Covytra
EN DE

Privacy Policy

How we process personal data when you use this website.

1. Controller and contact

The controller responsible for processing personal data on this website is:

Covytra
Frank Gosch
Imstedt 29
Hamburg, Germany

Email: hello@covytra.com
Phone: +49 40 740 780 54

If you have any questions about this privacy policy or about how we handle personal data, you can contact us using the details above.

We are currently not legally required to appoint a data protection officer. For all data protection queries, please use the contact details provided.

2. Scope of this privacy policy

This privacy policy explains how we process personal data when you:

  • visit this website,
  • contact us by email, phone, or contact form,
  • send us a short voice message via the website.

It applies in particular under the EU General Data Protection Regulation (GDPR) and the UK GDPR, where relevant.

3. Legal bases for processing

We process personal data only where permitted by law. Depending on the situation, the relevant legal bases are in particular:

  • Art. 6(1)(a) GDPR - consent (for example, where you actively agree to optional processing),
  • Art. 6(1)(b) GDPR - performance of a contract or steps prior to entering into a contract (for example, when you contact us with project enquiries),
  • Art. 6(1)(f) GDPR - legitimate interests (for example, to operate and secure our website, answer general enquiries, or defend legal claims).

Where we rely on legitimate interests, we only do so after assessing that our interests do not override your fundamental rights and freedoms.

4. Visiting our website: server logs

When you access this website, technical data is automatically collected by our hosting provider (for example IONOS or a comparable provider). This includes:

  • IP address,
  • date and time of access,
  • pages viewed and files requested,
  • amount of data transferred,
  • referrer URL (previous page visited),
  • browser type and version,
  • operating system and device type.

This log data is processed to ensure the technical operation, stability, and security of the website, e.g. to detect faults or attacks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a secure and stable website).

Log data is usually stored for a short period and then deleted or anonymised, unless a longer retention is required for security or evidential purposes.

5. Cookies and similar technologies

Our website may use cookies or similar technologies.

  • Essential cookies: These are required to operate the site and provide basic functions (for example, remembering language preferences or maintaining a session during form submission). They are set on the basis of Art. 6(1)(f) GDPR (legitimate interest in a functional website).
  • Analytics (Google Analytics 4): loads only after you give consent in the CMP (opt-in). Purpose: usage measurement and site improvements. Legal basis: your consent (Art. 6(1)(a) GDPR).

You can configure your browser to block or display cookies. Blocking essential cookies may impair some functions of the website. You can withdraw analytics consent at any time by clearing the analytics consent cookie or reopening the CMP and choosing Reject.

6. Contacting us (email, phone, contact form)

If you contact us by email, phone, or via the contact form, we process the data you provide (for example, name, company, contact details, and message content) in order to respond to your enquiry.

The exact data depends on what you choose to provide. Required fields in the form are marked accordingly.

Legal basis:

  • Art. 6(1)(b) GDPR, where the enquiry is related to a contract or to pre-contractual steps, and
  • Art. 6(1)(f) GDPR for general enquiries (legitimate interest in answering queries about our services and business).

We store contact enquiries for as long as necessary to process your request and, where applicable, to comply with legal retention obligations (for example under commercial or tax law).

7. Voice messages / audio notes

You may optionally send us a short voice message via a recording feature integrated into the contact form. In this case we process:

  • your audio file,
  • the metadata transmitted with it (for example, time of recording, file type),
  • the information you provide in the contact form.

To convert voice messages into text, we may use specialised service providers (for example, speech-to-text / AI services). These providers act as processors on our behalf and are contractually bound in accordance with Art. 28 GDPR.

Depending on the provider, processing may take place in the EU/EEA and, in some cases, in third countries such as the USA. In such cases we ensure an adequate level of data protection, for example through standard contractual clauses approved by the European Commission or equivalent safeguards under UK GDPR.

Legal basis:

  • Art. 6(1)(b) GDPR if the voice message relates to a contract or pre-contractual steps, and
  • Art. 6(1)(f) GDPR for general enquiries (legitimate interest in offering flexible contact options).

We store audio files and transcriptions only for as long as necessary to process your request and in accordance with legal retention periods.

8. Service providers and recipients of data

We use external service providers to operate and maintain this website and to provide our services. These include in particular:

  • hosting and infrastructure providers,
  • email and telecommunication service providers,
  • IT support and maintenance providers,
  • speech-to-text / AI providers for processing voice messages.

These service providers process personal data solely on our instructions and are bound by contractual data processing agreements under Art. 28 GDPR.

In addition, data may be transferred to third parties where we are legally obliged to do so (for example to authorities) or where this is necessary to establish, exercise, or defend legal claims.

9. International data transfers

Where we use service providers outside the EU/EEA or the UK, or where data is accessed from such countries, an adequate level of data protection is ensured by one of the following safeguards:

  • an adequacy decision by the European Commission or the UK government, or
  • standard contractual clauses approved under EU or UK law, combined with additional technical and organisational measures where necessary.

You may contact us for more information and copies of the safeguards used.

10. Storage periods

We store personal data only for as long as necessary for the purposes described in this policy or as required by statutory retention periods.

In particular:

  • server logs: usually a few weeks, unless data is needed longer for security or evidential purposes,
  • contact enquiries (including voice messages): as long as needed to process your request and, if applicable, for the duration of statutory retention periods (often 6 or 10 years for business correspondence),
  • data related to contracts: for the duration of the contractual relationship and the applicable statutory retention periods.

Once the relevant period expires, the data is deleted or anonymised.

11. Your rights as a data subject

Subject to the legal conditions, you have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR) - to obtain confirmation as to whether we process your data and to receive a copy,
  • Right to rectification (Art. 16 GDPR) - to have inaccurate or incomplete data corrected,
  • Right to erasure (Art. 17 GDPR) - to have data deleted where certain grounds apply,
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR) - to receive data you have provided in a structured, commonly used, and machine-readable format where processing is based on consent or a contract and carried out by automated means,
  • Right to object (Art. 21 GDPR) - to object, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR (legitimate interests). In particular, you may object at any time to the use of your data for direct marketing.

To exercise your rights, please contact us using the contact details given above.

12. Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority, in particular:

  • the data protection authority responsible for your habitual residence or workplace, or
  • the authority responsible for our registered office.

In Germany, this is for example the competent state data protection authority (e.g. Hamburg Commissioner for Data Protection and Freedom of Information). In the UK, this is the Information Commissioner's Office (ICO).

13. Obligation to provide data

You are not legally obliged to provide personal data when using this website. However, some functions require certain data in order to operate (for example, contact details in the contact form). If you do not provide this data, we may not be able to respond to your request.

14. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, and alteration. These measures are continuously improved in line with technological developments.

However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

15. Changes to this privacy policy

We may update this privacy policy from time to time, for example to reflect changes in law or in our processing activities. The current version is always available on this website.

Analytics consent

We use Google Analytics to understand how our site is used. Analytics only loads after you accept. Privacy policy