Introduction
Protecting your personal data is a top priority for us at Coala AI. We process your data solely in accordance with applicable legal regulations, particularly the General Data Protection Regulation (GDPR). This privacy policy aims to inform you about the type, scope, and purpose of personal data processing, as well as your rights as the data subject.
Scope
This data privacy policy applies to visitors of our website, individuals contacting us through electronic means, and users of our chatbot.
Data Controller
Coala AI GmbH
c/o BIBA – Bremer Institut für Produktion und Logistik GmbH
Hochschulring 20
28359 Bremen
Germany
contact@coala-ai.de
Data, Purpose, and Legal Basis
|
Data
|
Purpose
|
Legal Basis
|
|---|---|---|
|
Contact details
|
Marketing
|
Your consent, Art. 6(1)(a) GDPR
|
|
Inquiries submitted through our website or via email
|
Responding to inquiries and providing support
|
Legitimate interest, Art. 6(1)(f) GDPR
|
|
Usage data via cookies and analytics tools
|
Efficient operation, optimization, and user experience improvement of our website
|
Consent (Art. 6(1)(a) GDPR) for non-essential cookies; Legitimate interest (Art. 6(1)(f) GDPR) for technically necessary cookies
|
|
Conversation data from chatbot
|
Providing the chatbot service; analyzing conversations to improve services, support sales, and optimize the website
|
Legitimate interest, Art. 6(1)(f) GDPR
|
Cookies and Tracking Technologies
We use cookies and similar technologies on our website. Cookies are small text files stored on your device to ensure functionality, security, personalization, and analysis.
- Essential cookies: Necessary for the technical operation of the site and cannot be disabled.
- Functional cookies: Help improve usability and personalization.
- Analytics cookies: Allow us to analyze website usage and optimize performance.
- Marketing cookies: Used to deliver relevant advertising and understand effectiveness.
We don’t use a cookie banner because we do not use functional, analytics, or marketing cookies.
The legal basis for essential cookies is our legitimate interest under Art. 6(1)(f) GDPR.
Recipients of Personal Data
Your data will only be shared with third parties if:
- it is necessary to fulfill a contract,
- you have given explicit consent,
- we are legally obligated to do so, or
- we use third-party service providers (e.g., hosting, analytics, communication tools) bound by data processing agreements.
Data Processing by Third Parties
This website is hosted on Amazon Web Services EMEA (AWS) within the European Economic Area (EEA). For details, see AWS Data Processing Addendum.
We also use Google Ireland Limited for communication and collaboration services (Google Workspace). Processing agreements with Google comply with GDPR requirements; see details here.
If data should ever be transferred to countries outside the EEA, this will occur only on the basis of EU adequacy decisions or the implementation of standard contractual clauses approved by the European Commission.
Data Retention Duration
We retain personal data only as long as necessary to fulfill the purposes set out in this policy or as required by statutory retention obligations. Once these periods expire, your data will be permanently deleted or anonymized.
Rights as Data Subject
Under GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR)
- Right to Rectification (Art. 16 GDPR)
- Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR)
- Right to Restrict Processing (Art. 18 GDPR)
- Right to Data Portability (Art. 20 GDPR)
- Right to Object to Processing (Art. 21 GDPR)
- Right to Withdraw Consent (anytime, without affecting prior lawful processing)
- Right to Lodge a Complaint with a supervisory authority (Art. 77 GDPR), particularly in your country of residence.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against loss, misuse, or unauthorized access, such as encryption, access control, regular backups, and monitoring of security incidents.
