We, Hyground GmbH, Versmannstraße 2, 20457 Hamburg, Germany ("Hyground" or "we"/"us"), would like to thank you for visiting our website and for your interest in our services.
 

When you visit our website, use our online offer, or engage in or express interest in a contractual relationship with us, your personal data may be processed by us.

Protecting your data is of utmost importance to us. This privacy policy, in accordance with Article 13 of the EU General Data Protection Regulation ("GDPR"), outlines how we handle, protect, and process your personal data (also referred to as "data") in connection with your use of our services, our online offer and your browsing activities on our website.

Last updated: 18.08.2025

​

A. General information

I. Definitions

Our privacy policy should be easy to read and understand for our website visitors, customers, business partners and interested parties. To ensure this, we would like to explain the most important terms. We use the following terms, among others, in this privacy policy:

• "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "Data Subject"), e.g. name, address, email addresses, user behaviour;

 

• "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

• "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

 

• "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 

• "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

II. Controller

The Controller within the meaning of Art. 4 (7) GDPR is:

Hyground GmbH

Versmannstraße 2

20457 Hamburg

Germany

E-Mail: info@hyground.ai

 

For specific questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you can contact the above-mentioned contact points at any time.
 

B. Processing of personal data

The following overview lists all types of data processed by us, the purposes of their processing and the legal basis for their processing.

I. Visiting the website
 

If you visit our website without transmitting data to us in any other way (e.g. by using the contact form), we collect the following data on our web server temporarily and anonymised via server log files:

• IP address

• Date and time of the enquiry

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (page visited)

• Access status/HTTP status code

• Amount of data transferred in each case

• Previously visited page

• Browser type

• Operating system used

• Language and version of the browser software

• Host name of the accessing computer.

This processing is technically necessary to display our website to you. We also use the data for statistical analyses to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. c GDPR.
 

II. Contacting us
 

We process the data you provide through our contact form to contact you. This data includes:

• your name

• company name

• company email 

• reason for contacting us

• any additional information provided in the message field (e.g., details regarding the intended use of our services)

Fields that are mandatory for the use of the contact form are marked as such. This data is processed to contact you and analyse your individual needs and expectations for our services.

If you contact us via email, we store the contact details you provide, which may include your name, address, mobile phone number, email address, and any information contained in your inquiry.

When you request information about our services or contact us within the scope of an existing contractual relationship, we process the data you provide to handle and respond to your inquiry based on the legal grounds of Art. 6 para. 1 sentence 1 lit. b GDPR. If you have explicitly consented to the processing of your data for responding to your inquiry, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, we process your data to safeguard our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR, ensuring we respond appropriately to user or contact inquiries.
 

III. Cookies

We use cookies on some areas of our website. Cookies are small text files that are stored by the browser on your end device (e.g. computer, tablet or mobile phone) when you visit a website and can be read by us or a third-party provider. They are used to identify your end device for a certain period of time.

Some of the cookies we use are so-called "session cookies", which are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

Some cookies are necessary for the use of our website. These cookies are not used for analysis, tracking, advertising or other non-essential purposes. Some of them only contain information about specific settings and are not personalised. These cookies are essential for user guidance, security and the operation of the website. We use these cookies on the basis of Section 25 para. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG) to ensure basic functions of the website.

You can set your browser so that you are informed about the placement of cookies, which makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note, however, that this may result in our website no longer being displayed and some functions may no longer be technically available.

In addition, we also use technically non-essential cookies on the basis of your consent. This processing only takes place with your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can revoke your consent at any time by clicking on the icon at the bottom of the website and adjusting the desired settings in the cookie consent banner that opens.

For more information on the individual cookies we use on our website, please refer to this privacy policy or our cookie consent banner.

IV. Customers, business partners and interested parties

If you are already a customer, business partner or prospective customer of our services and a contractual, quasi-contractual or pre-contractual business relationship exists with us, we process the following data where necessary:

• Inventory data (e.g. first and last name, address, company, location)

• Contact details (e.g. e-mail address, telephone number)

• Payment data (e.g. bank details, billing information, payment history).[SB7] 

Before or when collecting this data, we will inform you transparently about what information is required. We process this data in particular to communicate with you, to respond to your enquiries, to fulfil our contractual obligations and to safeguard our rights.

The legal basis for this processing results from Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfilment and pre-contractual measures), Art. 6 para. 1 sentence 1 lit. c GDPR (with regard to a legal obligation) and otherwise from Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).

V. Newsletter / E-Mail Marketing 

You may subscribe to our newsletter to receive updates about our company and our offers. To subscribe, we require your email address. When you register, your email address will be transmitted to us (or our email service provider) and stored. After registration, you will receive a confirmation email (“double opt-in”).

Our newsletter is sent based on your prior explicit consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You may unsubscribe at any time, either by contacting us through the options provided in this privacy policy or by using the unsubscribe link included in each newsletter. Upon unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or we are legally entitled to continue using the data as described in this privacy policy.

If we obtain your email address in connection with the sale of a product or service and you have not objected, we may also use it to send you regular offers for similar products or services from our portfolio. This is done in accordance with § 7 para. 3 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) and serves our legitimate interest in direct marketing (Art. 6 para. 1 sentence 1 lit. f GDPR). You may object to this use of your email address at any time, without incurring any costs beyond the basic transmission fees, by contacting us through the options provided in this privacy policy or via the unsubscribe link in the marketing email (see also below regarding your right to object).

VI. Third-party tools

As part of our business activities and to provide certain services, we use service providers as processors. This includes areas such as marketing, CRM, the operation of the website, and others. We have concluded data processing agreements (DPAs) with the respective service providers. When transferring your data to third countries, we ensure that an appropriate level of protection is guaranteed. This is done either by recognising the countries concerned as safe by the EU (adequacy decision), specific approved contracts (standard contractual clauses, SCCs) or, if necessary, by obtaining your express consent.

Currently we implement the following third-party tools:

1. Google Analytics

If you have given your consent, our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This service creates pseudonymized usage profiles and uses cookies (see section "Cookies"). The information generated by the cookie about your use of this website (browser type/version, operating system used, time of server request, referrer URL (the previously visited page), hostname of the accessing computer (IP address)) is transmitted to a Google server in the USA and stored there. Google processes the data in the USA.

The data is used to evaluate website usage, compile reports on website activities, and provide other services related to website and internet usage for market research and to tailor the design of these internet pages to users' needs. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Your IP address will not be merged with other Google data. IP addresses are anonymized to prevent attribution (IP masking).

For data transfers to the USA, the following applies: Google is certified under the EU-US Data Privacy Framework (DPF) and has committed to complying with European data protection principles. Additionally, we have concluded EU Standard Contractual Clauses (SCCs) with Google pursuant to Article 46 para. 2 lit. c GDPR to ensure compliance with the EU data protection level.

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can revoke your consent at any time by clicking on the icon at the bottom of the website [SB10] [SB11] and adjusting your preferences in the cookie banner that appears.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en.

Further information on data processing by Google can be found here and in Google's Privacy Policy.

2. Hubspot

We use HubSpot, a customer relationship management system (CRM), to manage and maintain customer relationships, respond to inquiries, and optimize our sales and marketing processes. The provider is HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (“HubSpot”). In this context, personal data such as your name, email address, company details, communication history, and information about your interactions with us (e.g., website visits, forms submitted, emails opened) may be processed.

The legal basis for this processing is our legitimate interest in efficient customer communication and relationship management (Art. 6 para. 1 sentence 1 lit. f GDPR). Where consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. You can revoke your consent at any time by clicking on the icon at the bottom of the website  and adjusting your preferences in the cookie banner that appears.

Data may be transferred to HubSpot, Inc. in the United States. HubSpot is certified under the EU-U.S. Data Privacy Framework (DPF) and we have additionally concluded EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 para. 2 lit. c GDPR to ensure an adequate level of data protection.

Further information on data processing by HubSpot can be found in HubSpot’s Privacy Policy at: https://legal.hubspot.com/privacy-policy.

3. Calendly

We use the scheduling tool Calendly on our Platform to arrange consultation appointments with you. Calendly, a service provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA, offers an integrated online calendar through which you can conveniently request and select an appointment. In doing so, your contact details (name and email address) as well as meta/communication data (e.g., IP address) are transmitted to Calendly and processed there.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR, as we have a legitimate interest in providing the simplest possible scheduling process. Where consent is requested, Art. 6 para. 1 sentence 1 lit. a) GDPR serves as the legal basis for processing. You may withdraw your consent to the processing of your personal data at any time. Such withdrawal can be made via the contact details provided in this Privacy Policy.

Your data may be transferred to countries outside the EU, in particular to the USA. Calendly is certified under the EU-U.S. Data Privacy Framework (DPF) and has committed to complying with European data protection principles. In addition, we have entered into EU Standard Contractual Clauses (SCCs) with Calendly pursuant to Article 46 para. 2 lit. c GDPR to ensure compliance with the EU level of data protection.

Further information on Calendly’s data processing can be found in their Privacy Policy.

4. Microsoft Bookings

We use Microsoft Bookings to manage and schedule appointments in an efficient manner. This service is provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (“Microsoft”). When you schedule an appointment through this service, we process the information you provide (such as your name, email address, and appointment details) in order to confirm and administer your booking.

Microsoft Bookings is part of the Office 365 cloud suite. Microsoft reserves the right to process customer data for its own business purposes, which may pose a data protection risk for users. We have concluded a DPA with Microsoft to ensure a minimum level of data protection. Please note, however, that we have no influence over Microsoft’s independent data processing activities. Where Microsoft processes personal data in connection with its own legitimate business purposes, Microsoft acts as an independent controller and is solely responsible for compliance with all applicable data protection laws.

For data transfers to the USA, the following applies: Microsoft is certified under the EU-US Data Privacy Framework (DPF) and has committed to complying with European data protection principles. Additionally, we have concluded EU Standard Contractual Clauses (SCCs) with Microsoft pursuant to Article 46 para. 2 lit. c GDPR to ensure compliance with the EU data protection level.

Further information about the purpose and scope of data collection and processing by Microsoft Bookings can be found in Microsoft’s Privacy Statement at: https://privacy.microsoft.com/en-us/privacystatement. There you will also find information about your related rights.

VII. Online presence on social media[SB14] 

We have various presences on social media platforms. We operate these sites with the following providers:

• LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy    

• Xing, New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Website: https://www.xing.com/; Privacy Policy: https://privacy.xing.com/en/privacy-policy

We use the technical platform and services of the respective providers for these information services. We would like to point out, that you use our presence on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, rating, sharing).

When you visit our social media sites, the platform providers collect your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about your interactions with our posts. The data collected about you is processed by the platforms and may be transferred to countries outside the EU, in particular to the USA.

LinkedIn’s US-entity is certified under the EU-US Data Privacy Framework (DPF) and has undertaken to comply with the European data protection principles.

We do not know how the social media platforms use the data from your visit to our account and your interactions with our posts for their own purposes, how long this data is stored and whether it is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or our account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in, a cookie on your device can be used to track your online behaviour. The platforms can use buttons integrated into websites to record your visits to these websites and assign them to your profile in order to offer you targeted content or advertising. To avoid this, you should log out, deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

As the provider of the information service, we also only process the data that you make available to us in the context of using our service and that require interaction. For example, if you ask us a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which are described in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 sentence 1 lit. f GDPR.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

The providers of the social media platforms explain in their privacy policies what information they receive and how it is used. These privacy policies (see links above) also contain information on contact options and the setting options for adverts.

VIII. Storage and deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the minimum required. In addition, we only store your data if we are authorised or obliged to do so in accordance with statutory retention periods.

This privacy policy may also contain further information on the retention and deletion of data, which apply primarily to the respective processing activities.
 

C. Your Rights as a Data Subject

You have the right to  

• Access your personal data in accordance with Art.  15 GDPR,

• Rectification of inaccurate personal data in accordance with Art.  16 GDPR,

• Erasure of your personal data in accordance with Art.  17 GDPR,

• Restriction of processing in accordance with Art.  18 GDPR,

• Objection to the processing of your data in accordance with Art.  21 (Right to object, see details below), and

• Data portability in accordance with Art.  20 GDPR.

As outlined in the relevant sections of this privacy policy, you have the right to withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal of consent is only effective for future processing. Any processing that occurred before the withdrawal remains unaffected.
 

Right to Object : You have the right to object, at any time and for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on this provision as defined in Article 4 para. 4 GDPR.
 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

To exercise your above rights, you can send an email to info@hyground.ai. You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

 

If you have any questions with regard to the processing of your data, feel free to contact us at any time.

D. Data processing when accessing linked content

This privacy policy only applies to this website. However, the website may also contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence over the content of third-party sites. If you are redirected to other pages via links within the website, please inform yourself there about the respective handling of your data.

E. Automated decision-making/profiling

No automated decision-making or profiling takes place.

F. Changes to this privacy policy

Due to the further development of our website, our online offer and our services or due to changed legal and official requirements, it may become necessary to amend this privacy policy from time to time.

If you have any questions regarding the processing of your data, you can contact us at any time.

​