order processing contract with Typeform S.L. Further information on data protection at Typeform can be found here:
1.7. Connection to social media platforms
On our website, social media platforms are integrated under a simple link. A data transfer to the following social media platforms only takes place if you click on the corresponding link. We have currently included links to the offerings of the following companies on my website:
Clicking on the LinkedIn icon establishes a direct connection to the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland. For information on which data is collected and how it is used, please refer to the provider’s privacy policy:
Clicking on the YouTube icon or on a video on our website establishes a direct connection to the services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. For information on which data is collected and how it is used, please refer to the provider’s privacy policy:
2. Use of GoodIP GO
You may use our Service “GoodIP GO” to analyze the first step whether GoodIP is the right fit for your company’s request. To use GoodIP GO we ask you to enter your email-address as well as company name and website, that you may provide on a voluntary basis. Processing of personal data is based on Art 6 I b GDPR to enable you to get in touch with us regarding the project you would like to conduct, potentially with us. We believe processing of the limited personal data you enter is therefore also in your interest.
We host our service GoodIP GO on Amazon Web Services. Supplier of Amazon Webs Services is Amazon EU S.á.r.l, 38 Av. John F. Kennedy, 1855 Neudorf- Weimershog, Luxembourg, Luxemburg. When you use GoodIP GO, your personal data is processed on the servers of AWS. Personal data may also be transferred to the parent company of AWS in the USA. We have a data processing agreement with AWS in place, which includes EU standard contractual clauses for any potential data transfer to the USA. Details can be found here:
Further information can be found in the AWS privacy policy:
Amazon Web Services Inc. has obtained self-certification under the EU-U.S. Data Privacy Framework, which provides adequate data protection standards within Amazon. You may find the self-certification of Amazon Web Services Inc. under this link:
2.1. Transfer of personal data to third countries, especially the USA
We do not sell or rent your personal information to third parties. However, we may share your information with our data processors as trusted third-party services like Typeform, Calendly, Netlify and Google for operational purposes as described above. In these cases, personal data might be transferred abroad, especially to the USA.
Aside from the use of processors as described above we do not intend to transfer personal information. If this should be required as according to our Services we may provide to you this will only happen regarding the regulations of Art. 44 ff GDPR.
3. Retention period
We will only keep your personal data if required for providing our Services and website to you and after this period ends as long as legal obligations exist that obligate us to save and archive your data. For visitors to our website, we will retain relevant personal information for at least three years from the date of our last interaction with you and in compliance with our obligations under the EU General or for longer if we are required to do so according to our regulatory obligations or professional indemnity obligations. Regarding Services to our clients, we will retain relevant personal information for at least six years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation or other legislation that is applying to client’s case, or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations. We may then destroy such files without further notice or liability.
If personal information is only useful for a short period, e.g., for specific marketing campaigns we may delete it.
4. Your rights as a data subject
We want to make sure you are aware of your data protection rights. To execute any of those rights, please contact us under info@goodip.de. Every data subject is entitled to the following rights:
The right to access (Art. 15 GDPR):
You have the right to ask us for copies of your personal data collected and processed by us as well as the right to obtain confirmation from us as to whether personal data concerning you is being processed and, if so, access to the personal data and certain information about its processing. Please note that this right is subject to certain legal restrictions (in particular under Section 34 BDSG).
The right to rectification (Art 16 GDPR):
You have the right to request that we correct any information you reasonably believe is inaccurate if conditions of Art 16 GDPR are met. You also have the right to request us to complete information you reasonably believe is incomplete.
The right to erasure (Art 18 GDPR):
You have the right to request that we erase your personal data unless there is a legal justification to still store and retain and/or otherwise process the data, e.g. to execute an agreement in place.
The right to data portability (Art 20 GDPR):
You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to object to processing (Art 21 GDPR):
Under the conditions set out in Art. 21 GDPR, you have the right to object to certain processing operations concerning your personal data on grounds relating to your particular situation. In such a case, we cannot comply with your objection if there are compelling legitimate grounds for the processing which override your interests or if the processing is necessary for the establishment, exercise or defence of legal claims.
Right to object to direct marketing (Art. 21(2) GDPR):
You may object at any time to further processing of personal data relating to you for direct marketing purposes, with the consequence that we no longer process such data for this purpose; this also applies to profiling insofar as it is related to such direct marketing.
Automated decisions (Art. 22 GDPR):
We will not, without your consent, make any decision which produces legal effects concerning you or similarly significantly affects you and which is based solely on automated processing (including profiling).
Revoke of consents:
Where you give consent for processing, unless we inform you otherwise in advance, this will be voluntary and there will be no sanction for refusing consent. You have the right to revoke consent once given at any time. In the event of such a revocation, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected. Processing on a legal basis other than your consent also remains unaffected by the revocation. In this respect, however, you may additionally exercise the aforementioned statutory rights. In particular, you may at any time revoke any consent you may have given for the use of your e-mail address or telephone number for direct marketing and object to the further use of your e-mail address or telephone number for this purpose at any time without incurring any costs other than the transmission costs of my provider in accordance with the prime rates.
Right of complaint:
You have the right to complain to a supervisory authority. This may be, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us.
The data protection supervisory authority responsible for us is:
Bavarian Data Protection Supervisory Authority
House address
Promenade 27 (Castle)
91522 Ansbach
Germany
Postal address
P.O. Box 606
91511 Ansbach
Germany
How to reach the Data Protection Supervisory Authority
Tel: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de
If you wish to submit a complaint, you can also use the complaint form provided at
You may contact us in any form to exercise your rights, in particular to revoke any consent you may have given, via the contact details provided in the imprint. In order to exercise your rights, it may be necessary for you to identify yourself to us.
5. Changes to our privacy policy
We may update this Privacy Policy to reflect changes to our information practices. Any changes will be posted on this page, and we encourage you to periodically review this page for the latest information on our privacy practices.
6. Contact us
For questions or concerns regarding this Privacy Policy, or to privacy at GoodIP in general, please contact us at info@goodip.de.
GoodIP GmbH
Severinstr. 3a
81541 Munich
Germany
©2024 GoodIP. All rights reserved.