Privacy policy


Status: 03.06.2024

For us, data protection is very important. It's about your ‘informational self-determination’ and the right to always know what we do with your data, and if you don't like it, to be able to say at any time: ‘Please tell me why you are doing this’, ‘Please leave this alone’ or ‘Please delete this’.

We want to protect your rights and, above all, fulfil a very important principle: Transparency. That's why we ask you to let us know if you see something you don't like. We promise you that we will be happy to take care of it, because we want everyone to enjoy and benefit from our great product, and we don't want this enjoyment to be spoilt by anything.

The ‘Responsible party’ is important so that you know who you are dealing with and who you can contact:

The controller within the meaning of the EU GDPR is

Casablanca.AI GmbH
Habermehlstraße 15
75172 Pforzheim
Germany

Phone: +49 7231 607 44 77

represented by the managing directors Carsten Kraus and Markus Vollmer.
If you have any questions about data protection, just send us an email to: info@casablanca.ai

You can also contact our external data protection officer Frank directly at any time: casablanca@isidas.de
You also have the right to lodge a complaint with a supervisory authority at any time. You can contact the supervisory authority responsible for us here:

Der Landesbeauftragte für den Datenschutzund
die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany

Tel: +49 711 615541 - 0

or via the website
https://www.baden-wuerttemberg.datenschutz.de/

Where and how do we process your data?

First of all, this is not about what data we process from you when you use our product or log in with an account with us.

In this case, we provide the important information as soon as it is relevant to you.
This section is about why we process your data when you visit our website, register, subscribe to our newsletter
or simply ‘surf’.

Firstly, there are:


Cookies and tracking

Some cookies are required for the technology on this site to work. Therefore, it makes sense not to deactivate these cookies. After all, you are here because you want to receive information that we naturally do not want to withhold from you.

Other cookies are more for our curiosity, as we would like to know how often our site is visited, how long you stay where, which points of the website are accessed particularly often, etc. In this way we hope to draw conclusions about how we can improve our website and perhaps also our offers. And of course we also want to measure how successful we are online and whether, for example, certain marketing campaigns or the presentation of awards lead to a ‘run’ on our website.

You can use the cookie consent banner when you visit our site to set yourself how much information you want to give
us in return.

The evaluation of user behaviour is carried out statistically and therefore anonymously. None of this would be worth mentioning if there wasn't a unique IP address that is automatically transmitted as soon as you access a website. With this IP address, you practically leave a ‘footprint’, which could be seen by us or third parties and possibly even used for various purposes; we ourselves have no interest in finding out which specific person is currently accessing information on our website.

This would require elaborate ‘profiling’ with the help of a great deal of ‘big data’, which we do not have, let alone can do - only the large Internet companies, which collate data from a wide variety of sources, can do this. We, on the other hand, only need the statistical data. We can therefore assure you that we do not process any of your personal data at this point.

Then there is our provider, who makes our websites available on the Internet:

Server hosting and log files

The provider of the pages automatically collects and stores information in so-called server log files, which the browser automatically transmits. These are:

- Browser type and browser version.
- Operating system used.
- Link name if the page is accessed via a link elsewhere.
- Host name of the accessing computer.
- Public IP address.- Time of the server enquiry

IP addresses are generally regarded as ‘personal’ and therefore relevant to data protection, as you could be identified under certain circumstances with the help of the date and time and possible information from your access provider. In addition to technical restrictions (‘may not be traceable at all’), high legal hurdles also play a role here, as the disclosure of IP addresses is only possible on suspicion of criminal offences and usually only with a court order.

With so-called ‘static’ IP addresses, it is conceivable that a kind of history can be created using the same (fixed) IP address, cookies and browser logins, which may allow conclusions to be drawn about individual persons. In practice, however, and especially in our case, this is not an option.

Nevertheless, we would like to and must point this out.

Further personal data:

There are five activities on this website through which we may receive personal data from you if you choose to do so:

  1. Registration for the newsletter
  2. Sending application documents for a job with us
  3. Login/registration and download
  4. Contact for the Enterprise solution
  5. Contact for investors by email

Re 1.) Newsletter

We would like to get in touch with you and always send you the latest news by e-mail. If you would like to do this, you can subscribe to the newsletter on our homepage. We need your email address for this, and we would also like to know your first name so that we can address you personally. Your surname is optional.

You should also note that the default settings are ‘German’ and ‘Mac’. If you do not change this, we will assume that you speak German and have a Mac, which will affect the content of our newsletter emails accordingly. You can change this to ‘English’ and/or ‘Windows’. We will then logically receive this personal information from you.

We have set up a so-called double opt-in procedure for the registration process. Before you receive newsletter emails from us, you will receive a request to your entered email address, which you must first confirm. In this way, we can be sure that you are the person who wants to receive this newsletter (and not the annoying neighbour who has simply given us your email address so that you can receive unwanted emails).

We will only use your personal data (i.e. name and email address) for the purpose of sending you the newsletter. You can unsubscribe at any time.

We use ‘MailChimp’ as the service provider for sending emails. You can find additional information on this below in this privacy policy.

Re 3.) Login/registration and download

All we need from you for the download is an email address so that we can create a secure account for you. In order to download, you must register with us and receive login data consisting of your email address and a password of your choice (you can also register directly via ‘Login’ without downloading).

When registering, you consent to the use of your e-mail address for this purpose. Further information (apart from statistical analyses of the frequency of downloads) will not be processed by you at this point.

Pro version: As soon as this function is implemented, we will probably also request payment information from you and process it or have it processed by a payment service provider when you use the paid product. When the time comes, we will of course inform you of this process.

If your e-mail address is used for the newsletter, we will obtain separate consent from you.

By downloading the software from us, you automatically become our customer. It is therefore possible that we may contact you in special cases (e.g. for important updates, new interesting features or information on security). This is then done on the basis of ‘legitimate interest’ in accordance with EU GDPR Art. 6((1)f.

Re 4.) Contact for the Enterprise solution

If you would like to register a company as an Enterprise user, we need a few details from you. This is essentially company data (company name, company address, etc.) and the number of licences required. We would like to know your first name and surname, and in combination with the company name this constitutes personal data worthy of protection.

We assure you that we will process this data in accordance with the EU GDPR and only use it for the business purposes associated with Enterprise use.

 

Re 5.) Contact for investors by email

If you contact us here using the ‘Send mail’ button, the mail client will open on your system. You can then send us an email. We assume that you are aware of the general security of emails and therefore do not write any sensitive information in this email to contact us.

By contacting us in this way, we receive your email address, which is generally considered ‘personal’. We will process it in accordance with data protection regulations.

Mailchimp

We use Mailchimp as a service provider for sending our newsletters and information letters. The following data is passed on for this purpose:

  • Your email address.
  • Your name.
  • The operating system you have specified, as we send specific information
    in our mailings depending on the system used.

A contractual regulation in accordance with the EU GDPR is in place. We do not use any ready-made forms from Mailchimp to collect data, so that no data is transferred in this way. We collect the data via our own form and then only pass on the above-mentioned data required for sending the newsletter.

Mailchimp guarantees GDPR-compliant processing, which of course also includes compliance with the deletion periods. You can find information on GDPR compliance here: https://mailchimp.com/de/gdpr/

We cannot do without Mailchimp for the mailing. So if you do not want the data mentioned to be processed by Mailchimp, you should not subscribe to our newsletter. If you have already done so and no longer wish to do so, you can either unsubscribe via the ‘unsubscribe’ link in an email you receive, or simply send us an informal email to info@cassablanca.ai with a request to delete the information.

Personio

We use Personio to facilitate applications in a secure way. We do this because applications by email are not secure enough. Personio is a service provider of ours. As soon as you click on an application link on our website, you will be redirected to a page managed by us at this provider. This is therefore an external link.

Personio is a company based in Germany. Here is their imprint: https://www.personio.de/impressum/.

You can find the general privacy policy here
https://www.personio.de/datenschutzerklaerung/

Personio assures GDPR compliance and we have no reason to doubt this. Once you are on Personio's site to enter your application data, you can access the appropriate privacy policy, which has been created by Personio using the information we have provided.

The following text should appear above the buttons (links) that lead to Personio: (The underlined words ‘Privacy Policy’ should then be highlighted with the appropriate link, i.e. the first https://www.casablanca.ai/privacy and the second https://casablanca.jobs.personio.com/privacy-policy?language=de

The buttons for the application are links to an external site. This is Personio, where you can enter your application information. You can find more information on this in our privacy policy. You can access a further privacy policy directly on the Personio website once you have followed the link there.

Imprint

This legal notice applies to all websites operated by Personio, as well as the web-based software. The information is provided in accordance with § 5 TMG.

Microsoft Azure / Django Application

To manage and analyse our customer data, we use a so-called Django application that runs via Microsoft Azure. This makes Microsoft a kind of ‘hosting’ provider for us. Microsoft itself is not involved in the active processing of the data, but only ‘passively’ provides the tools. However, the processing by us takes place on Microsoft servers. Microsoft has joined the EU-US Data Privacy Framework and has certified and committed itself to secure processing in accordance with EU standards. To the best of our current knowledge, we assume that our (and therefore your) data cannot be viewed or processed by unauthorised persons.

The data concerned is the email address, name and optionally the operating system used, language preference and/or any company name provided.

As data protection is an important issue for us, we can assure you that we are constantly aware of all developments at Microsoft and, in particular, technical measures to secure databases and regularly re-evaluate them.

Social Media

As you can easily recognise on the left-hand side of our homepage, we are active on several social media platforms. Here we offer further information and maintain a community. Important for you: We have not implemented any plugins for these platforms on our website. This means that no data is collected by companies such as Meta or X in the background. This is technically impossible.

The icons on the right-hand side of the screen are merely links to the platforms. As long as you do not click on them, the social media will not ‘know’ that you are on our website. As soon as you click here, you will be taken to the respective platform. In this case, the platform receives the information that you are coming from the Casablanca website and also your IP address.

Everything else then depends on your further behaviour on the platform. If you already have an account with one of these platforms, it can be assumed that you will be identified via this account and the origin of your visit (‘Casablanca’) will be linked to your profile as information. We have no influence on what happens on the platforms.

Then it also fits in:

Liability for external links

Our website contains links to external third-party websites over whose content we have no influence. Therefore, we cannot accept any liability for this third-party content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognisable at the time of linking.

However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, we will remove such links immediately.

Your data subject rights

Last but not least, here are the key legal principles that you can exercise at any time. This applies regardless of whether you are a customer, prospective customer, former customer or simply a visitor to our website.

You have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing as well as the right to correct, block or delete this data at any time.

This is regulated by the so-called ‘rights of data subjects’ of the EU GDPR, namely Articles 15 to 21. Here is a brief overview:

  • Right to information (Article 15): you have the right to information as to whether, which and for what purpose we process your personal data.

  • Right to rectification (Article 16): If we process incorrect data about you, you naturally have the right to have this corrected immediately.

  • Right to Erasure (Article 17): You can request at any time that we delete all data we hold about you, provided there are no other legal obligations that prevent deletion (e.g., billing data must be retained for up to 10 years for fiscal reasons). If you are no longer our customer or the purpose of processing your data no longer applies for other reasons, we will automatically delete the affected data in accordance with the regulated legal retention periods.
  • Right to Restriction (Article 18): If you believe we are using your data incorrectly, you can request at any time that we restrict processing until the matter is fully clarified.
  • Obligation to Inform (Article 19): If we delete or rectify your data, you have the right to be informed about it.
  • Right to Data Portability (Article 20): You have the right to have data we have collected from you transferred to another recipient, should you wish so.
  • Right to Object (Article 21): Any consent you have previously given (e.g., for the newsletter) can be withdrawn at any time without providing a reason.

Finally

We aim to offer you a product that is both enjoyable and genuinely valuable. We earn money through the quality of our product and the associated paid services. We have no interest in—and see no need for—making money from your data.
Data protection is therefore an integral part of our efforts. We view this as another positive aspect of our actions and hope to have earned your trust with our explanations. Our goal is for you to understand that we are not focused on your data, but on ensuring that you feel good using our software, so that you remain a long-term and loyal customer.

Legal
ImprintData Protection
Company
ContactInvestorsMedia
Du hast dich erfolgreich für E-Mail Updates eingetragen.
Oops! Something went wrong while submitting the form.
© Copyright Casablanca.AI GmbH