The protection of your personal data is important to Nter.ai (“we”). We would like to inform you in detail below about the type, scope and purpose of the personal data we collect, use and process when you visit our website and use our platform, apps, offers (“services”).
1. RESPONSIBLE FOR PROCESSING
1.1 Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Nter.ai (Tom Krause Beteiligungsgesellschaft mbH) Geibelstraße 24a, c/o Tom Krause 22303 Hamburg, Germany, Website: www.nter.ai
Represented by the managing director: Tom Krause can be reached at the above address or by: Telephone: +49 1791324407 Email: tom@nter.ai
1.2 Name and address of the data protection officer
The data protection officer of the person responsible is: Tom Krause, Geibelstraße 24a, 22303 Hamburg
2. PROCESSING OF DATA WHEN USING OUR ONLINE OFFERS
2.1 Affected data
When you visit our website, access our platform or other services offered online, a series of general data and information is collected with each visit. These general data and information are stored and processed by us or third parties. The following data can be collected: - the date and time of access - the frequency and duration of access to our website - the browser types and versions used - the operating system used by the accessing system - an Internet protocol address (IP address) - the amount of data transferred by the Internet service provider of the accessing system - other similar data and information that serves to avert danger in the event of attacks on our information technology systems - the website from which our website was accessed (referrer URL) - data, which you voluntarily transmit to us
2.2 Processing purpose
We use the data we collect to achieve the following purposes in particular: - to correctly display texts and fonts on our website - to distinguish whether a contact request comes from a natural person or is done automatically using a program - to access ours on external websites to draw attention to attractive offers- to display ads that are relevant and interesting to our users- to improve reports on campaign performance and to achieve a fair calculation of advertising costs- to provide certain functionalities, e.g. display and calculation of routes and locations- to be able to show videos to our users - to organize and analyze the collection of surveys
2.3 Legal basis (Art. 6 Abs. 1 lit. f DSGVO)
Our legitimate interest lies in particular: - in the analysis, evaluation, optimization and the economical and secure operation of our website - in protecting the transmission of forms and the information entered therein in the user-friendly design of our offers.
2.4 Duration of data storage
The duration of data storage depends on the legal retention requirements and is usually 10 years. Some data is automatically deleted as soon as the respective request has been completed and there is no other legal reason for further storage.
2.5 Disclosure to third parties and other recipients
In certain cases, Nter.ai passes on data to third parties, who in turn may store data on their servers. Third parties can be divided as follows: IT service providers; External support service providers; For public bodies, priority legal regulations are required, such as from the financial or customs authorities in accordance with Article 6 (1) (c) GDPR. In addition, our employees or the employees of allied companies are recipients of data if this is necessary for the above-mentioned purposes. In the event that Nter.ai enters into a joint venture with other companies, acquires companies, sells them to other companies or merges, we will also pass on your data to those involved (e.g. target companies, owners, consultants, new business partners). We would like to point out that the The third party providers may be located outside the European Union (EU) and the European Economic Area (EEA). To this end, Nter.ai takes appropriate measures to comply with the requirements of the GDPR and, in particular, to ensure that the personal data processed are protected in the same way as if they had been processed within the EU or EEA.
2.6 Use of cookies
We use cookies on our website and on the platform. Cookies are small text files that are stored in your browser's cache and enable us to recognize your browser over a certain period of time. A cookie usually contains information about the website, a unique name for recognition, additional data that serves the purpose of the cookie and the lifespan of the cookie itself. Some cookies are technically necessary for the use of our website. If used without analytical cookies, this may lead to limitations in the functions and user-friendliness of our offering. We only use non-essential cookies if you have actively agreed to their use. Active consent can be given in the cookie notice displayed when visiting the website. The consent is logged and a corresponding cookie is set. You can change or revoke your previously given consent to the use of non-essential cookies on our website at any time. You can also restrict or deactivate the use of cookies at any time in your browser settings.
2.6.1 Purpose of use
Cookies are used to enable certain features (e.g. login), track site usage (e.g. analytics), store your user preferences (e.g. time zone, notification preferences) and personalize your content (e.g. advertising, language).
2.6.2 Types of cookies
The following types of cookies may be used on our website, which are either set by us and can only be accessed by us (first-party cookies) or which are set by third parties (third-party cookies), such as: Analytics provider or content partner. With third-party cookies, the third-party provider also has access to selected information in order to carry out the appropriate data processing on our behalf: Necessary cookies: These cookies are necessary and are always used so that you can navigate comfortably on our website and use special functions, e.g. B. when accessing areas with password protection. Without these cookies we cannot provide certain services you have requested. We also use necessary cookies to clearly identify and log access to our website. This is done to ensure the secure delivery of our services. Statistics cookies: Statistics cookies help us understand how our visitors interact with the website by collecting and reporting information anonymously. The use of such cookies is optional and dependent on your prior consent. Marketing cookies: Marketing cookies (also known as “tracking cookies”) are used to follow visitors to our website. The intention is to show content and advertising on partner websites based on pseudonymized data that is relevant and appealing to the individual visitor.
2.6.3 Legal basis
We differentiate between technically necessary cookies and analysis and marketing cookies. The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR. Our legitimate interest is the operation of our platform and securing the platform against unauthorized use. To use analysis and marketing cookies, we need your consent in accordance with Article 6 (1) (a) GDPR.
2.6.4 Duration of data storage
The duration of data storage depends on the legal retention requirements and is usually 10 years. Some of the cookies we use are deleted after you close your browser (session cookies). Other cookies remain on your device and are deleted as soon as they are no longer required for processing, or the time defined in the respective cookie has expired (persistent cookies).
2.7 Processing of your IP address by the web server
For technical reasons, services on the Internet can only be used by disclosing your IP address. This is processed by the web servers that deliver these websites. The processing for the delivery of our websites is not carried out anonymously. IP addresses are unique numerical addresses that your computer uses to retrieve or send data to the Internet. As a rule, we do not know who is behind the respective IP address; we cannot normally assign the data to a person we can specifically identify. Exception: While using our website, you provide us with your name, email address or other data that allows us to identify you. This occurs, for example, when registering as a user of our platform. Furthermore, your identification may occur if we take legal action against you (e.g. in the event of attacks against our website or server) and we become aware of your identity as part of the investigation. The temporary storage of the IP address by the system is necessary to enable our pages to be delivered to your computer. To do this, your IP address must remain stored for the duration of the session or beyond.
2.7.1 Legal basis
The processing of your IP address is based on Art. 6 Para. 1 lit. f GDPR; our legitimate interest is the operation of our platform, as well as the detection and defense of misuse and technical attacks.
2.7.2 Duration of data storage
The IP addresses will be deleted after 60 days at the latest.
2.8 Automatic collection of technical data (server log files)
Every time our platform is accessed, our system automatically collects data and information from the computer system of the accessing computer. This data is automatically transmitted from your browser to our web server; we cannot stop this.
2.8.1 Legal basis
The server log files are processed on the basis of Art. 6 Para. 1 lit. f GDPR; our legitimate interest is the operation of our platform as well as the detection and defense of misuse and technical attacks.
2.8.2 Duration of Data Storage
The server log files will be deleted after 60 days at the latest.
2.9 Encrypted transmission
In the case of online collection and processing of personal data, the information is transmitted in encrypted form (via https) to prevent misuse of the data by third parties. All data you enter on our pages is transmitted to us in encrypted form so that it is protected from being viewed by third parties. Our website automatically enforces encrypted transmission of all content throughout. Encryption technologies that correspond to the current state of the art are used. The security measures are continually revised in line with technological developments.
3. THIRD-PARTY PROVIDERS
3.1 HubSpot
We use HubSpot to manage customer relationships. The provider is HubSpot, Inc, 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g. websites visited, interest in content, access times), content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the EU and the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in managing data in a simple and inexpensive way.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
The data will be deleted if the purpose of its collection no longer applies and there are no retention obligations to the contrary. Further information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy
3.1 Vector Database Pinecone
In order to use an efficient vector search, data that is explicitly set up by us as "Additional data" is vectorized. In this process, the information is sent via the API of Open AI (see point 3.9.4.) in order to vectorize it. This step is called embedding. The vectors that are to be saved for searching are stored with the provider Pinecone. The Pinecone database we have chosen is located at Amazon in Europe and is also GDPR-compliant. The provider is Pinecone Systems, Inc. with registered office at 548 Market St, PMB 19327, San Francisco, CA 94104-5401, United States of America. The provider processes the data uploaded by the user and stores it on cloud servers. In addition, meta/communication data (e.g. device information, IP addresses) may also be processed.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is carried out on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
The data will be deleted if the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at https://www.pinecone.io/privacy/
3.2 Frontend Provider Vercel
To provide the website and the user interface within the nter.ai application, we use a service that provides the front end. The provider is Vercel Inc. with registered office at 440 N Barranca Ave #4133 Covina, CA 91723, United States of America. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing takes place on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
The data will be deleted if the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at https://vercel.com/legal/privacy-policy
3.3 Google Cloud Services
3.3.1 Introduction
Nter.ai uses the Google Cloud Services Infrastructure including firebase as the backend provider.
This Data Privacy Policy ("Policy") outlines how Nter.ai collects, uses, and shares your data within Google Cloud Services and Firebase ("Services"). This Policy applies to all individuals who interact with our App Services at https://app.nter.ai.
3.3.2 Data Collection
We collect data from you when you use our Services, including: Information you provide directly to us, such as when you create an account, sign up for a service, create prompts, configurations, data buckets, prompt resukt evaluations and invite other users. Information we collect automatically when you use our Services, such as your IP address, browser type, device type, and operating system. Information we collect from other sources, such as public databases and third-party partners.
3.3.3 Data Usage
We use your data to provide and improve our Services, including: Providing and managing your account and services. Providing customer support. Developing and improving our Services. Sending you marketing and promotional communications. Personalizing your experience with our Services.
3.3.4 Data Sharing
We share your data with third parties in the following limited circumstances: We share data with our affiliates and business partners who help us provide and improve our Services. We share data with third-party service providers who help us operate and maintain our Services. We share data with law enforcement or other government agencies when required by law or to protect our rights or the rights of others.
3.3.5 Data Security
We take reasonable measures to protect your data from unauthorized access, use, disclosure, alteration, or destruction. These measures include: Implementing physical, technical, and administrative security safeguards. Limiting access to your data to authorized personnel. Regularly reviewing our security practices.
3.3.6 Data Retention
We retain your data for as long as necessary to provide our Services and comply with our legal obligations. We may also retain your data for a longer period if necessary to resolve disputes, enforce our agreements, or comply with legal requirements.
3.3.7 Data Access and Control
You have the following rights regarding your data: Access: You can request access to your data that we collect and process. Correction: You can request that we correct any inaccuracies in your data. Deletion: You can request that we delete your data under certain circumstances. Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format. Objection: You can object to our processing of your data under certain circumstances. You can exercise these rights by contacting us at tom@nter.ai
Further information can be found in the provider's privacy policy at
https://cloud.google.com/privacy?hl=de
3.4 Large Language Models (LLMs)
We currently use the following LLMs to offer the use of the nter.ai service:
- Open AI
- Mistral AI
- Google Vertex AI
- Meta AI
- Aleph Alpha
These LLMs are only used when using and after registering for the services of nter.ai. The use of language models is essential for the proper use of the software we offer. The providers process usage data (e.g. user content and input or communication content) and meta/communication data (e.g. device information, IP addresses) in the USA or the European Union, depending on the LLMs’ jurisdiction.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing takes place on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
The data will be deleted if the purpose of its collection no longer applies and there is no obligation to retain it. Further information can be found in the providers’ privacy policy at:
https://openai.com/policies/privacy-policy
https://mistral.ai/privacy-policy
https://cloud.google.com/privacy
https://www.facebook.com/privacy/genai/
https://aleph-alpha.com/de/datenschutz/
4.0 Changes to our privacy policy
We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The current data protection declaration applies to every visit to the website.