Home
Our solutions
Sizing & Fit Solutions
Advanced Analytics
Data Purchase
Impact Calculator
Resources
About us
FAQ
Contact
Book a discovery call
Privacy policy
Datenschutzerklärung
Introduction
We, SAIZ GmbH together with our subsidiaries (hereinafter collectively referred to as "
the company
," "
SAIZ
," "
we
," or "
us
"), take the protection of your personal data very seriously and would like to inform you here about data protection within our organization.
As part of our responsibilities under data protection law, we are subject to additional obligations following the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter "
GDPR
"), in order to ensure the protection of personal data of individuals affected by data processing activities. In this policy, we refer to you as the data subject also as “
customer
,” “
user
,” “
you
,” or “
data
subject
.”
Where we determine, either alone or jointly with others, the purposes and means of data processing, we are particularly obliged to inform you in a transparent manner about the nature, scope, purpose, duration, and legal basis of the processing (see Articles 13 and 14 GDPR). With this privacy notice (hereinafter: “
Privacy
Policy
”), we inform you about the manner in which your personal data is processed by us.
Our Privacy Policy is structured in a modular format. It consists of a general section applicable to all processing of personal data and processing scenarios that arise whenever a website is accessed (Section A: General Information), and a specific section, the contents of which relate only to the specific processing scenario mentioned in that section, including but not limited to the more detailed explanation regarding visits to our websites (Section B: Visiting Websites).
A. General Information
(1) Definitions
This Privacy Policy is based on the definitions set out in Article 4 of the GDPR:
“Personal data”
(Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“
data
subject
”). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or by means of information relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability can also exist through the combination of such information with other supplementary knowledge. The form, manifestation, or medium of the information is irrelevant (e.g., photographs, video, or audio recordings may also contain personal data).
“Processing”
(Art. 4 No. 2 GDPR) means any operation or set of operations which is performed on personal data, whether or not by automated means (i.e., using technology). This includes, in particular, the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data, as well as any alteration of the purpose originally underlying the data processing.
“Controller”
(Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Third party”
(Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this includes other legal entities within the same corporate group.
“Processor”
(Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, particularly in accordance with the controller’s instructions (e.g., IT service providers). In the context of data protection law, a processor is not considered a third party.
“Consent”
(Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
(2) Name and Address of the Controller
The entity responsible for the processing of your personal data within the meaning of Article 4 No. 7 GDPR is:
SAIZ GmbH
Pappelallee 78/79
10437 Berlin
Germany
Email:
data.privacy@saiz.io
Further information about our company can be found in the legal notice on our website at
https://www.saiz.io/impressum
(3) Legal Bases for Data Processing
As a general principle under the law, any processing of personal data is prohibited unless it is permitted under one of the following legal grounds:
Art. 6 para. 1 sentence 1 lit. a GDPR
("Consent")
: Where the data subject has given their consent, voluntarily, in an informed and unambiguous manner, by means of a declaration or other clear affirmative action, to the processing of their personal data for one or more specific purposes;
Art. 6 para. 1 sentence 1 lit. b GDPR: Where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Art. 6 para. 1 sentence 1 lit. c GDPR: Where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., statutory retention obligations);
Art. 6 para. 1 sentence 1 lit. d GDPR: Where processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Art. 6 para. 1 sentence 1 lit. e GDPR: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
Art. 6 para. 1 sentence 1 lit. f GDPR
("Legitimate Interests")
: Where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (particularly where the data subject is a minor).
For each processing activity carried out by us, we will indicate below the specific legal basis applicable. Processing may be based on more than one legal ground.
(4) Data Erasure and Storage Duration
For each data processing activity we perform, we will state how long the personal data is stored by us and when it is erased or blocked. Unless a specific storage period is stated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies, unless statutory commercial or tax-related retention obligations require further storage.
Once statutory retention periods no longer apply, the data will be deleted unless you have expressly consented to further use.
However, storage may extend beyond the indicated time in the event of a (threatened) legal dispute with you or in the context of other legal proceedings, or if storage is required by statutory regulations to which we, as the controller, are subject (e.g., § 257 of the German Commercial Code (HGB), § 147 of the German Fiscal Code (AO)). When the legally required retention period expires, the personal data will be blocked or deleted, unless further storage is necessary and legally permitted.
Your data is generally stored only on servers located within the EU, subject to any potential transfer as outlined in Sections A.(8) and A.(9).
(5) Data Security
We implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of risk to the rights and freedoms of data subjects in the event of a data breach. Our security measures are continuously improved in line with technological developments.
We are happy to provide more detailed information upon request. Please contact us using the details provided under Section A.(2).
(6) Technical and Organizational Measures
We take technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation, or unauthorized access by third parties. These measures are regularly updated to reflect the current state of the art.
(7) Cooperation with Processors
As is common in business operations, we engage external domestic and international service providers to conduct our business activities (e.g., in the areas of IT, logistics, telecommunications, sales, and marketing). These providers act solely on our instructions and have been contractually bound, in accordance with Article 28 GDPR, to comply with applicable data protection regulations.
If personal data is shared by us with our subsidiaries, or vice versa (e.g., for marketing purposes), this is done on the basis of existing data processing agreements.
(8) Disclosure of Personal Data to Third Parties; Legal Basis
The following categories of recipients – generally acting asprocessors (see Section A.(7)) – may be granted access to your personal data:
Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., data center services, payment processing, IT security). The legal basis for such disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they act as processors;
Government bodies/authorities, where required to fulfill a legal obligation. The legal basis for the disclosure is Art. 6 para. 1 sentence 1 lit. c GDPR;
Parties involved in the operation of our business (e.g., auditors, banks, insurers, legal advisors, regulatory authorities, parties involved in company acquisitions or joint ventures). The legal basis for the disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.
We use the services of the following third-party providers:
521 PRODUCTS PTY LTD
, 18 Tallow Place, Glenwood NSW 2768, Australia („
Smartlead
“).
Amazon Web Services, Inc.
,
410 Terry Avenue North, Seattle, WA 98109, USA („
Amazon
“).
Amazon Web Services EMEA SARL,
38 Avenue John F. Kennedy, L-1855, Luxembourg (
„Amazon EU
“).
BacklinkManager Limited
, Flat B 112 Blackheath Road, SE10 8DA, London, United Kingdom („
ZenABM
“)
DataDog Inc.,
620 8
th
Ave, 45
th
Floor, New York, NY 10018, USA („
DataDog
“).
Finsweet Inc.
, 1001A E Harmony Rd. #15, Fort Collins, CO 80525, USA („
Finsweet
“).
Google Inc
, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („
Google US
“).
Google Ireland Limited
, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („
Google EU
“; together with Google US „
Google
“).
Hotjar Ltd
,
Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's STJ 3141, Malta („
Hotjar
“).
HubSpot, Inc.
, 25 First Street, Cambridge, MA 02141, USA („
HubSpot
“).
Instagram LLC.
, subsidiary of Facebook Inc., 181 South Park Street, San Fransisco, CA 94107, USA („
Instagram
“).
LinkedIn Ireland Unlimited Company
, Wilton Plaza, Wilton Place, Dublin 2, Ireland („
LinkedIn
“).
Meta Platforms Inc.
, 1601 S. California Ave, Palo Alto, California 94304, USA („
Facebook US
“)
Meta Platforms Ireland Limited
, 4 Grand Canal Quare, Dublin 2, Ireland („
Facebook EU
“; together with Facebook US („
Facebook
“).
Microsoft Corporation
, One Microsoft Way, Redmond, WA 98052-6399, USA („
Microsoft US
“).
Microsoft Ireland Operations Limited
, OneMicrosoft Place South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland („
Microsoft EU
“; together with Microsoft US „
Microsoft
“).
Namecheap, Inc.
, 4600 East Washington Street, Suite 300, Phoenix, AZ 85034, USA („
Namecheap
“).
Overloop SRL
, rue des Pères Blancs 4, 1040 Brussels, Belgium („
Overloop
“).
Webflow, Inc.,
398 11
th
Street, 2
nd
Floor, San Francisco, CA 94103, USA
(„
Webflow
“).
Zenleads, Inc. (Apollo.io)
, 440 N Barranca Ave #4750, Covina, CA 91723, USA („
Apollo
“).
It is possible that the registered office of a third-party provider is located in a third country, i.e., a country where the GDPR does not have direct legal effect. In such cases, the transfer of data takes place only in accordance with the strict requirements outlined in Section A.(9).
Apart from that, we only share your personal data with third parties if you have given your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and/or § 25 para. 2 no. 2 TDDDG.
(9) Conditions for the Transfer of Personal Data to Third Countries
As part of our business relationships, your personal data may be disclosed or transferred to third-party companies, including those located outside the European Economic Area (EEA), i.e., in so-called third countries. Such processing takes place exclusively for the purpose of fulfilling contractual and business obligations and maintaining the business relationship with our customers or, in turn, with their end customers.
Any processing of personal data in a third country is only permitted if the specific requirements of Art. 44 et seq. GDPR are met. This specifically includes the conclusion of Standard Contractual Clauses ("
EU
SCCs
") with the subcontractor. The contractor is required to use the "Processor to Processor" module and to carry out a Transfer Impact Assessment ("
TIA
").
Further details of any data transfer will be provided to you at the relevant sections of this privacy policy.
For the United States, a Data Privacy Framework (DPF) agreement has been concluded between the European Union and the USA to ensure compliance with European data protection standards when processing data in the USA. Under this framework, any company certified under the DPF commits to upholding these data protection standards. More information is available from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
(10) No Automated Decision-Making (including Profiling)
We do not intend to use any of the personal data collected from you for procedures involving automated decision-making, including profiling.
(11) No Obligation to Provide Personal Data
Our customers do not make the conclusion of contracts conditional on the prior provision of personal data. As a visitor to our website or an end customer of our customer, you are generally not legally or contractually obliged to provide us with your personal data. However, certain services may be partially or fully unavailable if the necessary data is not provided. If such a case arises for any of the products or services we offer, you will be explicitly informed of this in advance.
(12) Legal Obligation to Disclose Certain Data
We may, in individual cases, be subject to a legal or regulatory obligation to disclose lawfully processed personal data to third parties, especially public authorities (Art. 6 para. 1 sentence 1 lit. c GDPR).
(13) Your Rights
You may assert your rights as a data subject with regard to the processing of your personal data at any time using the contact information provided in Section A.(2). You have the right to:
Access (Art. 15 GDPR): Obtain information about your data processed by us, including processing purposes, data categories, recipient categories, planned storage duration, the existence of rights to rectification, erasure, restriction of processing or objection, the origin of your data (if not collected by us), and the existence of automated decision-making (including profiling) and, where applicable, meaningful information about the logic involved;
Rectification (Art. 16 GDPR): Request the immediate correction of inaccurate data or completion of your personal data stored by us;
Erasure (Art. 17 GDPR): Request the deletion of your data unless the processing is required to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
Restriction of Processing (Art. 18 GDPR): Request the restriction of processing if the accuracy of the data is disputed by you or the processing is unlawful;
Data Portability (Art. 20 GDPR): Receive the personal data you provided in a structured, commonly used, and machine-readable format or to request transmission to another controller ("
data portability
");
Objection (Art. 21 GDPR): Object to the processing of your data, provided the processing is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR, especially if the processing is not required for the performance of a contract. If you object to processing not related to direct marketing, please provide reasons why we should no longer process your data as previously carried out. In the case of a justified objection, we will examine the situation and either cease or adjust data processing or demonstrate compelling legitimate grounds for continuing it;
Withdrawal of Consent (Art. 7 para. 3 GDPR): Revoke any previously given consent (even if granted before the GDPR came into effect on 25 May 2018) at any time. This means we may no longer continue data processing based on that consent going forward;
Lodge a Complaint (Art. 77 GDPR): File a complaint with a supervisory authority, in particular with the authority responsible for us:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin
Phone: +49 30 13889-0
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de
Website:
https://www.datenschutz-berlin.de
(14) Changes to This Privacy Policy
In the course of ongoing legal developments in data protection law or due to technological or organizational changes, our privacy policy is regularly reviewed to determine the need for updates or additions. You will be informed of any changes, particularly on our German-language website at:
https://www.saiz.io/de
. This privacy policy is effective as of April 2025.
B. Website Visits
(1) Function Explanation
You can find information about our company and the services we offer, in particular, on
www.saiz.io
, including the related subpages (collectively referred to as “
Websites
”). When you visit our websites, personal data about you may be processed.
(2) Personal Data Processed
When using our websites for informational purposes only, we collect, store, and further process the following categories of personal data:When you visit our websites, a temporary and anonymized log record (so-called server log files) is stored on our web server ("
log
data
"). This log data includes:
the page from which the request was made (referrer URL);
the name and URL of the requested page;
the date and time of access;
a description of the type, language, and version of the web browser used;
the IP address of the requesting computer, shortened to make it no longer personally identifiable;
the volume of data transferred;
the operating system used;
a message indicating whether the request was successful (access status/HTTP status code); and
the GMT time zone difference.There is no merging of this data with other data sources.
There is no merging of this data with other data sources.
(3) Purpose and Legal Basis of Data Processing
We process the aforementioned personal data in accordance with the GDPR and other applicable data protection laws, only to the extent necessary. Where processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, the stated purposes also represent our legitimate interests.
The log data is processed for the following purposes:
to ensure a smooth connection to the website,
to optimize the content and performance of our website, and
to ensure system security and stability.
These are in both your and our legitimate interest. We may also use the data to fulfill legal obligations in cooperation with law enforcement authorities. Under no circumstances do we use the data collected to draw conclusions about you personally.
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Log files are stored for 2 months.
(4) Duration of Data Processing
Your data will only be processed for as long as necessary to achieve the above-mentioned processing purposes. The legal basis for processing, as outlined above, applies accordingly.
Third parties engaged by us will store your data on their systems only as long as is necessary to fulfill their contractual obligations to us.
For further information on data storage periods, see Section A.(4).
(5) SSL and TLS Encryption
For security reasons and to protect the transmission of confidential content (such as orders or inquiries you send to us as the site operator), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in your browser's address bar from "http://" to "https://" and the lock icon in the browser bar.
When SSL or TLS encryption is activated, any data you transmit to us cannot be read by third parties.
(6) Hosting & Content Delivery Network
a) Namecheap
We use Namecheap as our website hosting provider. Namecheap offers services including domain registration, web hosting, and additional IT-related services. In providing these services, technical data such as IP addresses, server logs, and usage statistics are processed to ensure the reliable operation of our website.
Processing takes place to fulfill contractual obligations and based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). We have signed a data processing agreement with Namecheap, which ensures that your data is processed in compliance with applicable data protection standards.
Namecheap’s privacy policy can be found here:
https://www.namecheap.com/legal/general/privacy-policy/
b) Webflow
We host our website using Webflow, provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.
Webflow processes personal data of website visitors for the purpose of hosting and presenting the website on our behalf. All data collected via our website is processed and stored on Webflow’s servers. When you visit our website, Webflow captures various log files, including your IP address.
Webflow uses cookies and other recognition technologies necessary for the website’s presentation, feature delivery, and security (essential cookies).
The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If consent is obtained, processing is based solely on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG (German Telecommunications-Telemedia Data Protection Act), where consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting). Consent may be revoked at any time.
Further information about Webflow's data protection can be found at:
https://webflow.com/legal/eu-privacy-policy
Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://webflow.com/legal/eu-privacy-policy
Webflow is also certified under the EU-US Data Privacy Framework (DPF), a framework agreed between the EU and the USA to ensure the adherence to EU data protection standards in the US. Each company certified under DPF commits to complying with these standards.
You can find further information here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
We have signed a Data Processing Agreement (DPA) with Webflow. This is a legally required contract that ensures Webflow only processes personal data of our website visitors according to our instructions and in compliance with the GDPR.
(7) Use of Cookies, Plugins and Other Services on Our Website
a) Cookies
You can find information about our company and the services we offer, in particular, on
www.saiz.io
, including the related subpagTo make your visit to our website more attractive and to enable the use of certain functions, we use cookies. Some of these are cookies that are automatically deleted when you close your browser (so-called “
session
cookies
”); others remain on your end device and enable us to save your site settings (so-called “
persistent
cookies
”). The storage duration of these cookies can be found in the cookie settings section of your web browser. Cookies are small text files that are assigned and stored on your hard drive by the browser you are using via a unique string of characters, and through which specific information flows to the entity setting the cookie. Cookies cannot execute programs or transmit viruses to your computer and therefore cannot cause any damage. They are used to make the overall Internet offering more user-friendly and effective, and thus more pleasant for you.
Cookies can contain data that make it possible to recognize the device being used. In some cases, cookies only contain information on certain settings that are not personally identifiable. Cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted once you close your browser, and persistent cookies, which are stored beyond an individual session. In terms of their functionality, cookies are also categorized as follows:
Technical cookies:
These are strictly necessary for navigating the website, using essential features, and ensuring the security of the website. They do not collect information for marketing purposes or store which websites you have visited.
Performance cookies:
These collect information on how you use our website, which pages you visit, and whether you experience errors. They do not collect information that identifies you – all data collected is anonymous and is used only to improve our website and better understand our visitors’ interests.
Advertising and targeting cookies:
These serve to provide tailored advertising to website users either on the website or from third-party offers, and to measure the effectiveness of these offers. Advertising and targeting cookies are stored for a maximum of 17 months.
Sharing cookies:
These are used to improve the interactivity of our website with other services (e.g., social networks). Sharing cookies are stored for a maximum of 17 months.
(i) Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) GDPR. The legal basis for processing personal data using cookies for analytical purposes is the user’s consent under Art. 6(1)(a) GDPR or § 25(2) No. 2 TDDDG (German Telecommunications and Telemedia Data Protection Act).
You can configure your browser to inform you when cookies are being set and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or in general. Please note that disabling cookies may limit the functionality of our website.
Any use of cookies that is not strictly technically necessary constitutes data processing that is only permissible with your explicit and active consent in accordance with Art. 6(1)(a) GDPR and/or § 25(2) No. 2 TDDDG. This particularly applies to the use of advertising, targeting or sharing cookies. We also only share your personal data processed through cookies with third parties if you have given your explicit consent under Art. 6(1)(a) GDPR or § 25(2) No. 2 TDDDG.
(ii) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
User data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. Analysis cookies tell us how the website is used, allowing us to continuously optimize our offering. This is also where our legitimate interest in the processing of personal data lies under Art. 6(1)(f) GDPR.
(iii) Duration of storage, objection and removal options
Cookies are stored on the user’s device and transmitted from there to our site. As the user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.
b) Web Analysis Services
(i) Google Analytics
This website uses Google Analytics (GA), a tracking and analytics tool provided by the American company Google Inc. (“
Google
”). For users in the European Economic Area, Google Ireland Limited, Gordon House, Barrow Street, Dublin, Ireland (“
Google
Ireland
”), is responsible for all Google services. Google Analytics collects data about your interactions with our website. For instance, if you click on a link, this information is transmitted to and stored on a server hosted by Google Cloud before being processed by Google Analytics. The types of information collected may include your operating system, browser type, IP address, and referring URL. We use the reports provided by Google Analytics to better tailor our website and services to your needs. Below, we explain in more detail how this tracking tool works, what data is collected, and how you can opt out of tracking.
Google Analytics is a tool used to analyze traffic on our website. To enable its functionality, a tracking code is embedded into our website’s code. When you visit our site, this code records various user actions, such as the pages you view or the links you click. While you browse our website, this data is transmitted to Google Cloud, where it is stored before being sent to the Google Analytics servers for further processing and analysis.
Google processes the collected data and provides us with reports about user behavior. These may include the following:
Audience reports:
These help us understand our users better and identify the target groups interested in our services.
Ad reports:
These allow us to analyze and improve our online advertising efforts.
Acquisition reports:
These provide insights into how we can attract more people to our services.
Behavior reports:
These show how users interact with our website, such as their navigation path and which links they click.
Conversion reports:
A "conversion" is a desired action resulting from a marketing message—for example, when a visitor becomes a customer or newsletter subscriber. These reports help us understand the effectiveness of our marketing campaigns and improve our conversion rate.
Real-time reports:
These allow us to see in real time what is happening on our website, such as how many users are currently reading this text.
Legal Basis
The use of Google Analytics is based on your consent, which we obtain via our cookie consent banner. This consent constitutes the legal basis under Article 6(1)(a) GDPR and/or § 25(2) No. 2 TDDDG for the processing of personal data that may occur in the context of using web analytics tools.
In addition to your consent, we have a legitimate interest in analyzing user behavior to improve both the technical performance and the economic efficiency of our website. With the help of Google Analytics, we can detect errors, identify security threats, and optimize the performance of our platform. The legal basis for this is Article 6(1)(f) GDPR (legitimate interest). However, we only use Google Analytics if you have given your explicit consent.
Google also processes your data in the United States, among other countries. When data is transferred to recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway—especially the USA), Google relies on so-called Standard Contractual Clauses (SCCs) as provided for in Art. 46(2) and (3) GDPR. These are template agreements issued by the European Commission to ensure that your personal data continues to be subject to European data protection standards, even when transferred outside the EU. By agreeing to these SCCs, Google commits to upholding EU data protection rules, even when data is stored, processed, or managed in the United States. The European Commission’s implementing decision and the SCCs can be accessed at:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
Google is certified under the EU–US Data Privacy Framework (DPF), an agreement between the EU and the U.S. that aims to ensure that U.S. companies comply with European data protection standards. Companies certified under the DPF are committed to upholding these standards.
You can find more information here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Google’s Ads Data Processing Terms, which reference the SCCs, are available here:
https://business.safety.google/intl/en/adsprocessorterms/
We hope this explanation has helped you understand how Google Analytics processes data. If you would like to learn more about the service, we recommend the following links:
https://marketingplatform.google.com/about/analytics/terms/de/
and
https://support.google.com/analytics/answer/6004245?hl=en
Further information is also available on Google’s website at:
https://marketingplatform.google.com/about/analytics/
Privacy Policy:
https://policies.google.com/privacy
Opt-out and Cookie Settings: via your privacy preferences
Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Demographic Features in Google Analytics
This website uses the “Demographic Features” functionality of Google Analytics. This allows us to create reports that provide information about the age, gender, and interests of website visitors. These data are derived from Google’s interest-based advertising and third-party visitor data. These data cannot be attributed to any specific individual. You can disable this feature at any time through your Google account’s ad settings or generally opt-out of data collection by Google Analytics, as outlined in the "Opt-out of Data Collection" section.
IP Anonymization
We have activated IP anonymization on this website. This means that your IP address is truncated by Google within the European Union member states or other countries that are part of the Agreement on the European Economic Area before it is transmitted to the U.S. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Purpose of Data Processing
Our goal with this website is clear: we want to offer our services to you in the best possible way. The statistics and data from Google Analytics help us achieve this goal.
The statistically analyzed data give us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site to be more easily found by interested people on Google. On the other hand, the data helps us better understand you as a visitor. This allows us to know exactly what we need to improve on our website in order to offer you our services in the best possible way. The data also helps us conduct more personalized and cost-effective advertising and marketing campaigns. After all, it makes sense to show our products and services to people who are already interested in them.
Processed Personal Data
Google Analytics creates a random, unique ID using a tracking code that is associated with your browser’s cookie. This allows Google Analytics to recognize you as a new user. When you visit our website again, you will be recognized as a returning user. All collected data is stored along with this user ID, enabling the creation of pseudonymous user profiles.
To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored under this property. For each newly created property, Google Analytics 4 properties are used by default. However, you can still create a Universal Analytics property. The data is stored for different durations depending on which property is used.
Your interactions on our website are measured using identifiers like cookies and app-instance IDs. Interactions refer to any actions you take on our website. If you also use other Google systems (e.g., a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. There may be exceptions if required by law.
The following data is specifically collected by Google Analytics:
Heatmaps:
Google generates so-called heatmaps, which show the areas you click on. This provides us with insights into where you navigate on our site.
Session Duration:
Google refers to the time you spend on our site without leaving as "session duration." If you are inactive for 20 minutes, the session ends automatically.
Bounce Rate:
A bounce occurs when you visit only one page on our site and then leave without interacting with other pages.
IP Address:
The IP address is only displayed in truncated form so that it cannot be uniquely attributed to you.
Location:
The country and approximate location can be determined via the IP address, a process known as IP geolocation.
Technical Information:
This includes information such as your browser type, internet service provider, or screen resolution.
Source of Origin:
Google Analytics (and we) are also interested in how you arrived at our website, such as which website or advertisement led you to us.
Other data includes contact details, reviews, media playback (e.g., when you play a video on our site), sharing of content via social media, or adding to your favorites. This list is not exhaustive and serves only as a general overview of the data stored by Google Analytics.
Duration, Opt-out and Deletion Options
Google has servers distributed worldwide, with most located in the United States. As a result, your data is usually stored on U.S. servers. You can find the exact locations of Google’s data centers here:
https://www.google.com/about/datacenters/locations/?hl=en
Your data is distributed across various physical storage devices, which ensures faster access and better protection from tampering. Each Google data center has emergency programs in place to protect your data. Even if Google’s hardware fails or natural disasters affect servers, the risk of service disruption remains low. The data retention period depends on the properties used. With Google Analytics 4 properties, the retention period for your user data is set to 14 months by default. For other event data, we can choose between a retention period of 2 months or 14 months.
For Universal Analytics properties, the default retention period for your user data is 26 months. After this period, your user data is deleted. However, we can choose the retention period for user data from 5 available options:
Deletion after 14 months
Deletion after 26 months
Deletion after 38 months
Deletion after 50 months
No automatic deletion
Additionally, there is the option to have data deleted only if you do not visit our website within the selected period. In this case, the retention period will be reset each time you visit our site within the set period.
Once the specified period has elapsed, data is deleted monthly. The retention period applies to your data associated with cookies, user identification, and ad IDs (e.g., DoubleClick domain cookies). Report results based on aggregated data are stored independently of user data. Aggregated data is a compilation of individual data into larger units.
How Can I Delete My Data or Prevent Data Storage?
Under European Union data protection law, you have the right to request access to your data, update it, delete it, or restrict its processing. Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js) prevents Google Analytics from using your data. You can download and install this browser add-on here:
https://tools.google.com/dlpage/gaoptout?hl=en
Please note that this add-on only disables data collection by Google Analytics.
Data Processing Agreement
We have entered into a data processing agreement with Google and fully comply with the strict requirements of German data protection authorities when using Google Analytics.
Details on the processing initiated by Google Analytics and how Google handles website data can be found here:
https://policies.google.com/technologies/partner-sites
For the transfer of data from the EU to the U.S., Google relies on so-called Standard Contractual Clauses provided by the European Commission to ensure the maintenance of European data protection standards in the U.S.
The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the U.S. that ensures compliance with European data protection standards in the U.S. You can find more information here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Further guidance from Google Analytics is available here:
https://policies.google.com/privacy?hl=en&gl=en
Deletion: More information about the deletion of personal data by Google can be found here:
https://policies.google.com/privacy?hl=en&gl=en
(ii) Hotjar
We use Hotjar to better understand user behavior on our website and continuously improve user experience. This involves collecting aggregated and anonymized data such as mouse clicks, scrolling behavior, heatmaps, and user interactions. The data processing is based on Art. 6(1)(f) GDPR, as it serves our legitimate interest in user-centered website optimization. Hotjar is bound by a contractual agreement ensuring the protection and confidentiality of your data. For further information, please refer to Hotjar's privacy policy:
https://www.hotjar.com/legal/policies/privacy/
c) Retargeting / Remarketing / Recommendation Advertising
(i) Google AdWords and Google Conversion Tracking
This website uses Google AdWords, an online advertising program by Google.
As part of Google AdWords, we use what's called Conversion Tracking. When you click on an ad displayed by Google, a cookie is placed for conversion tracking. Cookies are small text files that the internet browser places on the user's computer. These cookies expire after 30 days and do not serve to personally identify users. If the user visits specific pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to that page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across AdWords customers' websites. The information collected through the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are informed about the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, no personal identifying information about users is provided. If you do not wish to participate in tracking, you can opt out of the use of Google Conversion Tracking cookies by changing your browser settings. You will then not be included in the conversion tracking statistics. The storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DS-GVO. The website operator has a legitimate interest in analyzing user behavior to optimize both their web offering and advertising.
For more information on Google AdWords and Google Conversion Tracking, please refer to Google's privacy policy:
https://www.google.de/policies/privacy/
.
You can configure your browser to notify you when cookies are set and only allow cookies on a case-by-case basis, block the acceptance of cookies for certain cases or generally, and activate automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.
The legal basis for using Google AdWords is Art. 6 para. 1 a) DS-GVO (consent) or § 25 para. 2 no. 2 TDDG and Art. 6 para. 1 f) DS-GVO (pursuing a legitimate interest): We use Google AdWords with a legitimate interest in improving the user experience for users and visitors to the website.
Deletion
:
Further information about deleting personal data by Google can be found at:
https://policies.google.com/privacy?hl=en&gl=en
Google processes your data, including in the USA. As a basis for data processing in recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or data transfer to such countries, Google uses standard contractual clauses (Art. 46 para. 2 and 3 DS-GVO). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data meets the European privacy standards when transferred and stored in third countries (such as the USA). These clauses obligate Google to comply with European privacy standards even when data is stored, processed, and managed in the USA. You can find the decision and the corresponding standard contractual clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?eliuri=eli%3Adec_impl%3A2021%3A914%3Aoj&locale=en
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European privacy standards in data processing in the USA. Any company certified under the DPF commits to adhering to these privacy standards. You can find more information about this from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
The Google Ads data processing terms, which refer to the standard contractual clauses, can be found at:
https://business.safety.google/intl/de/adsprocessorterms/
.
(ii) Google Ads Remarketing
Our website uses the features of Google Ads Remarketing. With this, we advertise this website in Google search results and on third-party websites. The provider is Google. To this end, Google sets a cookie in your browser, which automatically enables interest-based advertising based on the pages you visit, using a pseudonymous cookie ID. Further data processing only takes place if you have consented to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads that you view on the web. If, during your visit to our website, you are logged into Google, Google uses your data in conjunction with Google Analytics data to create and define audience lists for cross-device remarketing. Your personal data may temporarily be linked with Google Analytics data to create target audiences. In the context of Google Ads Remarketing, it may also lead to personal data being transferred to Google LLC's servers in the USA.
Details about the data processing initiated by Google Ads Remarketing and how Google handles data from websites can be found here:
https://policies.google.com/technologies/partner-sites
You can permanently opt out of the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
For further information and privacy policies regarding advertising and Google, you can refer to:
https://www.google.com/policies/technologies/ads
All the above-described processes, especially the setting of cookies to read information on the device used, will only be carried out if you have explicitly consented to them under Art. 6 para. 1 lit. a DS-GVO or § 25 para. 2 no. 2 TDDG. You can withdraw your consent at any time for the future by deactivating this service in the cookie consent tool provided on the website.
Google processes data from you, including in the USA. As a basis for data processing with recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or data transfer to such countries, Google uses standard contractual clauses (Art. 46 para. 2 and 3 DS-GVO). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are designed to ensure that your data meets the European privacy standards when transferred and stored in third countries (like the USA). These clauses commit Google to maintain European privacy standards when processing, storing, and managing data in the USA. These clauses are based on an EU Commission implementation decision. You can find the decision and the corresponding standard contractual clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?eliuri=eli%3Adec_impl%3A2021%3A914%3Aoj&locale=en
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European privacy standards for data processing in the USA. Each company certified under the DPF agrees to comply with these privacy standards. More information can be found from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
The Google Ads data processing terms, which refer to the standard contractual clauses, can be found here:
https://business.safety.google/intl/de/adsprocessorterms/
.
(iii) LinkedIn Ads
We use the advertising services of LinkedIn Ads, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn Ads allows us to display targeted ads to LinkedIn users based on their usage behavior and interests. LinkedIn uses tracking technologies such as cookies, pixels, and API integrations.
If you are logged into LinkedIn, LinkedIn can associate your visit to our website with your LinkedIn profile. LinkedIn can use the collected data for its own advertising purposes.
The use of LinkedIn Ads is based on Art. 6 para. 1 lit. a DS-GVO (consent), which is obtained via our cookie management tool. You can withdraw your consent at any time with effect for the future.
If you want to deactivate LinkedIn ad cookies, you can do so via the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
.
For further information on LinkedIn's data processing, refer to LinkedIn's privacy policy:
https://www.linkedin.com/legal/privacy-policy
.
Data transfer to the USA is secured by the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/legal/l/eu-sccs
.
d) Tools and Miscellaneous
(i) Cookie Consent Tool
This website uses a so-called Cookie Consent Tool to obtain valid user consent for cookies and cookie-based applications that require consent. The Cookie Consent Tool is displayed to users when they visit the site in the form of an interactive user interface, where consents for specific cookies and/or cookie-based applications can be granted by ticking checkboxes. By using this tool, all consent-required cookies and services are only loaded when the respective user has given consent by ticking the appropriate checkboxes. This ensures that such cookies are only placed on the user's device if consent has been given. The provider of the Cookie Consent Banner is Finsweet.
The tool sets technically necessary cookies to store your cookie preferences. Personal data of users are generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this will be done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in ensuring a legally compliant, user-specific, and user-friendly consent management for cookies and thus in the legally compliant design of our website.
Another legal basis for the processing is Art. 6 (1) lit. c GDPR. As controllers, we are legally obligated to make the use of technically non-essential cookies dependent on user consent.
Further information about the operator and the settings options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
(ii) Weglot
We use Weglot to provide a multilingual user experience on our website. Weglot is an automated translation service that allows us to offer content in multiple languages, making our website accessible to an international audience. When visiting our website and using Weglot’s multilingual feature, personal data is processed to provide real-time translations and store user preferences regarding the preferred language.
Weglot stores data necessary to perform the translations and may also collect usage data to optimize the service's performance. This data may include IP addresses, language preferences, and interactions with the website. The processing is based on our legitimate interest under Art. 6 (1) lit. f) GDPR, as providing a multilingual website is in our legitimate interest to reach a larger user group and improve the user experience.
The data used by Weglot is stored on servers within the EU and in third countries, with appropriate safeguards implemented to protect the data in accordance with the requirements of the GDPR. For more information on the processing of your data by Weglot and its privacy practices, please refer to Weglot's privacy policy:
https://www.weglot.com/privacy
.
(iii) Google Web Fonts (local hosting)
This site uses Google Fonts, whichare provided by Google EU, to ensure consistent font display. The Google Fontsare locally installed. No connection to Google’s servers occurs in thisprocess.
The use of Google Fonts is for the purpose ofpresenting our online offerings in a consistent and appealing manner. Thisconstitutes a legitimate interest under Art. 6 (1) lit. f GDPR.
For more information about Google Fonts, please visit:
https://developers.google.com/fonts/faq
and Google’s privacy policy:
https://policies.google.com/privacy?hl=en
.
(iv) Google Recaptcha
We use “Google reCAPTCHA” (hereinafter “
reCAPTCHA
”) on our websites. The provider is Google. This function is mainly used to distinguish whether an entry is made by a natural person or abusively by automated processing.
To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visit, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analysis runs completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is carried out on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and SPAM.
Where legally required, we have obtained your consent for the above-described data processing in accordance with Art. 6 (1) lit. a GDPR or § 25 (2) No. 2 TDDG. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please follow the option described above for making an objection. As part of the use of Google reCAPTCHA, personal data may also be transmitted to Google LLC servers in the USA. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards when processing data in the USA. Each company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
For more information about Google reCAPTCHA and Google’s privacy policy, please visit:
https://cloud.google.com/security/products/recaptcha?hl=en
and
https://www.google.com/intl/en/policies/privacy/
Deletion: Further information on the deletion of personal data by Google can be found here:
https://policies.google.com/privacy?gl=US&hl=en
(v) YouTube Videos
This website uses the YouTube embedding feature to display and play videos from the provider "YouTube," which belongs to Google.
In this case, the enhanced privacy mode is used, which, according to the provider’s information, only triggers the storage of user information when the video(s) are played. When the embedded YouTube videos are started, the provider “YouTube” sets cookies to collect information about user behavior. According to “YouTube,” these are used, among other things, to collect video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged into Google, your data is directly associated with your account when you click on a video. If you do not want the data to be associated with your profile on YouTube, you must log out before activating the button. You have the right to object to the creation of these user profiles, and for the exercise of this right, you must contact YouTube. As part of the use of YouTube, personal data may also be transmitted to the servers of Google LLC in the USA.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards when processing data in the USA. Each company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Regardless of whether the embedded videos are played, a connection to the Google network is established when this website is accessed, which can trigger further data processing operations beyond our control.
All the data processing described above, in particular the reading of information on the used device via the tracking pixel, is only carried out if you have explicitly given your consent in accordance with Art. 6 (1) lit. a GDPR or § 25 (2) No. 2 TDDG. Without this consent, the use of YouTube videos will be omitted during your visit to the site. You can withdraw your consent at any time with effect for the future. To exercise your revocation, please disable this service in the Cookie Consent Tool provided on the website or use the alternative methods communicated to you on the website.
For more information about privacy on YouTube, please refer to the YouTube terms of service:
https://www.youtube.com/static?template=terms
as well as Google’s privacy policy:
https://policies.google.com/privacy
C. Permission for Direct Marketing pursuant to § 7 (3) UWG
The email address collected during the purchase of a product on our website is used for direct advertising of our own and similar products. If you no longer wish to receive direct advertising, you can object to the use of your email address at any time by sending an email to:
data.privacy@saiz.io
.
According to Art. 21 (2) GDPR, you have the right to object at any time to the processing of your personal data concerning you. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. Please note that the objection only applies to future processing. Processing that took place before the objection is not affected.
D. Appointment Booking
On our website, you have the option to schedule appointments with us. For appointment bookings, we use a technology provided by HubSpot to schedule discovery calls.
To book an appointment, you must enter the requested data and your preferred date and time into the designated form. The data entered will be used for planning, carrying out, and, if necessary, follow-up of the appointment. Furthermore, HubSpot and eTermin record log files (such as the number and timing of page visits, browser, browser version, operating system, and an anonymized IP address). When booking an appointment through our website, we require your email address and information that allows us to verify that you are the owner of the specified email address and that you agree to receive emails. We use the double opt-in procedure for this.
The legal basis for data processing is Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in offering a simple appointment scheduling process for interested parties and customers. If consent is requested, the processing is based exclusively on Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. You can revoke your consent at any time with effect for the future by disabling the service in the cookie consent banner on our website.
We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a legally required contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
E. Newsletter Subscription
In addition to purely informational use of our website, we offer a subscription to our newsletter, which keeps you informed about new products, promotions, company updates, and content related to our mission, services, and products. If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. We use the double opt-in procedure. No further data is collected unless on a voluntary basis. This data is used solely for sending the newsletter and is only shared with the external service provider HubSpot involved in the newsletter delivery. Otherwise, the data will not be shared with third parties.
When you sign up for our newsletter, the following “newsletter data” is collected, stored, and processed by us:
Name
Address
Telephone number
Email address
Date and time of registration and confirmation
Please note that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. To conduct these evaluations, we link the above data and the web beacons with your email address and an individual ID. Links contained in the newsletter also include this ID. The data is collected exclusively in pseudonymized form, meaning the IDs are not linked with your other personal data, and direct identification is excluded.
The processing of newsletter data is for the purpose of sending the newsletter. By registering for our newsletter, you consent to the processing of your personal data (legal basis: Art. 6 (1) lit. a GDPR and § 25 (2) No. 2 TDDDG). We use the double opt-in process for registration. This means that after registering, we will send you an email to the specified address asking you to confirm that you want to receive the newsletter. The purpose of this procedure is to verify your registration and to investigate possible misuse of your personal data.
You can revoke your consent to receive the newsletter at any time. You can unsubscribe using the link provided in every newsletter email, by emailing data.privacy@saiz.io, or by sending a message to the contact details provided in the legal notice (imprint). The legality of the data processing already carried out remains unaffected by the revocation. The newsletter is created for us by the third-party provider HubSpot, which also has access to our account.
The dispatch of our newsletter is carried out using the technical service HubSpot, operated by
HubSpot, Inc.
, 25 First Street, Cambridge, MA 02141, USA (“
HubSpot
”) (
https://www.hubspot.com/
), to whom we pass the data provided during the newsletter registration. HubSpot is a service that allows organization and analysis of newsletter dispatch. HubSpot offers statistical analysis of usage data, but this is generally done in an aggregated, not individual, form. The usage data generated by HubSpot is generally not individually evaluated. However, if you open a newsletter using the browser link provided in the email, the analytics tool Google Analytics is used on the displayed website. Only Google Analytics has access to the data generated. You can prevent tracking by Google Analytics by using specific browser plugins. You can find Google Analytics’ privacy policy at:
https://policies.google.com/privacy
If you do not want your data analyzed by Google Analytics, you must unsubscribe from the newsletter. A link for this is included in every newsletter message. Alternatively, you can send us an email to express your decision to unsubscribe.
The purpose of using HubSpot is to manage email addresses, messages, and newsletter distribution in an organized and efficient way.
HubSpot stores and processes the following: first name, last name, email, country, usage data, company, trackers, and various other data types.
The place of processing is the United States.
The legal basis for using HubSpot is Art. 6 (1) lit. f GDPR (pursuit of a legitimate interest), which is our legitimate interest in using an effective, secure, and user-friendly newsletter system. HubSpot uses this information to send newsletters on our behalf. HubSpot does not use the data of our newsletter recipients to contact them independently or to share it with third parties.
Deletion: The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and those of HubSpot after the cancellation. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected.
For more details, see HubSpot’s privacy policy at:
https://legal.hubspot.com/privacy-policy
We have concluded a so-called Data Processing Agreement with HubSpot, in which we obligate HubSpot to protect our customers’ data and not to pass it on to third parties. This agreement can be viewed at the following link:
https://legal.hubspot.com/dpa
F. Contact
(1) Conducting surveys or online forms
For conducting surveys or online forms, we use the service provided by HubSpot. HubSpot enables us to design and evaluate surveys and online forms. In addition to the personal data you enter into the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address is also collected, transmitted to HubSpot, and stored on HubSpot servers. The information you enter into the forms is stored password-protected to ensure that direct access is prevented and only we can evaluate the data for the purpose specified in the form. For the processing of personal data required for the performance of a contract with you (this also applies to processing operations necessary for carrying out pre-contractual measures), Art. 6 (1) lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Art. 6 (1) lit. a GDPR and/or § 25 (2) No. 2 TTDSG. Consent given can be revoked at any time with effect for the future.
We have concluded a data processing agreement with HubSpot for the use of the aforementioned services, under which HubSpot is obligated to protect the data of our website visitors and not to disclose it to third parties. You can find HubSpot’s privacy policy at:
https://legal.hubspot.com/privacy-policy
.
(2) Contact form
When using the contact form offered on these pages, the information and attached files you provide are transmitted and stored for the purpose of responding to your inquiry. A transfer of the data provided during contact to third parties only occurs if you have explicitly given your consent.
The legal basis for processing the data is Art. 6 (1) (b) GDPR (initiation of contractual relationships).
The data will be deleted immediately after your inquiry has been fully answered.
G. Size Recommendation
(1) Function and type of personal data affected
In the context of size recommendations in our customers’ online shops, we collect personal data from their end users prior to purchase completion. This includes age, height, gender, weight, body shape, waist, chest, and hip measurements.
We also use the following service providers: DataDog, Amazon, and Google.
(i) DataDog
Session Logging: The activity, purpose, and data of the sub-processing may include the collection, storage, and analysis of log data during the use of the SAIZ widget. These data serve to ensure the performance, security, and debugging of the SAIZ software.
DataDog’s privacy policy can be found at:
https://www.datadoghq.com/privacy/
.
(ii) Amazon Web Services (AWS)
Provision and operation of cloud and hosting services: Data processing takes place in AWS data centers within the European Union. The SAIZ size recommendation software is operated via AWS. AWS’s privacy policy can be found at:
https://aws.amazon.com/privacy/?nc1=h_ls
.
(iii) Google
Provision and operation of web analytics services: The SAIZ size recommendation software uses Google Analytics to analyze website usage and optimize the user experience. All data from end devices within the European Union is processed on servers located within the European Union.
The processing of personal data by the aforementioned service providers is based on a data processing agreement in accordance with Art. 28 GDPR. The storage and processing of data is solely for the purposes mentioned and in compliance with applicable data protection regulations. Google’s privacy policy can be found at:
https://policies.google.com/privacy
.
In cases where recipients are located in third countries (outside the European Union, Iceland, Liechtenstein, Norway – especially the USA) or where data is transferred to such countries, standard contractual clauses pursuant to Art. 46 (2) and (3) GDPR are used as the basis for data processing. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data continues to comply with European data protection standards even when transmitted to and stored in third countries such as the USA. Through these clauses, the companies commit to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and corresponding SCCs here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
.
All the above-mentioned companies are certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. More information can be found at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
(2) Purpose and legal basis for data processing
The collection of personal data from our customers’ end users is intended to determine the correct product size in advance to minimize potential returns.
The legal basis for data processing is Art. 6 (1) lit. a) GDPR and/or § 25 (2) No. 2 TTDSG and b) GDPR (consent, contract performance).
(3) Duration of data processing
Your data will only be processed for as long as it is necessary to achieve the aforementioned processing purposes; the corresponding legal bases apply accordingly.
H. SAIZone
(1) Function and type of personal data affected
SAIZone is an analytics platform that enables SAIZ customers to evaluate the performance of the size advisor, conduct return analyses, better understand target groups, and optimize product fit and size selection. These data-driven insights help make informed decisions to improve profitability and optimize fit accuracy.
In the course of using SAIZone, personal data is processed. This includes in particular the first and last names as well as the email addresses of users, which are recorded by authorized employees of our SAIZ customers when creating and managing user accounts. Furthermore, the personal data entered via the size advisor by end customers, such as age, gender, weight, and waist, chest, and hip measurements, are not processed individually, but in an aggregated, non-person-specific form. These data are converted into average values within relevant user groups, thereby excluding individual traceability.
(2) Purpose and legal basis for data processing
The processing of personal data is for the purpose of providing and operating the SAIZone platform. Additionally, it serves to analyze the performance of the size advisor to continuously improve the user experience. SAIZone helps customers make data-driven decisions to reduce return rates, improve fit, and optimize product development.
Furthermore, aggregated and anonymized average values are processed to derive relevant market and size insights.
The processing of these data is carried out strictly in accordance with applicable data protection regulations. The legal basis for processing is Art. 6 (1) lit. a) GDPR, if consent is required. Additionally, the processing is based on Art. 6 (1) lit. b) GDPR if necessary for the performance of a contract with our customers. § 25 (2) No. 2 TTDSG also applies if the processing is necessary for the provision of a specifically requested telemedia service.
All personal data is processed exclusively for the purposes stated and is protected by appropriate technical and organizational measures. Where possible, data processing is carried out in aggregated or anonymized form to avoid direct reference to individuals.
(3) Duration of data processing
Your data will only be processed for as long as it is necessary to achieve the aforementioned processing purposes; the corresponding legal bases apply accordingly.
I. Applications for Job Postings via Email
We currently advertise vacant positions in a dedicated section on our website, via LinkedIn, and via Coda. Interested individuals can apply via email to the contact address provided. To be included in the application process, applicants must submit all data required for a sound and informed assessment and selection along with their application email to the provided contact address.
Required information includes general personal details (such as name, address, a phone number or electronic means of contact), as well as performance-related evidence of qualifications necessary for the position. If applicable, health-related data may also be necessary, especially where such information must be given special labor and social law consideration in the applicant’s interest. The specific requirements for a valid application and the format in which the components must be sent via email can be found in the respective job posting.
Once the application has been received via the specified email contact address, the applicant's data will be stored and used exclusively for the purpose of processing the application. For follow-up questions during the application process, we may contact the applicant using either the email address or telephone number provided in the application.
The legal basis for these processes, including any follow-up contact, is generally Art. 6(1)(b) GDPR (for processing within Germany in conjunction with § 26(1) BDSG), whereby the application process is considered to be the initiation of an employment contract. Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data such as disability status) are requested during the application process, processing is carried out in accordance with the applicable legal data protection provisions.
Additionally or alternatively, the processing of such special data categories may be based on Art. 9(2)(h) GDPR, if it serves purposes of preventive or occupational medicine, the assessment of the applicant’s working capacity, medical diagnosis, or the provision or management of health or social care systems and services.
If the evaluation of an application does not lead to a selection decision or if the applicant withdraws their application prematurely, all data submitted via email as well as all associated email correspondence will be deleted no later than six (6) months after the corresponding notification.
This retention period is based on our legitimate interest in being able to respond to any follow-up questions regarding the application and, if necessary, to fulfill our obligations under equal treatment regulations. If you have explicitly agreed to be included in our talent pool after the conclusion of the application process, your data will be retained for one year.
In the event of a successful application, the submitted data will be further processed for the purpose of establishing the employment relationship on the basis of Art. 6(1)(b) GDPR (in Germany in conjunction with § 26(1) BDSG).
J. Company Profiles on Social Media Channels
This privacy policy applies to the following social media profiles of our company:
https://www.instagram.com/saiz.io/
https://www.linkedin.com/company/saiz-solutions/
https://www.youtube.com/@saizwithai
(1) Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The specific social networks we use are listed above.
Social networks such as Facebook, Twitter, etc., can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media profiles can trigger numerous data protection-relevant processing activities.
Specifically:
If you are logged into your social media account and visit our profile, the provider of that social media portal can link your visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account on the platform. This data collection may happen, for instance, via cookies stored on your device or by recording your IP address.
Using the collected data, the social media providers can create user profiles containing your preferences and interests. This allows interest-based advertising to be shown both on and off the respective platform. If you have an account with the respective social network, interest-based advertising may appear across all devices where you are or were logged in.
Please also note that we cannot fully track all data processing activities on social media portals. Depending on the provider, additional processing activities may be carried out by the social media operators. For details, please refer to the privacy policies and terms of use of the respective platforms.
(2) Legal Basis
Our social media presence is intended to ensure the broadest possible online presence of our company. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. Any analytical processes initiated by social networks themselves may be based on different legal grounds as specified by the platform providers (e.g., consent under Art. 6(1)(a) GDPR and § 25(2) No. 2 TDDDG).
(3) Joint Responsibility and Assertion of Rights
When you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the platform provider for any data processing triggered by your visit. You can assert your rights (e.g., access, rectification, deletion, restriction of processing, data portability, and complaints) both against us and against the provider of the respective platform (e.g., Facebook).
Please note, however, that our influence on the data processing by social media platforms is limited. Our control largely depends on the policies of the respective provider.
(4) Storage Duration
Data collected directly by us via our social media presence will be deleted from our systems once you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until deleted. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no control over how long your data is stored by social media providers for their own purposes. For details, please check directly with the respective provider’s privacy policies.
(5) Your Rights
You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to object to the processing, request data portability, and lodge a complaint with the appropriate supervisory authority. Additionally, you can request the correction, blocking, or deletion of your data and, in certain cases, the restriction of processing.
(6) Social Networks in Detail
(i) Instagram
We maintain a company profile on Instagram. The service provider is Meta EU.
Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381
For information on how Instagram handles your personal data, please refer to Instagram's privacy policy:
https://privacycenter.instagram.com/policy/
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the U.S. Each company certified under the DPF commits to these data protection standards. More information is available from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
(ii) LinkedIn
We maintain a company profile on LinkedIn. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data transfers to the USA are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://www.linkedin.com/legal/l/dpa
https://www.linkedin.com/legal/l/eu-sccs
In addition, the company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the U.S. Each company certified under the DPF commits to these data protection standards. More information is available from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
For information on how LinkedIn handles your personal data, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy
(iii) YouTube
We maintain a profile on YouTube. The provider is Google EU.
For information on how YouTube handles your personal data, please refer to YouTube’s privacy policy:
https://policies.google.com/privacy?hl=en
Since the parent company of Google EU is based in the United States, data transfers to the U.S. cannot be ruled out. Such transfers are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
https://policies.google.com/privacy/frameworks?hl=en
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards when processing data in the U.S. Each company certified under the DPF commits to these data protection standards. More information is available from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
K. Lead Generation and Sales Communication
(1) Overloop
We use Overloop to specifically support our sales activities and identify potential new customers. In this context, personal data – such as name, email address, phone number, and other contact information – is collected and processed to optimize sales processes and personalize outreach. The legal basis for this processing is Article 6(1)(f) of the GDPR, as it serves our legitimate interest in effective customer acquisition. We have entered into a comprehensive data processing agreement (DPA) with Overloop to ensure your data is processed in compliance with applicable data protection standards.
Further information and Overloop’s privacy policy can be found at:
https://overloop.com/privacy/
(2) Apollo
To support our sales and marketing activities, we use Apollo. This tool collects relevant personal data – including contact details, interaction history, and usage information – to accurately identify and target audiences. The processing is based on Article 6(1)(f) of the GDPR, as our legitimate interest lies in effective and targeted customer communication.
Apollo and its subsidiary, Zenleads Holdings LLC, are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). These certifications confirm that, when processing personal data – including in the case of international data transfers, such as to the United States – the strict requirements of the GDPR are met. In case of a conflict between the provisions of these certification frameworks and our privacy policy, the respective DPF principles shall take precedence. Further information and certification details can be found at:
https://www.dataprivacyframework.gov/
Furthermore, data processing with Apollo is carried out based on a comprehensive data processing agreement (DPA), ensuring that all personal data is processed in compliance with the strict requirements of the GDPR. Please note that Apollo services and its website are hosted in the United States. All international data transfers are subject to appropriate safeguards to ensure the European level of data protection.
For more information, please refer to Apollo’s privacy policy at:
https://www.apollo.io/privacy-policy
(3) Smartlead
We use Smartlead to support our sales and lead generation activities. Personal data – such as name, email address, phone number, and other relevant contact information – is collected and processed to identify potential customers and provide systematic follow-up. The processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in effective customer acquisition.
A comprehensive data processing agreement (DPA) is in place with Smartlead to ensure your data is processed in strict compliance with applicable data protection regulations. Smartlead stores and processes data defined as “EU data” in data centers located within and outside the European Union. Other user data may be processed in the USA, Australia, Europe, India, and globally, depending on where Smartlead, its affiliates, and/or subcontractors operate data processing activities. Smartlead implements appropriate safeguards to ensure the protection of personal data in compliance with applicable data protection laws.
Where personal data from the European Union, the European Economic Area, and Switzerland (hereinafter referred to as "EU data") is transferred to countries that do not ensure an adequate level of data protection, the transfer is based on the Standard Contractual Clauses (SCCs) in their applicable version. For such transfers, Smartlead acts as the "data importer," and we act as the "data exporter."
Detailed information on data processing and Smartlead’s privacy policy can be found at:
https://www.smartlead.ai/new-privacy-policy
(4) ZenAMB
We use ZenABM to evaluate the performance of our Account-Based Marketing (ABM) campaigns in detail and to measure their impact on revenue. ZenABM integrates data from our LinkedIn advertising account as well as from our CRM – including via a connection to HubSpot – and provides insightful dashboards to assess account scoring, ABM stage segmentation, and campaign insights. In this process, personal data such as business contacts, interaction data (e.g., impressions, clicks, engagement), and other relevant usage data are processed. This also includes data obtained directly from LinkedIn.
The processing of this data is based on Article 6(1)(f) of the GDPR, as we pursue a legitimate interest in optimizing our sales and marketing measures. A comprehensive data processing agreement (DPA) is in place with ZenABM, ensuring that all personal data – including that processed by LinkedIn – is protected in strict compliance with applicable data protection regulations.
Detailed information on data processing by ZenABM can be found in ZenABM’s privacy policy at:
https://zenabm.com/privacy-policy/
L. Information Obligation Pursuant to § 36 VSBG
There is no obligation and no willingness to participate in a dispute resolution procedure before a consumer arbitration board.
M. EU Consumer Dispute Resolution
General information obligation on online dispute resolution under the ODR Regulation.
We are required to inform you about the possibility of online dispute resolution in accordance with EU Regulation No. 524/2013, and we kindly refer you to the following link for your attention:
http://ec.europa.eu/consumers/odr/
We assume no responsibility for the content of this link or for other publications on the referenced homepage.
Last updated: April 8, 2025
