← Back to home

Privacy Policy

This privacy policy describes how claiverly GmbH processes personal data in connection with this website and our consulting, software engineering and automation services.

1. Controller

claiverly GmbH
Am See 1a
01067 Dresden
Germany

Email: privacy@claiverly.com
Website: https://claiverly.com

2. Who this privacy policy applies to

This privacy policy applies in particular to:

  • visitors to our website
  • contact persons at prospective customers, customers, partners and suppliers
  • persons who communicate with us by email, contact form, support channels or appointment requests
  • persons whose data is processed in the context of project execution, support and customer care

3. Our data protection role

We process personal data partly as a controller and partly as a processor.

As a controller, we act in particular when processing data in connection with our website, contact requests, pre-contractual communications, contract execution, billing, security, support and our own product and service information.

Where we process personal data on behalf of a customer, this is done under the customer's instructions and on the basis of a separate data processing agreement.

4. Sources and categories of personal data

We receive personal data:

  • directly from you, for example when you contact us, request a meeting, or submit support requests
  • from our customers or their authorized users in the course of project collaboration
  • from connected systems and tools that are used in a project context
  • automatically when our website is used, for example via log files and device and usage data

Depending on the use case, we process in particular the following categories of data:

  • master and contact data, for example name, company, role, email address and phone number
  • contract, billing and communication data
  • technical usage, device, log and diagnostic data
  • project-related content, for example requirements, documentation, tickets and support communication

5. Please do not send sensitive data unless necessary

Please do not send us special categories of personal data within the meaning of Art. 9 GDPR via free-text fields, emails, support channels or requests unless this is strictly necessary and legally safeguarded. This includes, in particular, health data, biometric data, information about racial or ethnic origin, political opinions, religion, trade union membership or sex life.

If processing of such data is required for a specific project, this must be assessed separately in advance, legally validated and configured appropriately from a technical and organizational perspective.

6. Purposes and legal bases of processing

Where we rely on Art. 6(1)(f) GDPR, our legitimate interests are in particular the secure, stable and efficient operation of the website and our services, handling requests, support and customer care, abuse and fraud prevention, error analysis and further development of our offering, as well as the assertion, safeguarding or defense of legal claims.

6.1 Access to the website, hosting and server log files

When you visit our website, we process technically necessary connection and usage data.

  • Data processed: IP address, date and time of access, pages accessed, referrer, browser type, operating system, device information and log data.
  • Purposes: delivery of the website, stability, attack detection, abuse prevention, error analysis and system security.
  • Legal bases: Art. 6(1)(f) GDPR; where individual processing operations are required to provide requested functions, additionally Art. 6(1)(b) GDPR.

6.2 Technically required cookies, session storage, local storage and consent management

We use technically necessary storage technologies to provide the website in a functional and secure manner. This may include cookies, session storage, local storage or comparable technologies.

  • Data processed: language settings, security tokens, consent information and comparable technical entries.
  • Purposes: provision of core functions, recognition of settings, protection of forms and management of your privacy preferences.
  • Legal bases: Art. 6(1)(f) GDPR and, where contract-related functions are used, Art. 6(1)(b) GDPR.

Where we use non-essential analytics, marketing or third-party content, this is done only after your selection in the consent banner or on the basis of any other required consent.

You can manage, restrict or delete cookies and other local storage items in your browser settings. However, this may limit certain functions of the website.

6.3 Contact requests, meetings and pre-contractual communication

If you contact us, request a meeting or discuss a project with us, we process the information you provide in order to handle the respective request.

  • Data processed: name, company, contact details, appointment data, information about your use case and free-text details.
  • Purposes: responding to requests, carrying out pre-contractual measures, organizing meetings and quality assurance.
  • Legal bases: Art. 6(1)(b) GDPR insofar as processing serves pre-contractual steps or a service requested by you; otherwise Art. 6(1)(f) GDPR.

6.4 Newsletter, product information and service notices

If you sign up for a newsletter or consent to comparable product communication, we process your contact details and proof of your consent. We may also send existing customers contract-related service, security and product information where this is required for use of the service or otherwise legally permissible.

  • Data processed: name, email address, company, consent status, double opt-in records and interaction data insofar as such data is collected when messages are sent.
  • Purposes: sending newsletters, release notices, security-related communications and other product-related information.
  • Legal bases: Art. 6(1)(a) GDPR for consent-based newsletters; Art. 6(1)(b) or (f) GDPR for necessary service communication.

6.5 Contract execution, project delivery and support

We process the data required to deliver agreed services, execute projects and provide support.

  • Data processed: project and contract data, contact details, communication history, support tickets, technical error descriptions and related documentation.
  • Purposes: delivery of services, project management, support, quality assurance and fulfillment of contractual obligations.
  • Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

6.6 Billing, payment processing and accounting obligations

Where paid services are used, we process the data required for invoicing, payment and accounting.

  • Data processed: billing address, company and tax data, contract data, service periods, payment status, transaction references and, where applicable, data of external payment service providers.
  • Purposes: billing, receivables management, compliance with statutory retention and documentation obligations.
  • Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR and, where necessary, Art. 6(1)(f) GDPR for the assertion or defense of claims.

6.7 Security, abuse prevention, monitoring and service improvement

We process technical event, diagnostic and usage data in order to ensure the secure and stable operation of our systems and to further develop our services.

  • Data processed: system and error logs, diagnostic information, usage and event data, status messages, security-related logs and pseudonymized evaluations.
  • Purposes: detection and remediation of disruptions, abuse prevention, monitoring, capacity planning, quality assurance, further development and protection of our systems.
  • Legal bases: Art. 6(1)(f) GDPR and, where directly necessary for contract performance, Art. 6(1)(b) GDPR.

6.8 Optional analytics, marketing and embedded third-party content

Where we use optional analytics or marketing technologies on the website, social media functions, embedded videos, maps, external font libraries, appointment booking services or comparable third-party content, such content is loaded or activated only if the required consent has been given.

Once such content is activated, your browser may establish a direct connection to the servers of the respective third-party provider. Depending on the provider, the access may be associated with an existing profile if you are logged in there at the same time. We have influence over the subsequent data processing by the respective third-party provider only to the extent resulting from the specific integration of the service.

  • Data processed: IP address, browser and device data, page views, interactions, referrer, consent status and cookie-like identifiers.
  • Purposes: analytics, campaign evaluation, optimization of the website, integration of external content and improvement of user guidance.
  • Legal bases: Art. 6(1)(a) GDPR.

7. Recipients and categories of recipients

We disclose personal data only where this is necessary for the respective processing, legally required or based on an appropriate legal basis. Recipients may include, in particular:

  • hosting, infrastructure and CDN service providers
  • support, CRM, ticketing, appointment-booking, email and newsletter service providers
  • analytics, monitoring and security service providers
  • AI and cloud service providers where required for contracted services
  • payment service providers, banks, accountants and tax advisors
  • debt collection, legal advisory and other service providers for the enforcement or defense of receivables and legal claims
  • courts, authorities or other bodies where we are legally obliged to do so or need to assert or defend legitimate claims

Where we use external service providers, we select them carefully, restrict data access to what is necessary and, where required, enter into data processing agreements with them. Personal data is not sold and is not disclosed for independent third-party advertising purposes.

8. Third-country transfers

Some of our service providers may process data outside the EU or EEA.

Where an adequacy decision of the European Commission exists for a third country, we rely on that decision for transfers.

If no adequacy decision exists, we use appropriate safeguards, in particular standard contractual clauses approved by the European Commission, and implement additional protective measures where necessary. Further information on the safeguards relevant in each case is available upon request, provided that no confidentiality interests prevent this.

9. Retention period

We store personal data only for as long as necessary for the respective purpose. The following criteria are particularly relevant:

  • website and security logs: generally only for short periods as required for operation, stability and incident analysis
  • cookie, consent and preference data: until the purpose no longer applies, the relevant storage expires, or your selection is changed
  • contact and sales data: until the request has been fully handled and beyond that only insofar as follow-up communication, pre-contractual activity or statutory retention obligations require this
  • contract and project data: for the duration of the contractual relationship and thereafter until statutory retention and limitation periods expire
  • billing and payment data: in accordance with commercial and tax retention obligations
  • support, error analysis and security data: as long as necessary for handling, documenting and defending against disruptions or claims

Backups are overwritten or deleted with a time delay.

10. Obligation to provide data

Providing personal data merely for visiting our website is generally voluntary. However, without certain technical data the website cannot be delivered or protected against attacks.

For project requests, contract execution, support and billing, we require certain information. If this information is not provided, we may be unable to provide the requested service in whole or in part.

Where processing is based solely on your consent, providing the relevant data is voluntary. Without this consent, certain optional functions, third-party content, marketing measures or communication channels may be unavailable in whole or in part.

11. Your rights

Subject to the applicable legal requirements, you have the right to:

  • access to the personal data we process
  • rectification of inaccurate data or completion of incomplete data
  • erasure, provided no statutory or other legitimate reasons prevent this
  • restriction of processing
  • data portability, where the relevant requirements are met
  • object to processing based on legitimate interests
  • withdraw consent with effect for the future

You may object to direct marketing at any time.

If you withdraw consent, the lawfulness of the processing carried out before the withdrawal remains unaffected.

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the competent authority may be the supervisory authority at your habitual residence, place of work or the place of the alleged infringement.

To exercise your rights, simply send a message to privacy@claiverly.com. If we process data exclusively on behalf of a customer, we will forward your request to the responsible customer or support the customer in handling it.

12. No solely automated decisions within the meaning of Art. 22 GDPR

Where we act as controller ourselves, we do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, unless we inform you of this separately and there is a valid legal basis or your explicit consent.

13. Data security

We implement appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access and unlawful disclosure. Depending on the risk, these measures include, in particular, access restrictions, pseudonymization, encryption during transmission and storage, role-based permissions, logging, backups, and recovery and security review procedures.

14. Changes to this privacy policy

We may amend this privacy policy if legal, technical or business conditions change. The version published at the relevant time shall apply.

As of: March 31, 2026