Privacy Policy
Last updated: 11 May 2026
1. Introduction
easy.bi GmbH ("we", "us") takes the protection of your personal data seriously. This Privacy Policy informs you about how we process your data when you visit https://www.easy.bi.
We comply with the EU General Data Protection Regulation (GDPR), the German Digital Services Act (DDG, formerly TMG), and all applicable data protection legislation.
2. Data Controller
easy.bi GmbH
Hongkongstrasse 1
20457 Hamburg
Germany
Representative: Christian Kaspar
Phone: +49 40 228599 600
Email: info.de@easy.bi
Registration: Hamburg District Court, HRB 147702
3. Data We Collect
Data you provide to us
When you submit a contact form, newsletter signup, careers application, or schedule a call via TidyCal, we collect the data you enter (typically name, email, optional phone, message content, and any attachments you choose to send).
Data collected automatically (server logs)
Our hosting provider (Netlify) automatically records technical request data for security and operational purposes:
- IP address (shortened or pseudonymised where applicable)
- Browser type, version, operating system
- Referrer URL and requested URL
- Date and time of access
We do not link this data to individual visitors.
Data collected via cookies and analytics (consent-based)
If you give consent via our cookie banner, our analytics and marketing tools may record pageviews, clicks, scroll depth, session recordings, and device/browser metadata. See section 5 for the exact list.
4. Legal Basis for Processing
- Art. 6 (1) (a) GDPR — consent: all non-essential cookies and analytics tools (Google Analytics 4, Microsoft Clarity, Ahrefs Analytics, GTM marketing tags) are only loaded after you accept them in the cookie banner.
- Art. 6 (1) (b) GDPR — contractual / pre-contractual: processing your contact form, booking, or careers application so we can respond and potentially enter into a service agreement with you.
- Art. 6 (1) (f) GDPR — legitimate interest: server log files for security, integrity, and basic operations; essential cookies needed for site functionality and consent storage.
- Art. 6 (1) (c) GDPR — legal obligation: retention of business correspondence and tax-relevant records under German commercial and tax law (e.g. § 257 HGB, § 147 AO).
5. Cookies and Tracking Technologies
We use cookies and similar technologies to provide and analyse our website. You can manage your preferences via the cookie banner; click the "Cookie Settings" link in the footer to change them at any time. A full cookie declaration is provided inside the Cookiebot banner.
Strictly Necessary
| Cookie / Storage | Provider | Purpose |
|---|---|---|
| CookieConsent | Cookiebot (Cybot A/S, Denmark) | Stores cookie consent state for up to 12 months |
| theme | easy.bi (first-party) | Stores your light/dark theme preference (localStorage) |
Statistics (consent required)
| Cookie | Provider | Purpose |
|---|---|---|
| _ga, _ga_* | Google Analytics 4 (Google Ireland Ltd.) | Aggregated traffic and conversion analytics. IP anonymisation enabled. |
| _clck, _clsk, MUID | Microsoft Clarity (Microsoft Corp.) | Anonymous session recordings and heatmaps for UX research. |
| analytics.ahrefs.com cookies | Ahrefs Analytics (Ahrefs Pte. Ltd.) | Aggregated traffic measurement for SEO performance analysis. |
Marketing / Tag Management (consent required)
| Service | Provider | Purpose |
|---|---|---|
| Google Tag Manager | Google Ireland Ltd. | Tag and consent orchestration container. Does not store cookies itself; loads other tags after consent. |
6. Third-Party Services and Subprocessors
We rely on the following processors (Art. 28 GDPR). Transfers to third countries (outside EU/EEA) are covered by the EU Standard Contractual Clauses ("SCCs") and, where applicable, supplementary technical measures.
| Service | Purpose | Location |
|---|---|---|
| Netlify, Inc. | Website hosting and CDN | USA (SCCs in place) |
| Cookiebot (Cybot A/S) | Cookie consent management | EU (Denmark) |
| Google Ireland Ltd. (GA4, GTM) | Analytics and tag management | EU contracting entity; data may be processed in USA (SCCs in place) |
| Microsoft Corp. (Clarity) | Session recordings and heatmaps | USA (SCCs in place) |
| Ahrefs Pte. Ltd. | Web analytics for SEO | Singapore (SCCs in place) |
| Make Lemonade Ltd. (TidyCal) | Meeting scheduling | USA (SCCs in place); only loaded when you click a booking CTA |
| Sentry | CSP violation reporting (no personal data) | USA (SCCs in place) |
7. Data Retention
- Contact form submissions: stored as long as needed to handle your request, then up to 3 years for follow-up. Tax-relevant correspondence is retained for 6–10 years (§ 147 AO, § 257 HGB).
- Server log files: typically 14–30 days, after which they are deleted or aggregated.
- Analytics cookies (consent-based): retention is determined by each provider — typically 14 months (GA4), 12 months (Clarity), 12 months (Ahrefs).
- Consent records: kept up to 12 months (Cookiebot default) to demonstrate compliance.
8. Your Rights Under GDPR
You have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time, without affecting prior processing
To exercise any of these rights, email info.de@easy.bi.
Right to lodge a complaint (Art. 77 GDPR): You may file a complaint with a supervisory authority. For us, the competent authority is the Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit (HmbBfDI). Current contact details are available at datenschutz-hamburg.de.
9. Security
The site is served over TLS (HTTPS) with HSTS preload. We apply Content-Security-Policy headers, modern cookie attributes, and regular dependency reviews. While no internet transmission is fully secure, we use commercially reasonable safeguards to protect your data.
10. Right to Object to Advertising
We hereby object to the use of contact data published in our imprint for sending unsolicited advertising and information material. We expressly reserve the right to take legal action in the event of unsolicited spam.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version always carries the "Last updated" date shown at the top.