Privacy Policy
This Privacy Policy explains how personal data is processed when you visit our website echoryflow.com (the “website”). It applies to the website only. Processing within our product (the Echory platform) is governed by the relevant contractual agreements and our technical and organisational measures. This is a convenience English translation; the German version (Datenschutz) is authoritative.
1. Controller
The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Echory GmbH
Graf-Adolf-Platz 15
40213 Düsseldorf
Germany
Phone: +49 176 8223 5304
E-mail: hello@echoryflow.com
Further company details are available in our Legal Notice. We have not appointed a data protection officer, as there is no legal obligation to do so. For all data protection matters, please use the contact details above.
2. General
Personal data is any information relating to an identified or identifiable natural person. We process personal data only where necessary and on the basis of a legal permission. Please note that data transmission over the internet (e.g. by e-mail) can have security gaps; complete protection of data against access by third parties is not possible.
3. Your rights
In relation to your personal data you have the following rights:
- Access to the data stored about you (Art. 15 GDPR),
- Rectification of inaccurate data (Art. 16 GDPR),
- Erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Data portability (Art. 20 GDPR),
- Withdrawal of a given consent with effect for the future (Art. 7(3) GDPR),
- Objection to processing (Art. 21 GDPR, see separate notice below).
To exercise your rights, an informal message to the contact details in section 1 is sufficient.
Right to object (Art. 21 GDPR)
Where we process your data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation. Where your data is processed for direct marketing, you have the right to object at any time without giving reasons; your data will then no longer be used for those purposes.
Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The authority competent for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany
www.ldi.nrw.de
4. Hosting
We host our website with an external provider, Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA (“Vercel”). Our website is served from servers in the Frankfurt am Main region (EU).
When you access our website, Vercel processes, on our behalf, technical access data that your browser transmits automatically, in particular:
- IP address of the requesting device,
- date and time of access,
- page/file requested and amount of data transferred,
- browser type and version, operating system,
- referrer URL (previously visited page).
This processing is necessary for the technically correct, secure and stable provision of the website. The legal basis is our legitimate interest therein (Art. 6(1)(f) GDPR). We have concluded a data processing agreement with Vercel (Art. 28 GDPR). For more information, see Vercel’s privacy policy: vercel.com/legal/privacy-policy. For information on transfers to third countries, see section 9.
5. Fonts (locally hosted)
For a consistent appearance we use the “Plus Jakarta Sans” typeface. The font files are embedded locally on our own servers. Accessing the website therefore does not establish any connection to third-party servers (such as Google Fonts or a content delivery network), and no personal data is transmitted to third parties in this respect.
6. Cookies and tracking
Our website sets no cookies and uses no analytics, tracking or advertising technologies and no third-party pixels. Your usage behaviour is not analysed. As we use no technologies requiring consent, no cookie banner is required. Further details are set out in our Cookie Policy.
7. Early Access / Demo request (form)
Via the form on our “Request Early Access” page you can request access or a demo. We process the data you provide: first and last name, business e-mail address, company, team size and role.
Purpose: handling your request
We process the above data to handle your request, contact you and prepare and set up the requested access or demo. The legal basis is the performance of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR) and our legitimate interest in handling enquiries effectively (Art. 6(1)(f) GDPR). Handling your request does not depend on any consent to marketing communication.
Optional consent to marketing contact
If you tick the separate, non-pre-selected box, we will also process your contact data to inform you by e-mail and/or telephone about Echory products, features and offers. The legal basis is your consent (Art. 6(1)(a) GDPR; for e-mail marketing in conjunction with § 7 UWG). This consent is voluntary and can be withdrawn at any time with effect for the future, e.g. informally by e-mail to hello@echoryflow.com. The lawfulness of processing carried out before withdrawal remains unaffected.
Processing of form data / recipients
Form data is transmitted via a serverless function operated by us at our host Vercel (processed in the Frankfurt region, EU; see section 4). The submitted data is then stored in Notion, where we use it to handle and manage your request. The provider is Notion Labs, Inc., 2300 Harrison St, 2nd Floor, San Francisco, CA 94110, USA, which we engage as a processor (Art. 28 GDPR). As Notion processes personal data in the USA, a transfer to a third country may occur; it is safeguarded by appropriate guarantees (see section 9).
Your data remains with us until the purpose for storage ceases (e.g. after your request has been handled), you ask us to delete it, or you withdraw a given consent. Mandatory statutory retention periods remain unaffected.
8. Contact by e-mail or telephone
If you contact us by e-mail or telephone, we process your information to handle your request. The legal basis is Art. 6(1)(b) GDPR where your request relates to the performance of a contract or pre-contractual measures, otherwise our legitimate interest in handling the request (Art. 6(1)(f) GDPR). We delete the data once it is no longer required for the purpose; mandatory statutory retention periods remain unaffected.
9. Recipients and transfers to third countries
Recipients of personal data in connection with this website are exclusively the processors named in this policy: Vercel (hosting and form transmission, section 4) and Notion (storage of form/lead data, section 7). We disclose data to other third parties only where legally required or where you have consented.
Where personal data is transferred to a country outside the European Economic Area (in particular the USA), we base such transfer on appropriate safeguards within the meaning of Art. 44 et seq. GDPR, in particular the EU Standard Contractual Clauses and – where applicable – certification under the EU-US Data Privacy Framework. You may request a copy of the safeguards from us.
10. Storage period
Unless a more specific period is stated in this policy, we process personal data only for as long as necessary for the relevant purpose. Thereafter the data is deleted, unless statutory retention obligations (e.g. under commercial or tax law) apply.
11. SSL/TLS encryption
For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the address bar beginning with “https://” and a lock symbol.
12. Validity and changes to this policy
This Privacy Policy is currently valid. As our website develops or legal requirements change, it may become necessary to amend it. The version published here applies in each case.