Privacy Policy
Information on the handling of personal data
We are very pleased with your interest in our website – and thereby in our company. Protecting your private rights and freedoms is important to us; we only use your data for the intended purposes. Since it is important to us that you are always informed about the extent to which we collect, use, and, if applicable, transmit your data to third parties, we provide comprehensive information below regarding the processing of your personal data collected by us or stored with us.
Visiting our website is generally possible without providing (personal) data; if exceptions apply for selected services, we will explain these in the following chapters. We strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other applicable data protection regulations when processing personal data.
Name and address of the data controller
CLOUDYRION Gesellschaft mit beschränkter Haftung
Okay Güler
Kesselstraße 3
40221 Düsseldorf
Germany
Phone: +49 (0)211 94251211
Email: info@cloudyrion.com
Website: https://cloudyrion.com
Name and address of the data protection officer
Mr. Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster
Germany
Phone: +49 (0) 2 51 – 95 20 37 – 40
Data protection team for general inquiries:
Team Email: dsb.cloudyrion@cortina-consult.de
Website: https://www.cortina-consult.com
Update of the privacy policy
To ensure up-to-date data protection information in connection with the services on our website, we use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24, 48155 Münster. The content of our privacy policy is hosted on Cortina Consult’s servers and centrally managed. Necessary changes are promptly implemented by Cortina Consult and immediately reflected on our website through direct integration.
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides comprehensive rights for data subjects in Chapter III, which we explain below in relation to the processing of your personal data:
Right to information
This primarily concerns details of the data processing, such as:
- Purposes of the processing
- Categories of data
- Recipients or categories of recipients, if applicable
- Planned storage duration or criteria for determining this duration
- Right to rectification, deletion, restriction, or objection
- Right to lodge a complaint with a supervisory authority
- Source of data (if not collected from you)
- Existence of automated decision-making, including profiling, and meaningful information about the logic involved, significance, and potential consequences
- Transmission to a third country or international organization, if applicable
Right to rectification
If any of your data is inaccurate, we will correct it immediately upon being informed of the issue.
Right to deletion („right to be forgotten“)
If the processing is no longer necessary, and one of the following conditions is met:
- The processing purpose no longer applies
- You withdraw your consent without any other legal basis for processing
- You object to the processing, and there are no overriding legitimate grounds
- The processing was unlawful
- The data must be deleted to fulfill a legal obligation
- Data was collected in accordance with Art. 8(1) GDPR
Right to restriction of processing
This applies if:
- You dispute the accuracy of the data (restriction applies during our investigation)
- The processing was unlawful, but you oppose deletion
- The data is no longer needed, but you require it to assert, exercise, or defend legal claim
- You have objected under Art. 21(1) GDPR, and the balance of interests is under review
Right to data portability
Where technically possible and without affecting the rights and freedoms of others, we will transfer your data to another controller upon your request.
Right to object
If we process your personal data based on Art. 6(1)(e) or (f) or Art. 9(2)(a) GDPR, you have the right to object to the processing at any time (with future effect). Exceptions may apply, for example, if we demonstrate compelling legitimate grounds that override your interests, or the processing serves the establishment, exercise, or defense of legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time, including to profiling linked to such marketing. You also have the right to object to processing for scientific, historical research, or statistical purposes under Art. 89(1) GDPR unless the processing is necessary for the public interest.
Automated individual decision-making, including profiling
If we collect or process personal data from you, you have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affects you legally or similarly. Exceptions apply if the decision is necessary for the performance of a contract or if you have explicitly consented. In any case, we will ensure appropriate measures to safeguard your rights, including the right to human intervention, expression of your viewpoint, and challenging the decision.
Right to withdraw consent
You have the right to withdraw consent to data processing at any time.
Right to lodge a complaint with a supervisory authority
You can find a list of competent supervisory authorities in Germany on the Federal Data Protection Commissioner’s website or via this link: https://www.bfdi.bund.de/DE/Service/Kontakt/Kontaktfinder/kontaktfinder_node.html.
General Information on Data Processing on the Website
The following information applies to the data processing on our website in general. If there are any deviations or additions to these details, they will be described in the respective sections.
Information on Data Security
We protect our website and other systems through technical and organizational measures against loss, destruction, access, modification, or dissemination of your data by unauthorized persons. Additionally, we have implemented SSL encryption (SHA256) on our website to safeguard your data. Despite regular checks, complete protection against all risks is not possible.
Legal Basis for Processing
We process personal data in accordance with the provisions of the GDPR, depending on the type and purpose of the processing as follows:
| Legal Basis | Provision under the GDPR |
|---|---|
| Informed Consent | Art. 6(1)(a) GDPR |
| Fulfillment of a Contract | Art. 6(1)(b) GDPR |
| Execution of Pre-Contractual Measures | Art. 6(1)(b) GDPR |
| Compliance with Legal Obligations | Art. 6(1)(c) GDPR |
| Protection of Vital Interests | Art. 6(1)(d) GDPR |
| Legitimate Interest | Art. 6(1)(f) GDPR |
Our Legitimate Interest
Our legitimate interest as defined in Article 6(1)(f) GDPR is based on conducting our business activities to maintain our operational functionality and secure the employment of our staff.
General Retention Periods for Data Deletion
After the purpose for data storage ceases to exist, the retention periods are generally at least six to ten years. Data deletion is carried out promptly according to our deletion concept, unless there is an obligation to retain, a necessity for contract fulfillment, or a legitimate interest in keeping the data.
Deletion or Blocking of Personal Data
We only store your personal data for the period necessary to fulfill the specified purpose. After the purpose ceases to exist and after any applicable retention periods have expired, your data will be promptly deleted. If deletion is not possible, the data will instead be blocked.
Collection of General Data and Information
When you visit our website, our web server collects some general data and technical information, as outlined in the table below:
Collected Data
| Data Collected | Purpose of Collection |
|---|---|
| Browser types and versions used | Correct display of website content |
| Operating system, referrer (e.g., Google), clicked subpages | Optimization of our website content and advertising |
| Date and time of website access, IP address, and Internet Service Provider of the visitor | Ensuring the continuous functionality of our IT systems (for website operation) and preventing misuse |
| Other data and information for threat prevention in case of attacks | Providing relevant information to law enforcement authorities in the event of a cyber attack |
Obligation to Provide Personal Data
In certain circumstances (e.g., due to legal or contractual regulations), you may be required to provide us with your personal data. Examples of such processing are as follows:
| Type/Purpose of Processing | Necessity |
|---|---|
| Conclusion of a purchase contract (e.g., your address) | Fulfillment of contractual obligation (e.g., delivery of goods to your address) |
| Employment context (e.g., submission of data to the tax authorities) | Compliance with legal obligations (e.g., tax regulations) |
Information on Data Security
We protect our website and other systems through technical and organizational measures against loss, destruction, access, modification, or dissemination of your data by unauthorized persons. Additionally, we have implemented SSL encryption (SHA256) on our website to safeguard your data. Despite regular checks, complete protection against all risks is not possible.
Information on Specific Data Processing on the Website
Where applicable, deviations from or additions to the general information mentioned above are detailed below regarding individual data processing on our website.
Applications and Application Process
| Purpose of Processing | Applicant data is collected, processed, and used for the selection of potential employees. |
|---|---|
| Legal Basis (according to Art. 6 / 9 GDPR) | Execution of pre-contractual measures (Art. 6(1)(b)) |
| Recipients (if data is shared) | Data will not be shared with third parties or transmitted to a third country. |
| Intention to transfer data to a third country or international organization (incl. info on adequacy decisions or appropriate safeguards) | No transfer is planned. |
| Data Retention Period | The personal data of applicants who are not hired will be retained for the required period (up to 6 months) for possible legal claims (e.g., under the General Equal Treatment Act (AGG)) and then deleted. |
| Obligation to provide personal data (e.g., due to legal or contractual requirements) | To ensure a smooth application process, it is necessary for you to truthfully provide the required information. |
| Consequences of non-compliance (if data is not provided) | Failure to provide the required data may result in the inability to conclude an employment contract with you. |
| Existence of automated decision-making | We do not use automated decision-making in this context. |
| Source of data (if not directly collected from the data subject) | Data is generally collected from the applicant but may also come from third parties. |
| Categories of personal data (if not collected directly from the data subject) | Basic information, contact details, application data |
| Change of purpose | If you are employed following the application process, the purpose of data processing changes to the execution and maintenance of the employment relationship. |
Contact Form
| Purpose of Processing | Processing and possibly responding to the form sender’s request |
|---|---|
| Legal Basis (according to Art. 6 / 9 GDPR) | Execution of pre-contractual measures (Art. 6(1)(b)) |
| Recipients (if data is shared) | Data will not be shared with third parties or transmitted to a third country. |
| Intention to transfer data to a third country or international organization (incl. info on adequacy decisions or appropriate safeguards) | Data transfer to a third country is not planned. |
| Data Retention Period | See „General Data Deletion Deadlines“ |
| Obligation to provide personal data (e.g., due to legal or contractual requirements) | No obligation exists. |
| Consequences of non-compliance (if data is not provided) | None |
| Existence of automated decision-making | We do not use automated decision-making in this context. |
| Source of data (if not directly collected from the data subject) | Data is collected from the form submitter. |
| Categories of personal data (if not collected directly from the data subject) | Data and categories as requested in the form. |
| Change of purpose | None |
Cookies
Our website uses cookies, which are small text files stored on your computer by your web browser (e.g., Google Chrome, Safari, Firefox, Edge). These cookies serve various purposes: many are technically necessary to provide specific website functions (e.g., shopping cart functions, storing your login information), while others are used to ensure the security of your data or the website, and some may be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID – a unique identifier, consisting of a string of characters, which allows the allocation of web pages and servers to the storing browser.
Cookies necessary for the transmission of a message over a public telecommunications network and those strictly required to provide you with a specific function you have explicitly requested are considered „technically necessary cookies“ and may be set without your explicit consent (§ 25(2) TDDG). All other cookies require your consent (§ 25(1) TDDG), which may be managed through our consent management platform.
We use cookies for varying durations: some only for the time spent on the website, others for a predefined period, and some permanently. You can delete all these cookies manually or automatically via your web browser at any time.
Using our services is possible (although with limited functionality) without cookies. Most browsers are set to accept cookies automatically. However, you can disable cookie storage or configure your browser to notify you whenever cookies are
hCaptcha
| Purpose of Processing | This is a service used by website owners to protect their sites from bots, spam, and abuse. |
|---|---|
| Legal Basis (according to Art. 6 / 9 GDPR) | Legitimate interest (Art. 6(1)(f)) |
| Recipients (if data is shared) | Intuition Machines Inc., 2211 Selig Dr, Los Angeles, CA 90026, United States |
| Intention to transfer data to a third country or international organization (incl. info on adequacy decisions or appropriate safeguards) | United States of America |
| Data Retention Period | See general data deletion deadlines |
| Obligation to provide personal data (e.g., due to legal or contractual requirements) | Due to necessity |
| Consequences of non-compliance (if data is not provided) | None |
| Existence of automated decision-making | We do not use automated decision-making in this context. |
| Source of data (if not directly collected from the data subject) | Data is collected from the data subject. |
| Categories of personal data (if not collected directly from the data subject) | User-Agent, IP address, browser, Internet service provider, date and time of access |
| Change of purpose | None |
Polylang
| Purpose of Processing | Translation of website content. |
|---|---|
| Legal Basis (according to Art. 6 / 9 GDPR) | Legitimate interest (Art. 6(1)(f)) |
| Recipients (if data is shared) | WP SYNTEX LLC, 28 Allée Jean Sébastien Bach (38090) VILLEFONTAINE, France, https://polylang.pro/privacy-policy/ |
| Intention to transfer data to a third country or international organization (incl. info on adequacy decisions or appropriate safeguards) | Data is not transferred to a third country. |
| Data Retention Period | See general data deletion deadlines |
| Obligation to provide personal data (e.g., due to legal or contractual requirements) | None |
| Consequences of non-compliance (if data is not provided) | None |
| Existence of automated decision-making | We do not use automated decision-making in this context. |
| Source of data (if not directly collected from the data subject) | Data is generally collected from the data subject but may also come from third parties. |
| Categories of personal data (if not collected directly from the data subject) | No personal data is stored or processed by the service. |
| Change of purpose | None |
| Cookies | Name: pll_language, Domain: Local cookies, Retention period: 1 year |
Mapbox
| Purpose of Processing | Display of maps |
|---|---|
| Legal Basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6(1)(a)) |
| Recipients (if data is shared) | MapBox Inc., 740 15th St NW Suite 500, Washington, DC 20005, United States of America, https://www.mapbox.com/legal/privacy |
| Intention to transfer data to a third country or international organization (incl. info on adequacy decisions or appropriate safeguards) | United States of America |
| Data Retention Period | See general data deletion deadlines |
| Obligation to provide personal data (e.g., due to legal or contractual requirements) | None |
| Consequences of non-compliance (if data is not provided) | None |
| Existence of automated decision-making | We do not use automated decision-making in this context. |
| Source of data (if not directly collected from the data subject) | Data is generally collected from the data subject but may also come from third parties. |
| Categories of personal data (if not collected directly from the data subject) | Date and time of visit, device type, geographic location, IP address, referrer URL, usage data, randomly generated identifiers, browser information, access method, device operating system, date and time of the request, user interaction data |
| Change of purpose | None |