Privacy Policy

As of: 01.15.2021


We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Convaise UG (haftungsbeschränkt) (in the following Convaise). A use of the internet pages of Convaise is generally possible without any indication of personal data. If a person concerned wishes to make use of special services or services of our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to Convaise. By means of this data protection notice, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection notice informs affected persons about their rights.
Convaise, as the data controller, has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions may have security gaps, so that absolute protection cannot be guaranteed.

Entity responsible for data processing:
Convaise UG (haftungsbeschränkt)
Minervaweg 4
85586 Poing


1. Data protection officer

We have appointed a data protection officer for our company.


2. Provision of the website

Collection of general data and information:

The Convaise website collects a number of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the log files of the server. The following can be recorded:

  • the browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website (so-called referrer),
  • the sub-websites, which are accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an Internet Protocol (IP) address,
  • the Internet service provider of the accessing system
  • and other similar data and information that serve to avert danger in the event of attacks on our information technology systems

When using this general data and information, Convaise will not draw any conclusions about the person concerned. This information is rather required to

  • to deliver the contents of our website correctly,
  • to optimise the contents of our website,
  • to guarantee the permanent functionality of our information technology systems and the technology of our website and
  • to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

These anonymously collected data and information are therefore statistically evaluated by Convaise on the one hand and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

Cookies and Reach measurement:

The website by Convaise does not use cookies. We use the Plausible Analytics service to measure reach on this website. The service is provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (“Plausible”).

By using the service, your browser connects to Plausible’s servers, where certain HTTP header data is stored so that we can track where our visitors come from, what systems they use, and which of our web pages are particularly attractive. We use this information to make our online offering more user-friendly and to measure how successful our marketing campaigns are. The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f of the DSGVO) to operate a modern and attractive presence on the Internet, to track what interests our customers and to make our marketing measures more effective.

The IP address of the user is not stored directly, but anonymized via a separate procedure. We then only receive an aggregated overview. We have concluded an order processing contract with Plausible.

You can find more information about Plausible here:

Legitimate interests in the processing pursued by the controller or third parties

The data listed above is necessary for the provision of our website. Our legal basis is our legitimate interest (Art. 6 para. 1 lit. f of the DSGVO) to present our company in a modern way and to make it available to a broad public. The collected data is technically necessary for us to provide you with an appealing website.

Existence of an automated decision making process:

No automated decision making takes place in the presentation of our websites.


3. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the contact form is thus exclusively based on your consent (Art. 6 Abs. 1 lit. a DSGVO). You can revoke this consent at any time. All you need to do is send an informal message by e-mail to The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation. The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.


4. Privacy policy on the application and use of the Convaise Assistants

Nature and purpose of the processing :

The data entered by you will be processed in order to fill in the forms provided and selected by you with your entered data or to be able to carry out services selected by you. As soon as all necessary data have been collected, the data you have entered, such as your name or address, will be filled in the selected form and stored in it or transferred to the company using Convaise services or products used by the user. The completed form (should there be one in the digital assistant) will then be available to you for 24 hours via a protected and personalized download link.

During the interaction with the digital assistant you have the possibility to ask questions. These will be analysed by us in order to provide you with an automated answer. Since your questions are stored, your questions must not contain any personal data. If a question contains personal data, we will delete it.

Legal basis:

The processing of the data is based on the consent of the user (Art. 6 Abs. 1 lit. a DSGVO).


For the encrypted transmission of messages between the Convaise digital assistant and the user, a service hosted in the EU by Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA (hereinafter Microsoft) is used. Only you, as the person who entered your data via the digital assistant, have access to the filled, encrypted and access-secured PDF form via a personalized download link. If you use a Convaise digital assistant that is used for a company, your entered data will be forwarded to this company. For further information, please contact the respective company.
For the analysis of your queries, we use a Microsoft service hosted in the EU.

Storage duration:

Conversation messages with the digital assistant are deleted after 7 days at the latest and the generated PDF forms are deleted 24 hours after creation. From this time on, access via the personalized download link is also not possible. Your queries may be saved permanently if they do not contain any personal data.

Provision required or necessary:

The provision of your personal data is voluntary. However, we can only process your request correctly if you correctly enter the data required by the respective digital assistant.


5. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purpose for which the data are stored or if provided for by the European Directive and Regulation or any other legislator in laws or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.


6. Rights of the data subject

If the user’s personal data are processed, the user is the person concerned within the meaning of the DSGVO and has the following rights against the person responsible:

6.1 Right of access to information

The user may request a confirmation from Convaise whether personal data concerning him/her is processed by Convaise. If such processing has taken place, the User may request information about the following from any employee of Convaise, e.g. by sending an e-mail to

  • the purposes for which the personal data are processed
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
  • the planned duration of storage of the personal data relating to the user or, if it is not possible to give specific details, criteria for determining the duration of storage;
  • the existence of a right to rectification or cancellation of personal data concerning the user, a right to limit processing by Convaise or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • all available information on the origin of the data, if the personal data are not collected from the data subject
  • the existence of automated decision-making, including profiling in accordance with Art. 22 Abs. 1 and 4 DSGVO and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.

Furthermore, the user has the right to receive a copy of the personal data that is the subject of processing by Convaise.

6.2 Right to correction

You have the right to ask Convaise to correct and/or complete any personal data processed concerning you if it is incorrect or incomplete. Convaise shall make the correction without delay.

6.3 Right to limit processing

Under the following conditions, the user may request the restriction of the processing of personal data concerning him:

  • if the user disputes the accuracy of the personal data concerning him for a period of time that allows the person responsible to verify the accuracy of the personal data
  • the processing is unlawful and the user refuses the deletion of the personal data and requests instead the restriction of the use of the personal data
  • Convaise no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defence of legal claims, or
  • if the user has lodged an objection to the processing pursuant to Art. 21 Abs. 1 DSGVO and it has not yet been established whether the legitimate reasons of Convaise or a third party outweigh his own reasons.

Where the processing of personal data relating to the user has been restricted, such data may be processed, with the exception of storage, only with the user’s consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by Convaise before the restriction is lifted.

6.4 Right of deletion (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the controller the immediate erasure of personal data relating to him/her, where one of the following reasons applies and where the processing is not necessary:

  • The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject withdraws the consent on which the processing was based under Art. 6 Abs. 1 lit. a DSGVO or Art. 9 Abs. 2 lit. a and there is no other legal basis for the processing.
  • The data subject lodges an objection to the processing pursuant to Art. 21 Abs. 1 DSGVO and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 Abs. 2 DSGVO .
  • The personal data were processed unlawfully.
  • The deletion of personal data is necessary to comply with a legal obligation under Union or national law to which the controller is subject.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 Abs. 1 DSGVO .

If one of the above mentioned reasons applies and a data subject wishes to have his/her personal data stored at Convaise deleted, he/she may contact an employee of Convaise at any time, e.g. via e-mail to and he/she will arrange for the deletion request to be complied with immediately. If the personal data has been made public by Convaise and our company is responsible according to Art. 17 Abs. 1 DSGVO , Convaise is obliged to delete the personal data, Convaise will take reasonable measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data, that the data subject has requested from these other data controllers the deletion of all links to these personal data or of copies or replications of these personal data, unless the processing is necessary. The employee of Convaise will take the necessary steps in individual cases.

6.5 Right to data transferability

Every person concerned by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her which have been provided by the data subject to a controller in a structured, common and machine-readable format. He/she also has the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 Abs. 1 lit. a DSGVO or Art. 9 Abs. 2 lit. a DSGVO or on a contract pursuant to Art. 6 Abs. 1 lit. b DSGVO and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data transferability in accordance with Art. 20 Abs. 1 DSGVO , the data subjects have the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons. In order to assert the right to data transferability, the person concerned can contact an employee of Convaise at any time, e.g. via e-mail to

6.6 Right of objection

The user has the right to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out on the basis of Art. 6 Abs. 1 lit. e or f DSGVO ; this also applies to profiling based on these provisions. Convaise shall no longer process the personal data concerning the User after an objection has been made, unless Convaise can demonstrate compelling reasons for processing that are worthy of protection and outweigh the interests, rights, and freedoms of the User, or the processing serves to assert, exercise, or defend legal claims. In order to exercise the right of objection, a user may contact an employee of Convaise UG (haftungsbeschränkt) at any time, e.g. by e-mail to . In order to enable the processing of the objection, the user must identify himself according to his original request.

6.7 Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she is normally resident, or in the Member State in which he/she works, or in the Member State in which the alleged infringement occurred, if he/she considers that the processing of personal data relating to him/her is being carried out in breach of this Regulation. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.


7. Social media appearances

We operate the following social media appearances:

We use these appearances for the purpose of promoting our services and products, our current research and events in which we participate.
The social media platforms described in more detail below collect data on your behaviour and interests when you visit our websites and provide us with a partially anonymous analysis of visitor groups and interactions. This processing of your data is based on our legitimate interest in a better understanding of our target groups in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO.
In addition, the social media platforms may process the data for their own purposes for market research and advertising purposes. Cookies may be stored on your computer which are used to evaluate user behaviour. Other data about your devices, internet connection or location may also be collected and, if necessary, linked to your account. A user profile may be created about you, even if you are not logged on to the social media platforms or do not have an account. These profiles can be used to serve ads customized to you on various platforms. How the social media platforms use the data from the visit of the appearances for their own purposes, how long the social media platforms store this data is not clearly stated by the social media platforms and is not known to us beyond the processing mentioned above.
It may happen that your data is processed outside the European Union when you visit our social media sites.
Overview and information about the platforms used:

  • LinkedIn is a business platform offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland with parent company LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085.
    A data transfer to the USA cannot be excluded. We have entered into a joint responsibility agreement with LinkedIn, which you can access here:
    In summary, LinkedIn declares itself responsible for all processing operations concerning your personal data on the platform. You also declare yourself responsible for implementing the rights of the data subjects. You have the right at all times to assert your rights of privacy and data protection against LinkedIn or us in relation to our LinkedIn site and the page views that appear on it. If you contact us, we will forward your request directly to LinkedIn for response. The LinkedIn privacy policy can be found here:
    If you have an account with LinkedIn, you can adjust your privacy settings at
  • Twitter is a social media platform provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland with parent company Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, California 94103.
    A data transfer to the USA cannot be excluded. The Twitter privacy policy can be accessed here:
    If you have an account on Twitter, you can adjust your privacy settings at
  • Instagram is a social media platform offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”). The data collected about you by Facebook is processed by Facebook Ltd. and may be transferred to countries outside the European Union. We have no insight into the extent to which Facebook exchanges personal data with Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA or other Facebook companies and partners worldwide, i.e. in so-called third countries. A data transmission to the USA cannot be excluded. You can access Instagram’s privacy policy here:
    If you have an account with Instagram, you can adjust your privacy settings at