Data protection is of particular importance to Minerics.
This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online offer and the associated websites, functions, and content (hereinafter collectively referred to as "Online Offer" or "Website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used to execute the online offer.
The responsible party within the meaning of the General Data Protection Regulation (GDPR), other applicable data protection laws in the member states of the European Union, and other provisions with data protection implications is:
Minerics UG (haftungsbeschränkt)
Schellingstr.18
70794 Filderstadt
Germany
Phone: +49 711 327 04 15
Email: hey@minerics.de
Website: https://insightgrid.app
Our privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our aim is to make the privacy policy easy to read and understand for both the public, our customers, and business partners. To ensure this, we would like to explain the terms used in advance.
The terms such as "personal data" or their "processing" are defined in Article 4 of the GDPR. In this privacy policy, we use, among others, the following terms:
If we obtain consent from the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If the processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party, and this interest is not overridden by the interests, fundamental rights, and freedoms of the data subject, Article 6(1)(f) of the GDPR serves as the legal basis for processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this has been provided for by European or national legislation in Union regulations, laws, or other provisions to which the controller is subject.
Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract
To ensure that personal data cannot be read, copied, altered, or removed by unauthorized persons during electronic transmission, transport, or storage on data carriers, we use an encryption method in accordance with Article 9 of the GDPR that complies with the current state of technology.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data may be collected:
This data is also stored in the log files of our system. However, this data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. Additionally, the data helps us to optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this is when the session ends. In the case of data stored in log files, this typically occurs after seven days. It is possible for the data to be stored beyond this period. In this case, the IP addresses of the users are anonymized, so that it is no longer possible to associate the data with a specific user.
The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. As a result, the user has no right to object to this collection.
Based on our legitimate interests, we use cookies on this website. Cookies are text files that are stored in the user's internet browser or on the user's computer system by the internet browser. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a unique string that allows the browser to be identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can still be identified after a page change.
We also use cookies on our website that allow for the analysis of users' browsing behavior.
The following data may be transmitted in this way:
The user data collected in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When accessing our website, users are informed via an information banner about the use of cookies and referred to this privacy policy. Users are also informed how they can prevent the storage of cookies in their browser settings.
When accessing our website, the user is informed about the use of cookies, and their consent for the processing of personal data used in this context is obtained. In this context, users are also referred to this privacy policy.
7.2. Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes, provided that the user has given their consent, is Article 6(1)(a) of the GDPR.
The purpose of using technically necessary cookies is to make the use of websites easier for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser can be recognized even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles.
We need cookies for the following applications:
The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used, enabling us to continuously optimize our offerings.
These purposes also represent our legitimate interest in processing personal data according to Article 6(1)(f) of the GDPR.
Cookies are stored on the user's computer and transmitted to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.
8.1. Scope of Data Processing
We use Plausible Analytics, an open-source web analytics tool provided by Plausible Analytics OÜ, Västriku tn 2, 50403, Tartu, Estonia based in the European Union, for tracking and analyzing the traffic on our website. Plausible Analytics does not use cookies and does not collect any personal data or personally identifiable information. All data collected is aggregated and anonymized, ensuring that no individual visitor can be identified.
8.2. Purpose of Data Processing
The purpose of using Plausible Analytics is to gain insights into the overall trends of our website traffic, helping us to improve our website and enhance user experience. Plausible Analytics is used solely to track general website usage metrics, such as the number of visitors, pages viewed, and referral sources, without collecting any data that could identify individual users.
8.3. Legal Basis for Data Processing
The processing of data through Plausible Analytics is based on our legitimate interest in optimizing and improving our website, as permitted under Article 6(1)(f) of the GDPR. Since Plausible Analytics does not track or store personal data and does not use cookies, no explicit user consent is required under GDPR or other privacy regulations.
8.4. Data Storage and Processing Location
All data collected by Plausible Analytics is hosted on servers located in the European Union, specifically in Falkenstein, Germany, and managed by Hetzner, a European cloud service provider. Plausible Analytics also uses Bunny, a European-owned provider based in Slovenia, for content delivery and DDoS protection. This ensures that all website data remains within the EU and is subject to the GDPR's strict data protection laws.
8.5. No Data Sharing or Selling
Plausible Analytics does not share, sell, or transfer your website data to any third parties. The data is not monetized or used for behavioral advertising. You retain full ownership and control of your website data, which can be deleted at any time.
8.6. Minimized Data Collection
Plausible Analytics collects only the most essential data points, including page views, referral sources, and interactions, all in aggregate form. It does not track users across different devices, websites, or sessions, ensuring complete privacy for our website visitors
9.1. Scope of Personal Data Processing
We use the ChatGPT service, provided by OpenAI, Inc 3180 18th Street, San Francisco, CA 94110, USA, for automated text generation, assistance in answering queries, and the processing of uploaded documents utilized in the provision of our services. Personal data may be processed during the use of this service, particularly in the following cases:
9.2. Purpose of Data Processing
The use of ChatGPT is intended to provide and improve the user experience, answer inquiries, assist in document processing (e.g., analysis, translation, text generation), and optimize our services. Uploading documents or other media types (including video or audio files) enables us to process specific information efficiently and respond to individual customer requests.
9.3. Processing of Uploaded Documents
Uploaded documents or other media types (including video or audio files) are used solely for the purpose of providing the requested services. The contents of the documents are only utilized within the ongoing conversation to generate appropriate responses or provide necessary information. No content from the uploaded documents or other media types is permanently stored unless required by legal obligations.
9.4. Legal Basis for the Processing of Personal Data
The processing of data is based on your consent (Art. 6 (1) (a) GDPR). This includes both the use of the ChatGPT service and the uploading of documents and other media files. By uploading documents or other media types such as video or audio files and using the ChatGPT function, you consent to the processing of your data for the purposes outlined here.
9.5. Data Retention and Deletion
Data transmitted via ChatGPT and uploaded documents as well as other media types are stored for the duration of the conversation. After the conclusion of the conversation, the data and documents will be deleted unless there are legal obligations to retain them. Technical metadata will only be retained for as long as necessary for statistical or technical purposes.
9.6. Disclosure of Data
Data transmitted through ChatGPT and uploaded documents will not be shared with third parties unless required to fulfill legal obligations. The ChatGPT service is provided by OpenAI. OpenAI is contractually obligated to process personal data, including data in uploaded documents, in compliance with GDPR regulations.
9.7. Right of Withdrawal and Objection
You have the right to withdraw your consent to the processing of data and uploaded documents at any time. You also have the right to object to the processing of your personal data and documents in the context of using ChatGPT at any time. The withdrawal or objection can be made by sending us a corresponding message or by ceasing to use ChatGPT. Upon withdrawal or objection, all uploaded documents and transmitted data will be deleted unless legal obligations for retention exist.
We use the services of Hetzner Online GmbH Feringastraße 12A 85774 Unterföhring Deutschland, a German-based cloud service provider, for the hosting and storage of data related to our website and services. Hetzner’s data centers are located in Germany, ensuring that all data is processed and stored within the European Union, in compliance with the General Data Protection Regulation (GDPR).
Hetzner processes personal data on our behalf, including but not limited to website usage data, customer information, and communication logs, necessary for the functionality and security of our website and services. Hetzner does not access or use this data for its own purposes, and the data is only processed according to our explicit instructions, as per the terms of our Data Processing Agreement (DPA) with Hetzner.
The data processing by Hetzner is essential for the provision of our services, including the hosting of our website, the storage of personal data in secure servers, and ensuring the availability and security of our digital infrastructure. This ensures a seamless and safe user experience on our platform.
The legal basis for processing personal data through Hetzner’s cloud services is Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the stable and secure operation of our website and related services. Additionally, if we process personal data in the context of contracts, the legal basis for such processing is Art. 6 (1) (b) GDPR (performance of a contract).
All personal data processed by Hetzner is stored on servers located in Germany, which are operated and managed by Hetzner Online GmbH. These data centers comply with strict European data protection laws, ensuring that your data remains within the European Union and is protected by the high standards set out in the GDPR. Hetzner implements state-of-the-art security measures, including encryption and physical security controls, to safeguard your personal data.
For more information on Hetzner’s data privacy practices, please refer to their privacy policy at https://www.hetzner-cloud.de/datenschutz.
We offer Google Login (Single Sign-On - SSO), a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as an authentication method for accessing our services. By using Google Login, you can sign in to our platform using your existing Google account credentials, which simplifies the registration and login process.
When you use Google Login, Google LLC shares certain personal data with us, including your name, email address, and profile picture as part of the authentication process. No further data is collected without your consent, and we do not have access to your Google account credentials. The data we receive from Google is used solely for account creation and authentication purposes on our platform.
The use of Google Login is intended to provide a convenient and secure login process for our users, allowing you to access our services using your existing Google account. This helps to improve the user experience by eliminating the need to remember separate login credentials.
The legal basis for the processing of personal data through Google Login is Art. 6 (1) (a) GDPR (consent), as you explicitly grant permission for the transfer of personal data from Google when choosing to log in using this method. You may withdraw your consent at any time by unlinking your Google account from our service.
The personal data provided via Google Login is processed and stored on secure servers within the European Union. We take appropriate measures to ensure that this data is handled in compliance with GDPR and only for the purposes of authentication and account management.
Google acts as a separate data controller for its own services. The provider of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Login, you are subject to Google’s privacy policy, which you can review at https://policies.google.com/privacy. We do not share the data received via Google Login with any third parties, except where required by law.
We use the services of Neon Inc. for the secure storage and management of personal data collected through our website and services. Neon acts as a data processor on our behalf, ensuring that personal data is handled securely and in compliance with the General Data Protection Regulation (GDPR).
As our database we use Neon provided by Neon Inc. , 209 Orange Street, City of Wilmington, County of New Castle, Delaware 19801, USA, processes personal data that we collect, including user account information, contact details, and other relevant data necessary for the functioning of our services. The provider processes this data solely on our instructions and does not use it for any other purposes.
The use of Neon ensures the secure storage, retrieval, and management of personal data, allowing us to provide our services efficiently and reliably. Their infrastructure is critical to the ongoing functionality and security of our data systems.
The processing of personal data through Neon is based on Art. 6 (1) (f) GDPR (legitimate interest), which is our interest in ensuring the secure and stable operation of our data infrastructure. In cases where personal data is processed in the context of contracts, the legal basis is Art. 6 (1) (b) GDPR (performance of a contract).
All personal data processed by Neon is stored on secure servers located in Frankfurt, Germany. This ensures compliance with GDPR’s stringent data protection standards. The provider also implements industry-standard security measures, including encryption and access controls, to protect your personal data.
For more information about Neon data privacy practices, please refer to their privacy policy at https://neon.tech/privacy-policy
If personal data concerning you is being processed, you are a "data subject" within the meaning of the GDPR, and you have the following rights against the controller:
You have the right to request confirmation from the controller as to whether personal data concerning you is being processed.
If such processing is occurring, you have the right to request information from the controller about the following:
You also have the right to request information on whether your personal data has been transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR regarding the transfer.
You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed by the controller. The controller must make the correction without undue delay.
You have the right to request the restriction of the processing of your personal data under the following circumstances:
If processing has been restricted, this data—except for its storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If the restriction of processing has been implemented under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
You have the right to request the immediate deletion of personal data concerning you, and the controller is obliged to delete this data without undue delay if one of the following reasons applies:
If the controller has made the personal data concerning you public and is obligated to delete it pursuant to Article 17(1) GDPR, the controller shall, considering available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, such personal data.
The right to erasure does not exist insofar as processing is necessary:
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to communicate this rectification, erasure, or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, where:
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for these purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.
You also have the right, for reasons arising from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR.
Your right to object may be limited to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impair it, and the limitation is necessary for the fulfillment of the research or statistical purposes.
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing—including profiling—that has legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions must not be based on special categories of personal data as referred to in Article 9(1) of the GDPR unless Article 9(2)(a) or (g) of the GDPR applies and suitable measures to protect your rights and freedoms and legitimate interests have been taken.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged will inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.