We attach great importance to data protection and would like to explain to you below how we collect and process your personal data. In doing so, we comply with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
As the controller for the collection, processing and use of your personal data pursuant to Art. 4 No. 7 GDPR applies:
E-mail address: firstname.lastname@example.org
2 What data we process and why
In the following, we explain which data we use about you, for what purpose and on what legal basis. When we refer to "website" or "service", we are referring to our marketing website at heylogin.com.
We use hosting services to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we need to operate the website.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data based on our legitimate interest in the efficient and secure provision of our website or service in accordance with Art. 6 (1) p. 1 f) GDPR.
2.2 Access data in server log files
When you visit our website, we collect information about you. We automatically record things like your activity on the site and how you interact with us. We also record information about your device, whether it is a computer or a cell phone. This information helps us better understand and improve our website.
The data we collect includes:
- The name and the Internet address of the file you have accessed
- Date and time when you visited the page
- How much data was sent back and forth
- Whether the access was successful (this is called HTTP response code).
- Which internet browser and version you use
- What operating system is running on your device
- The page from which you came to us (this is called referrer URL)
- Other websites you have visited through our site
- Information about your Internet provider
- Your IP address and from which provider you have your internet connection
We use this collected data to make our website safer and better. This helps us find and fix bugs and improve our service. We only use this data for general statistical analysis and not to identify you personally. This is important for the secure operation of our website.
Sometimes we also check this data more closely if we suspect that someone is using our website in an unauthorized way. We store your IP address for a short period of time when it is necessary for security reasons or when billing is involved. After you leave the site or a payment is made, we delete the IP address when we no longer need it. We also keep IP addresses if we think someone is using our website for criminal activity.
2.3.1 What are cookies?
A cookie is a small text file that we store on your hard drive or device when you visit our website. This file contains various information that enables our website to offer you a pleasant visit, e.g. by "remembering" certain information or preferences you have made.
When the cookie is activated, it is assigned an identification number. Your personal data is not assigned to this identification number. Your name, your IP address or similar data that would allow the cookie to be assigned to you are not stored in the cookie. With the help of the cookie technology, we only receive pseudonymized information, e.g. about visited pages or viewed offers.
2.3.2 What cookies do we use?
On the one hand, we use technically necessary cookies that enable certain core functions of our website. This can be, for example, the storage of certain settings.
The use of technically necessary cookies is based on our legitimate interest pursuant to Art. 6 (1) p. 1 f) GDPR. Our website is designed to be user-friendly and functional, and the use of these cookies does not usually affect your interests as a data subject. Therefore, a case-by-case assessment is usually not necessary.
On the one hand, we only use technically unnecessary cookies extremely sparingly. On the other hand, we only store such cookies on your end device if you have previously consented ("opt-in"). We always explain the respective purpose of the storage separately in the context of the corresponding service that stores the cookie on your end device.
2.4 Data for the fulfillment of our contractual obligations
We process personal data that we need to establish a contractual relationship with you and to fulfill our contractual obligations under an existing contractual relationship, such as name, address, e-mail address, ordered services, billing and payment data.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR, because this data is needed so that we can fulfill our contractual obligations to you or initiate a contract with you.
2.5 E-mail or telephone contact
If you contact us (e.g. by phone, contact form or e-mail), we process your information to process your request and in case further questions arise.
If the data processing is carried out for the implementation of pre-contractual measures, which take place on your request, or if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR. Otherwise, we process your personal data based on our legitimate interest to answer your questions according to Art. 6 para. 1 p. 1 f) GDPR.
2.6 Direct mail
We also process your personal data for direct marketing of our goods and services.
If you have agreed to receive e-mail advertising, you will regularly receive information and offers about our goods and services at the e-mail address you have provided. You can revoke your consent at any time.
We store your email address and log your consent for as long as we need your data to send the newsletter and until you revoke your consent or unsubscribe from the newsletter.
You can unsubscribe at any time without incurring any costs other than the transmission costs according to the prime rates. A message in text form to the contact data mentioned in section 1 (e.g. e-mail) is sufficient for this purpose. You will also find an unsubscribe link in every advertising e-mail.
Without your consent to direct advertising by e-mail, you will only receive advertising by mail. You can also object to this type of direct advertising.
The legal basis for processing your personal data for direct advertising is our legitimate interest in direct advertising pursuant to Art. 6 (1) p. 1 f) in conjunction with Recital 47 p. 7 of the General Data Protection Regulation (GDPR) and - in the case of e-mail advertising - your consent pursuant to Section 7 (2) No. 2 of the Unfair Competition Act (UWG).
If you are already our customer and have already received goods or services from us, we may send you regular product recommendations by e-mail without your consent. In this way, we would like to send you information about products from our range that may be of interest to you based on your most recent purchases of goods or services from us. In doing so, we strictly adhere to the legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data mentioned in section 1 (e.g. e-mail) is sufficient for this purpose. You will also find an unsubscribe link in every e-mail.
The legal basis for this is our legitimate interest in direct advertising pursuant to Art. 6 (1) p. 1 f) of the GDPR in conjunction with the statutory permission pursuant to Section 7 (3) of the Unfair Competition Act (UWG).
3 Storage duration
Unless specifically stated, we will only store your personal data for as long as is necessary to fulfill our purposes.
We delete your personal data after the storage is no longer necessary (e.g. after final response to your request, for the duration of our contractual relationship until its final termination), or - in the case of legal retention obligations - we restrict the processing. Please note that further processing is required in particular for:
- Fulfillment of statutory retention obligations, which may arise from the German Commercial Code (HGB) and the German Fiscal Code (AO), for example. The periods specified therein are up to ten years.
- Preservation of evidence within the framework of statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
- In some cases, the legislator stipulates the retention of personal data, for example in tax or commercial law. In these cases, we store the data only for these legal purposes, but do not process them in any other way and delete them after the legal retention period has expired. The legal basis for this processing is Art. 6 para. 1 p. 1 c) GDPR.
4 Your rights as a person affected by data processing
According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in section 1.
Below you will find an overview of your rights.
4.1 Right to confirmation and information
You have the right to receive clear information about the processing of your personal data.
You have the right to receive confirmation from us at any time as to whether we are processing your personal data. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
- the purposes of processing;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you, any available information about the origin of the data;
- the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
4.2 Right to rectification
You have the right to request us to correct and, if necessary, complete personal data concerning you.
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
4.3 Right to erasure ("right to be forgotten")
In a number of cases, we are required to delete your personal data.
You have the right under Article 17(1) of the GDPR to request that we delete your personal data without undue delay, and we are obliged to delete personal data without undue delay if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) p. 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- Your personal data has been processed unlawfully.
- The deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
- Your personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If we have made your personal data public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers that process your personal data that you have requested that they erase all links to or copies or replications of that personal data.
4.4 Right to restriction of processing
In a number of cases, you are entitled to request that we restrict the processing of your personal data.
You have the right to request us to restrict processing if:
- the accuracy of your personal data is contested by you for a period of time that allows us to verify the accuracy of your personal data,
- the processing is unlawful and you have refused the erasure of the personal data and instead requested the restriction of the use of the personal data;
- we no longer need the personal data for the purposes of processing, but you require the data for the assertion, exercise or defense of legal claims, or
- you have objected to the processing pursuant to Art. 21 (1) GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
4.5 Right to data portability
You have the right to receive your personal data in machine-readable form, to transmit it or to have it transmitted by us.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to Art. 6 (1) p. 1 a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) p. 1 b) GDPR and
- the processing is carried out with the help of automated procedures.
When exercising your right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, to the extent that this is technically feasible.
4.6 Right of objection
You also have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing do not outweigh yours.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 e) or f) GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
4.7 Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Automated decision-making based on the personal data collected does not take place.
4.8 Right to revoke consent under data protection law
You have the right to withdraw consent to the processing of personal data at any time.
4.9 Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
5 Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted encrypted. We use Transport Layer Security (TLS) for this.
To secure your data, we maintain technical and organizational measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art. The servers we use are carefully secured on a regular basis.
6 Disclosure of data to third parties, data transfer to non-EU countries
In principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing ("commissioned processing"), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of your rights.
We currently work with the following processors:
Plausible Insights OÜ
We use Plausible Analytics to track general trends in the use of our website. Plausible Analytics only collects aggregate information that does not allow us to identify visitors to our website. No cookies are used in this process.
11th Street, Floor 2
San Francisco, CA 94103
heylogin.com is hosted on Webflow.
Special safeguards: We explicitly do not use Webflow's form features and have not enabled tracking integrations.
330 West 34th Street, 5th Floor
New York, New York 10001
The videos embedded on heylogin.com are hosted by Vimeo.com, a service of Vimeo.com, Inc.
Special safeguards: We have disabled the tracking function with the dnt parameter so that no data is collected that uniquely identifies the user.
Seven Degrees Labs LLC (HelpKit)
30 N Gould St Suit RSheridan
Our Help Center is provided by HelpKit, a service of Seven Degrees Labs LLC.
Userlike UG (haftungsbeschränkt)
This website uses Userlike, a live chat software provided by Userlike UG (haftungsbeschränkt). Userlike therefore only processes the data you provide, such as first name, last name and email address.
Data entered in contact forms is processed and transmitted via n8n.io, a service of n8n GmbH.
When an appointment is booked, data entered is processed by meetergo, a service of meetergo GmbH.
Heinlein Hosting GmbH (mailbox.org)
Schwedter Straße 8/9A
We use mailbox.org for email communication and appointments.
Insofar as a data transfer to controllers or processors in the USA takes place, the legal basis is the adequacy decision between the USA and the EU of July 10, 2023 pursuant to Art. 45 (1) GDPR in conjunction with the certification of the respective service (certification list: https://www.dataprivacyframework.gov/s/participant-search).
Only in cases where a controller or processor outside the EU is not covered by an adequacy decision, the following legal bases come into consideration:
- Special consent pursuant to Art. 49 of the GDPR, provided that we obtain your special consent for a specific transfer of personal data to a third country, or
- the standard contractual clauses (SCC) provided by the EU Commission in accordance with Art. 46 GDPR in conjunction with an individual risk assessment for the respective data recipient in the third country.