Privacy Policy

Responsible Party
Conbool GmbH (hereinafter referred to as 'we' or 'us') is the responsible party within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data (hereinafter referred to as 'data') in connection with the use of our services. The protection of your data is one of our most important principles.
Contact:
Conbool GmbH
Berlepschweg 11
21079 Hamburg
Germany
You can reach us via the contact form.
Data Protection Officer:
Data Protection Officer
Conbool GmbH
Berlepschweg 11
21079 Hamburg
Germany
To exercise your legal rights or for general questions regarding data protection, you can contact us at any time at info@conbool.com. Both our data protection specialists and our Data Protection Officer are available to you via this email address. If you wish to contact the Data Protection Officer exclusively, you can also do so in writing using the postal address provided above.
Type and Purpose of Data Processing
The processing of personal data by Conbool GmbH is carried out exclusively in accordance with applicable data protection laws, in particular the GDPR. The purposes and types of processing depend on the services we provide and the requirements of our customers.
2.1 Website Visit
We process the following types of your personal data when you visit our website:
IP address, date and time of access, name and URL of the accessed website, website from which the access originated (referrer URL), the browser used, and, if applicable, the operating system of your computer, as well as the name of your access provider.
We process this data for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability,
- for further administrative purposes, and
- for further administrative purposes, and
We base this data processing on our legitimate interest (Art. 6 para. 1 lit. f GDPR). The data processing for the aforementioned purposes is necessary to ensure that you can use our website without interruptions.
2.2 Contact Forms and Email Contact
We process the following types of your personal data when you use our contact forms or contact us via email:
- Name
- Company
- Timestamp
- Email address
- Content of your request
We process the data you provide in your contact form to answer your inquiry. We base this processing of your data on our legitimate interest in responding to your inquiries (Art. 6 para. 1 lit. f GDPR). We only retain the data collected through the contact form for as long as necessary to process your request. As soon as the purpose is fulfilled, we delete this information. Should legal requirements necessitate a longer retention period, we will limit the processing to the legally required minimum and delete the data after the retention period has expired.
We also process your data to inform you about our products and services. Product/service information via telephone is based on your consent (Art. 6 para. 1 lit. a GDPR). The collection of information via email is also generally based on your consent. If you have already purchased similar products or services from us, we base the collection of corresponding information on our legitimate interest (§ 7 para. 3 UWG, Art. 6 para. 1 lit. f GDPR). However, you can object to this product or service information at any time. In every informational email, we provide you with a link through which you can object to further data processing for the sending of information.
2.3 Provision of Services
As part of providing our Email Security Gateway, we process personal data to ensure the security and integrity of our customers' email communication and to fulfill our services. This includes: sender and recipient information, subject lines, timestamps, and other metadata. The provider does not have direct access to the contents of emails; these are processed exclusively in the stream.
To provide our customers with efficient support, we process the following data in connection with requests:
Name, email address, phone number, timestamp, as well as other information provided as part of a support request. Depending on the use case, temporary access to metadata (e.g., sender, recipient, timestamp) may also be granted with the explicit consent of the customer for diagnosing technical issues or resolving disruptions.
Additionally, the data provided during customer account creation is processed. The specific data required for creating an account is specified in the input form on our website. This includes name, company name, email, and phone number.
To ensure the security and availability of our services, we maintain logs of security-related events:
These include, for example, login attempts, changes to user accounts, or system errors. These logs are used solely for troubleshooting and security monitoring.
We base this processing on the legal basis of contract fulfillment (Art. 6 para. 1 lit. b GDPR).
2.4 Cookies and Website Data
Conbool GmbH uses cookies and similar technologies to improve the functionality of the website, optimize the user experience, and provide certain services. In doing so, we adhere to the requirements of the GDPR and the TTDSG (Telecommunications Telemedia Data Protection Act).
Only technically necessary cookies are used. These cookies are required for the website to function properly (e.g., for login functions or shopping carts). They are set without your consent as they are technically necessary for the provision of our services.
Types of Cookies:
- Session Cookies:Temporary cookies that are stored during your visit and are automatically deleted after closing the browser. Persistent Cookies: Long-term cookies that remain stored on your device to restore your preferences or settings for future visits.
- Persistent Cookies:Temporary cookies that are stored during your visit and are automatically deleted after closing the browser. Persistent Cookies: Long-term cookies that remain stored on your device to restore your preferences or settings for future visits.
Specifically, the following cookies are used:
- Essential Cookies:
  - csrfSecret: Used for security purposes to prevent Cross-Site Request Forgery (CSRF) attacks.
  - lang: Stores your language preference during the session so that the website is displayed in your preferred language.
  - Session Cookies: Required for user authentication and session management.
- Preference Cookies
  - theme: Stores your preferred display mode (dark or light mode). This cookie is only created when you actively change the theme settings.
- Third-Party Cookies
  - Stripe Cookies (__stripe_mid): Used for payment processing and fraud prevention. These cookies are only set when you perform a payment action.
Storage Duration of Cookies
- Session cookies are deleted when you close your browser.
- Preference cookies (e.g., theme) are stored for up to 1 year.
- Stripe cookies follow Stripe's retention policy as described in their cookie policy.
Cookie Management
You can manage or delete cookies through your browser settings. Please note that disabling essential cookies may impair the functionality of our website.
The processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR) and § 25 para. 2 TTDSG, as these are essential for the operation of the website.
Storage and Deletion of Data
Conbool GmbH stores personal data only for as long as necessary for the respective purposes or as required by statutory retention periods. After the respective periods expire, the data is deleted.
3.1 Retention Periods by Data Category
- Contract Data
  - Contract-related data (e.g., invoices, customer contracts) is stored for the duration of the contractual relationship.
  - After the termination of the contractual relationship, further storage is carried out in accordance with statutory retention periods.
    - 6 years for commercially relevant documents (§ 257 HGB).
    - 10 years for tax-relevant documents (§ 147 AO).
- Email Metadata & Logs
  - Metadata & logs such as sender, recipient, subject lines, and timestamps are stored for a period of up to 90 days.
  - Purpose: Analysis and resolution of technical issues as well as ensuring the functionality of the Email Security Gateway.
- Content Data
  - Email content (e.g., text content, attachments) is only temporarily and automatically processed and stored until final delivery or deletion by the customer.
  - After completion of processing, this data is automatically deleted.
- Cookies
  - Session Cookies: These cookies are only stored during the use of our website and are automatically deleted after closing the browser.
  - Persistent Cookies:These cookies remain stored for a longer period to restore settings or preferences.
3.2 Deletion
After the respective storage period expires, personal data is either completely deleted or anonymized.
Disclosure to Third Parties
4.1 Subcontractors
To fulfill our services, we use the following subcontractors:
- IONOS SE
  - Service: Cloud infrastructure for the operation of our services.
  - Service Location:Germany (EU).
  - Special Features: Hosting in ISO 27001-certified data centers with strict security measures.
- Supabase Inc.
  - Service:Database services with storage in the EU.
  - Service Location: Germany (EU).
  - Special Features: A data processing agreement has been concluded, and GDPR-compliant processing is ensured.
4.2 Third-Country Transfers
The transfer of personal data to countries outside the European Union (third countries) does not take place.
4.3 Legal Basis for Disclosure
- Art. 6 para. 1 lit. b GDPR: Performance of a contract (e.g., provision of the Email Security Gateway).
- Art. 6 para. 1 lit. f GDPR:Safeguarding legitimate interests, particularly to ensure secure operations and to process support requests.
4.4 Transparency and Control
We ensure that all subcontractors used are contractually obligated to comply with the requirements of the GDPR and to process personal data exclusively in accordance with our instructions.
Rights of Data Subjects
Data subjects have various rights under the General Data Protection Regulation (GDPR) regarding the processing of their personal data. These rights ensure transparency and control over their own data.
- 5.1 Overview of Rights
  - Right of Access (Art. 15 GDPR)
    You have the right to request confirmation as to whether we process personal data concerning you. Furthermore, you can obtain information about the processed data as well as additional details, such as the purposes of processing and the recipients of the data.
  - Right to Rectification (Art. 16 GDPR)
    You can request the correction of inaccurate or incomplete personal data.
  - Right to Erasure ("Right to be Forgotten", Art. 17 GDPR)
    You have the right to request the erasure of your personal data, provided there are no legal grounds for further processing (e.g., statutory retention obligations).
  - Right to Restriction of Processing (Art. 18 GDPR)
    You can request the restriction of the processing of your data if certain conditions are met.
    - the accuracy of the data is contested;
    - the processing is unlawful, but you oppose the erasure of the data;
    - we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
    - you have objected to the processing, and it is still being verified whether our legitimate interests override yours.
  - Right to Object to Processing (Art. 21 GDPR)
    You can object to the processing of your personal data if it is based on legitimate interests (Art. 6 para. 1 lit. f GDPR). This applies in particular to direct marketing.
  - Right to Data Portability (Art. 20 GDPR)
    You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.
  - Withdrawal of Consent (Art. 7 para. 3 GDPR)
    If the processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of the processing carried out prior to the withdrawal.
  - Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
    If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a competent supervisory authority.
We will not make automated decisions based on your personal data.
5.2 Exercising Your Rights
- Contact Options: To exercise your rights, you can contact us at any time using the contact details provided above.
- Identity Verification: To process your request and ensure that your personal data is not disclosed to unauthorized third parties, we reserve the right to verify your identity (e.g., by requesting a valid ID).
- Processing Time: We will respond to your request promptly and no later than one month after receipt (Art. 12 para. 3 GDPR). If a request is particularly complex, this period may be extended by two additional months; in such cases, we will inform you in a timely manner.
- Costs: Exercising your rights is generally free of charge. However, if requests are manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to process the request (Art. 12 para. 5 GDPR).
Changes to This Privacy Policy
We reserve the right to update this privacy policy as needed, for example, to reflect changes to our services or legal requirements. We will notify you of significant changes in a timely manner via email or a notice on our website.

Responsible Party
Conbool GmbH (hereinafter referred to as 'we' or 'us') is the responsible party within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data (hereinafter referred to as 'data') in connection with the use of our services. The protection of your data is one of our most important principles.
Contact:
Conbool GmbH
Berlepschweg 11
21079 Hamburg
Germany
You can reach us via the contact form.
Data Protection Officer:
Data Protection Officer
Conbool GmbH
Berlepschweg 11
21079 Hamburg
Germany
To exercise your legal rights or for general questions regarding data protection, you can contact us at any time at info@conbool.com. Both our data protection specialists and our Data Protection Officer are available to you via this email address. If you wish to contact the Data Protection Officer exclusively, you can also do so in writing using the postal address provided above.
Type and Purpose of Data Processing
The processing of personal data by Conbool GmbH is carried out exclusively in accordance with applicable data protection laws, in particular the GDPR. The purposes and types of processing depend on the services we provide and the requirements of our customers.
2.1 Website Visit
We process the following types of your personal data when you visit our website:
IP address, date and time of access, name and URL of the accessed website, website from which the access originated (referrer URL), the browser used, and, if applicable, the operating system of your computer, as well as the name of your access provider.
We process this data for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability,
- for further administrative purposes, and
- for further administrative purposes, and
We base this data processing on our legitimate interest (Art. 6 para. 1 lit. f GDPR). The data processing for the aforementioned purposes is necessary to ensure that you can use our website without interruptions.
2.2 Contact Forms and Email Contact
We process the following types of your personal data when you use our contact forms or contact us via email:
- Name
- Company
- Timestamp
- Email address
- Content of your request
We process the data you provide in your contact form to answer your inquiry. We base this processing of your data on our legitimate interest in responding to your inquiries (Art. 6 para. 1 lit. f GDPR). We only retain the data collected through the contact form for as long as necessary to process your request. As soon as the purpose is fulfilled, we delete this information. Should legal requirements necessitate a longer retention period, we will limit the processing to the legally required minimum and delete the data after the retention period has expired.
We also process your data to inform you about our products and services. Product/service information via telephone is based on your consent (Art. 6 para. 1 lit. a GDPR). The collection of information via email is also generally based on your consent. If you have already purchased similar products or services from us, we base the collection of corresponding information on our legitimate interest (§ 7 para. 3 UWG, Art. 6 para. 1 lit. f GDPR). However, you can object to this product or service information at any time. In every informational email, we provide you with a link through which you can object to further data processing for the sending of information.
2.3 Provision of Services
As part of providing our Email Security Gateway, we process personal data to ensure the security and integrity of our customers' email communication and to fulfill our services. This includes: sender and recipient information, subject lines, timestamps, and other metadata. The provider does not have direct access to the contents of emails; these are processed exclusively in the stream.
To provide our customers with efficient support, we process the following data in connection with requests:
Name, email address, phone number, timestamp, as well as other information provided as part of a support request. Depending on the use case, temporary access to metadata (e.g., sender, recipient, timestamp) may also be granted with the explicit consent of the customer for diagnosing technical issues or resolving disruptions.
Additionally, the data provided during customer account creation is processed. The specific data required for creating an account is specified in the input form on our website. This includes name, company name, email, and phone number.
To ensure the security and availability of our services, we maintain logs of security-related events:
These include, for example, login attempts, changes to user accounts, or system errors. These logs are used solely for troubleshooting and security monitoring.
We base this processing on the legal basis of contract fulfillment (Art. 6 para. 1 lit. b GDPR).
2.4 Cookies and Website Data
Conbool GmbH uses cookies and similar technologies to improve the functionality of the website, optimize the user experience, and provide certain services. In doing so, we adhere to the requirements of the GDPR and the TTDSG (Telecommunications Telemedia Data Protection Act).
Only technically necessary cookies are used. These cookies are required for the website to function properly (e.g., for login functions or shopping carts). They are set without your consent as they are technically necessary for the provision of our services.
Types of Cookies:
- Session Cookies:Temporary cookies that are stored during your visit and are automatically deleted after closing the browser. Persistent Cookies: Long-term cookies that remain stored on your device to restore your preferences or settings for future visits.
- Persistent Cookies:Temporary cookies that are stored during your visit and are automatically deleted after closing the browser. Persistent Cookies: Long-term cookies that remain stored on your device to restore your preferences or settings for future visits.
Specifically, the following cookies are used:
- Essential Cookies:
  - csrfSecret: Used for security purposes to prevent Cross-Site Request Forgery (CSRF) attacks.
  - lang: Stores your language preference during the session so that the website is displayed in your preferred language.
  - Session Cookies: Required for user authentication and session management.
- Preference Cookies
  - theme: Stores your preferred display mode (dark or light mode). This cookie is only created when you actively change the theme settings.
- Third-Party Cookies
  - Stripe Cookies (__stripe_mid): Used for payment processing and fraud prevention. These cookies are only set when you perform a payment action.
Storage Duration of Cookies
- Session cookies are deleted when you close your browser.
- Preference cookies (e.g., theme) are stored for up to 1 year.
- Stripe cookies follow Stripe's retention policy as described in their cookie policy.
Cookie Management
You can manage or delete cookies through your browser settings. Please note that disabling essential cookies may impair the functionality of our website.
The processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR) and § 25 para. 2 TTDSG, as these are essential for the operation of the website.
Storage and Deletion of Data
Conbool GmbH stores personal data only for as long as necessary for the respective purposes or as required by statutory retention periods. After the respective periods expire, the data is deleted.
3.1 Retention Periods by Data Category
- Contract Data
  - Contract-related data (e.g., invoices, customer contracts) is stored for the duration of the contractual relationship.
  - After the termination of the contractual relationship, further storage is carried out in accordance with statutory retention periods.
    - 6 years for commercially relevant documents (§ 257 HGB).
    - 10 years for tax-relevant documents (§ 147 AO).
- Email Metadata & Logs
  - Metadata & logs such as sender, recipient, subject lines, and timestamps are stored for a period of up to 90 days.
  - Purpose: Analysis and resolution of technical issues as well as ensuring the functionality of the Email Security Gateway.
- Content Data
  - Email content (e.g., text content, attachments) is only temporarily and automatically processed and stored until final delivery or deletion by the customer.
  - After completion of processing, this data is automatically deleted.
- Cookies
  - Session Cookies: These cookies are only stored during the use of our website and are automatically deleted after closing the browser.
  - Persistent Cookies:These cookies remain stored for a longer period to restore settings or preferences.
3.2 Deletion
After the respective storage period expires, personal data is either completely deleted or anonymized.
Disclosure to Third Parties
4.1 Subcontractors
To fulfill our services, we use the following subcontractors:
- IONOS SE
  - Service: Cloud infrastructure for the operation of our services.
  - Service Location:Germany (EU).
  - Special Features: Hosting in ISO 27001-certified data centers with strict security measures.
- Supabase Inc.
  - Service:Database services with storage in the EU.
  - Service Location: Germany (EU).
  - Special Features: A data processing agreement has been concluded, and GDPR-compliant processing is ensured.
4.2 Third-Country Transfers
The transfer of personal data to countries outside the European Union (third countries) does not take place.
4.3 Legal Basis for Disclosure
- Art. 6 para. 1 lit. b GDPR: Performance of a contract (e.g., provision of the Email Security Gateway).
- Art. 6 para. 1 lit. f GDPR:Safeguarding legitimate interests, particularly to ensure secure operations and to process support requests.
4.4 Transparency and Control
We ensure that all subcontractors used are contractually obligated to comply with the requirements of the GDPR and to process personal data exclusively in accordance with our instructions.
Rights of Data Subjects
Data subjects have various rights under the General Data Protection Regulation (GDPR) regarding the processing of their personal data. These rights ensure transparency and control over their own data.
- 5.1 Overview of Rights
  - Right of Access (Art. 15 GDPR)
    You have the right to request confirmation as to whether we process personal data concerning you. Furthermore, you can obtain information about the processed data as well as additional details, such as the purposes of processing and the recipients of the data.
  - Right to Rectification (Art. 16 GDPR)
    You can request the correction of inaccurate or incomplete personal data.
  - Right to Erasure ("Right to be Forgotten", Art. 17 GDPR)
    You have the right to request the erasure of your personal data, provided there are no legal grounds for further processing (e.g., statutory retention obligations).
  - Right to Restriction of Processing (Art. 18 GDPR)
    You can request the restriction of the processing of your data if certain conditions are met.
    - the accuracy of the data is contested;
    - the processing is unlawful, but you oppose the erasure of the data;
    - we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
    - you have objected to the processing, and it is still being verified whether our legitimate interests override yours.
  - Right to Object to Processing (Art. 21 GDPR)
    You can object to the processing of your personal data if it is based on legitimate interests (Art. 6 para. 1 lit. f GDPR). This applies in particular to direct marketing.
  - Right to Data Portability (Art. 20 GDPR)
    You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.
  - Withdrawal of Consent (Art. 7 para. 3 GDPR)
    If the processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of the processing carried out prior to the withdrawal.
  - Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
    If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a competent supervisory authority.
We will not make automated decisions based on your personal data.
5.2 Exercising Your Rights
- Contact Options: To exercise your rights, you can contact us at any time using the contact details provided above.
- Identity Verification: To process your request and ensure that your personal data is not disclosed to unauthorized third parties, we reserve the right to verify your identity (e.g., by requesting a valid ID).
- Processing Time: We will respond to your request promptly and no later than one month after receipt (Art. 12 para. 3 GDPR). If a request is particularly complex, this period may be extended by two additional months; in such cases, we will inform you in a timely manner.
- Costs: Exercising your rights is generally free of charge. However, if requests are manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to process the request (Art. 12 para. 5 GDPR).
Changes to This Privacy Policy
We reserve the right to update this privacy policy as needed, for example, to reflect changes to our services or legal requirements. We will notify you of significant changes in a timely manner via email or a notice on our website.

CONBOOL

CONBOOL

Privacy Policy

Our privacy policy and how we use your data

Version 1.0, as of 03.03.2025