Privacy Notice

As of: 09/2025

In this privacy notice, we inform you about the processing of personal data and about the access and storage of information on your device when using our website.

1. Controller and contact person

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is: StratifAI GmbH Großenhainer Str. 98 01127 Dresden Germany Email: privacy@stratifai.comIn exceptional cases, we are jointly responsible for specific data processing with other controllers: We and LinkedIn process business page insight data on our social network page as joint controllers, whereby LinkedIn is contractually responsible to fulfill the data subject rights and we will forward your requests. More information can be found in this privacy notice.

2. Data protection officer

If you have any questions about data protection in connection with our products/services or the use of our website, you can also contact our data protection officer at any time. This person can be contacted at the above postal address or e-mail address (keyword: ‘Attn. data protection officer’). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please request direct contact via this e-mail address first.

3. Purposes of data processing

We process your data for the following purposes:

  • Enabling the visit of our website, ensuring the permanent functionality and security of our systems, maintaining our website in general for administrative purposes, including the storage of log files in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our website (Art. 6 (1)(b), (f) GDPR);    
  • Management, implementation and creation of website content, structure, functions, scripts and design, including with WordPress (Art. 6 (1)(f) GDPR);
  • Management of the consent regarding optional services with a consent banner (Art. 6 (1)(f) GDPR);    
  • Providing and sending our newsletter, including storage of the subscription data for documentation obligations (Art. 6 (1)(a) GDPR);    
  • Processing and answering your contact requests, your demo request and providing a contact form (Art. 6 (1)(b), (f) GDPR);    
  • Receipt and processing of applications for the selection of applicants for the possible establishment of an employment relationship, including the provision of a digital careers page and the administration of incoming applications, and for the storage in an applicant pool, if applicable (Art. 6 (1)(b), (a) GDPR), for details see 11.;    
  • Providing and managing a social network business page, including communication with interested parties and clients, and processing of aggregated business page insight data for the optimization of the business page’s structure and design (Art. 6 (1)(b), (f) GDPR);    
  • Processing and answering your data privacy requests, and storage of your requests for documentation obligations (Art. 6 (1)(f) GDPR);    
  • Capturing, managing, and evaluating prospect contacts for handling inquiries, carrying out marketing activities, and analyzing and optimizing communication processes (Art. 6 (1)(a), (f) GDPR);    
  • Analyzing and optimizing our website presence, including the measurement of user behavior and the technical management of tracking technologies via a tag management system (Art. 6 (1)(a) GDPR);    
  • Protecting the website against abusive or malicious traffic, ensure security, and maintain optimal performance by distinguishing legitimate users from automated access attempts (Art. 6 (1)(f) GDPR);    
  • Usage of analytics and marketing tools to identify and track user interactions across sessions, assign unique user identifiers, and store behavioral data for marketing performance and contact profiling purposes (Art. 6 (1)(a) GDPR).  

4. Recipients of data

The data collected by us will only be forwarded on if there is a legal basis for this under data protection law in the specific case, in particular if:    

  • you have given your consent (Art. 6 (1)(a) GDPR), or    
  • this is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 (1)(b) GDPR), or    
  • we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement (Art. 6 (1)(c) GDPR), or    
  • the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (Art. 6 (1)(f) GDPR). Your data will be forwarded especially to the following recipients:    
  • Hosting provider: Webflow Inc., 398 11th Street, San Francisco, CA 94103, USA – privacy notice:
    https://webflow.com/legal/eu-privacy-policy;    
  • Consent Management Platform “Cookiebot”: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark – privacy notice: https://www.cookiebot.com/en/privacy-policy/;    
  • Google (Google Tag Manager, Google Fonts): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – privacy notice: https://business.safety.google/privacy/;    
  • LinkedIn (social network business page): LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – privacy notice: https://www.linkedin.com/legal/privacy-policy; joint controller agreement: https://legal.linkedin.com/pages-joint-controller-addendum;    
  • HubSpot (marketing and tracking tool): HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland – privacy notice: https://legal.hubspot.com/privacy-policy.    
  • Cloudflare (Content delivery network and security service for attack prevention and website performance optimization): Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA – privacy policy: https://www.cloudflare.com/privacypolicy/

5. Transfer to third countries

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.  If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework. If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR). Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this. Your data may be forwarded especially to the following recipients in third countries:

  • Google (Google Tag Manager, Google Fonts): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework);    
  • LinkedIn (social network business page): LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework);    
  • HubSpot (marketing and tracking tool): HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA (adequacy decision, certified for the EU-US Data Privacy Framework);    
  • Cloudflare (Content delivery network and security service for attack prevention and website performance optimization): Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (adequacy decision, certified for the EU-US Data Privacy Framework);
  • Webflow (website hosting): Webflow Inc., 398 11th Street, San Francisco, CA 94103 (adequacy decision, certified for the EU-US Data Privacy Framework)

6. Storage period

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case. Your data will be stored especially for the following periods:    

  • Connection data: for the time of your visit and beyond in logfiles for a limited period;    
  • Contact data: for the time necessary to process your request, and at least for three years in case of data privacy requests;    
  • Applicant data: duration of your employment relationship (if we accept your application), or six months at latest (if we refuse your application) or beyond, if you give us your explicit consent;    
  • Newsletter data: for the time of your subscription and beyond for documentation obligations.

7. Data subject rights

You have the rights of data subjects formulated in Art. 7 (3), Art. 15 - 22 GDPR at any time if the respective legal requirements are met:      

  • Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR);    
  • Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes (Art. 21 GDPR);    
  • Right to obtain information about your personal data processed by us (Art. 15 GDPR);    
  • Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);    
  • Right to erase your personal data (Art. 17 GDPR);    
  • Right to restrict processing of your personal data (Art. 18 GDPR);    
  • Right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR);    
  • Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR). To assert your rights described here, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request. Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

8. Requirement for the provision of data

In principle, there is no obligation to provide your data. The use of our website is usually possible without providing personal data. As far as personal data (for example, name, address, or email addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.  If the provision of your data is required to conclude a contract, to fulfil legal obligations, to make contact or to use other services and functions (e.g. subscribe to the newsletter), the corresponding input fields are marked as mandatory (usually with an asterisk (*)). In this case, any contract cannot be concluded, the specific service cannot be provided or the function cannot be used without the data provided. Other information not marked as mandatory fields is voluntary. The entry of such data is then not necessary for the conclusion of any contract, for the provision of the service or for the use of the function and has no influence on the fulfilment of the contract.

9. Automated decision-making

Automated decision-making including profiling in accordance with Art. 22 GDPR which produces legal effects or similarly significantly affects you does not take place.

10. Access and storage of information on the device

We only access or store information on your device if this is strictly necessary to provide your requested digital service, i.e. for the main functions of our website, or if you have given your prior consent, i.e. for optional services, according to implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG. The following cookies will be stored on your device:    

1. Strictly Necessary Cookies

These cookies are essential for the operation and security of our website. They do not require your consent.

  • __cfduid (Cloudflare) – Helps identify trusted web traffic and detect malicious activity.
  • accessibilityNotificationDismissed (Usercentrics) – Remembers when you dismiss the cookie/consent banner so it does not reappear.

2. Analytics & Performance Cookies

These cookies help us understand how visitors interact with our website by collecting information in an anonymous form. They require your consent in the EU/UK.

  • _ga (Google Analytics) – Distinguishes users to measure and report on site usage.
  • _ga_YYCGQ9CCN5 (Google Analytics 4) – Maintains session state and user activity for analytics.
  • AMP_39f15903e6 (AMP/Google Analytics) – Maintains client ID consistency across AMP pages and standard web pages.

3. Marketing & Targeting Cookies

These cookies are used to build visitor profiles, deliver personalized marketing, and integrate with our CRM system.  

  • wf_userid (HubSpot) – Identifies visitors to support CRM, lead generation, and marketing automation.

11. Applications

You can apply for open positions with us by e-mail or via our career portal. For the processing of your application, we collect the data you provide (generally: first and last name; e-mail address; application documents such as certificates and curriculum vitae; date of earliest possible job start; channel through which you became aware of the job advertisement; if applicable, telephone number, salary expectations, Xing or LinkedIn profile). We would like to point out that confidentiality cannot be guaranteed when applications are sent via unencrypted e-mail. As a rule, you may also apply for our positions by postal mail. To provide our career portal at https://stratifai.com/careers/ and to manage applications, we use the software Personio, provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich. We have concluded a data processing agreement with Personio. Your application data is encrypted during transmission and stored in encrypted form in Germany or the European Union. In cases where Personio cooperates with subprocessors whose parent company is based outside the European Union, the adequacy decision for the USA applies for US companies certified under the EU-U.S. Data Privacy Framework and/or Personio and its subprocessors have concluded standard contractual clauses and implemented additional measures to protect the data. This includes, in particular, the encryption of data using a self-generated master encryption key, which remains within the sphere of Personio. The legal basis for the processing of your application documents is Article 6 (1)(b) and Article 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the BDSG. When visiting the career portal, log files (server logs, error logs) are also processed under the sole responsibility of Personio. We refer to the explanations provided by Personio at the end of the privacy policy on the career portal. The legal basis for this is the legitimate interest of Personio in providing the career portal, Article 6(1)(f) GDPR.

12. Usage of imprint data

The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information materials is hereby expressly contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

CareersContact
ImprintPrivacy NoticeTerms & Conditions
Stay in Touch
Sign up for our Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.