BUOYANCY TECHNOLOGIES

Privacy Policy

Controller of Data Processing

The controller responsible for data processing within the meaning of Art. 4(7) GDPR is:

Buoyancy Technologies SE
Rosenheimer Str. 143c
81671 Munich
Germany

Website: https://buoyancy.com

For inquiries regarding data protection you may contact us via the contact details listed on our website.

General Information

We take the protection of personal data seriously. Personal data is processed only where permitted by applicable law, in particular the General Data Protection Regulation (GDPR).

Processing of personal data may occur on one of the following legal bases:

  • Art. 6(1)(a) GDPR – consent of the data subject
  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – compliance with legal obligations
  • Art. 6(1)(f) GDPR – legitimate interests pursued by the controller

We generally collect personal data only when it is voluntarily provided by users or when technically necessary for operating the website.

Accessing Our Website (Server Log Files)

When you visit our website, the browser used on your device automatically sends information to our servers. These data are temporarily stored in server log files.

The following information may be collected:

  • IP address of the requesting device
  • date and time of access
  • requested URL or accessed resource
  • referrer URL
  • browser type and browser version
  • operating system of the device
  • name of the internet service provider

These data are processed for the purpose of ensuring the proper functioning, security and stability of the website.

The legal basis for this processing is Art. 6(1)(f) GDPR, based on our legitimate interest in maintaining a reliable online presence.

We do not use these log files to draw conclusions about individual users.

Hosting and Content Delivery Network (CDN)

Our website is delivered using infrastructure services provided by external hosting and network providers. In particular, we use services from:

Cloudflare, Inc.
101 Townsend Street
San Francisco, CA 94107
United States

Cloudflare provides network services including content delivery (CDN), traffic routing, distributed security protection and performance optimization. In order to deliver website content to users, Cloudflare operates a globally distributed network of servers.

When accessing our website, requests are routed through Cloudflare’s network. In this process, technical information such as the IP address, request headers, browser information and connection metadata may be processed.

The use of these services is intended to ensure the stability, security and performance of our website and is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Cloudflare may process data on servers located both within and outside the European Union. Where personal data is transferred to countries outside the EU or EEA, appropriate safeguards such as the EU Standard Contractual Clauses are applied in accordance with the GDPR.

Further information on Cloudflare’s data protection practices can be found at:
https://www.cloudflare.com/privacypolicy/

Cookies

Our website may use cookies to improve functionality and user experience.

Cookies are small text files stored on your device by your browser. They allow certain information to be stored locally.

Examples include:

  • login session cookies
  • preference cookies
  • cookies required for website functionality

You may configure your browser to refuse cookies or notify you before cookies are stored. Please note that some features of the website may not function correctly if cookies are disabled.

Comments

When visitors leave comments on the website, the information entered in the comment form is collected together with the visitor’s IP address and browser user agent string to assist spam detection.

An anonymized hash generated from the email address may be transmitted to the Gravatar service to check whether the user uses this service.

Gravatar Privacy Policy: https://automattic.com/privacy/

Once a comment is approved, the user’s profile picture may be publicly visible alongside the comment.

Media Uploads

If users upload images to the website, they should avoid including embedded location information (EXIF GPS data).

Visitors to the website may be able to download images and extract location information contained within them.

Embedded Content from Third-Party Websites

Our website may include embedded content from external websites, such as videos, images or articles.

Embedded content behaves in the same way as if the user had visited the external website directly.

Such third-party providers may collect data about users, store cookies, integrate tracking technologies and monitor user interaction with the embedded content.

YouTube Embeds

Our website may include embedded videos from the video platform YouTube.

The service is operated by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

When you access a page that contains an embedded YouTube video, a connection to YouTube’s servers may be established. In the process, technical information such as your IP address and details about the page you visited may be transmitted to YouTube.

If you are logged into your YouTube or Google account, YouTube may associate your browsing behaviour directly with your user profile. You can prevent this by logging out of your YouTube or Google account before visiting our website.

The integration of YouTube content is intended to provide informative media content and is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Further information about YouTube’s data protection practices can be found at:
https://policies.google.com/privacy

LinkedIn Content Integration

Our website may display content from the social network LinkedIn through an embedded widget provided by SociableKIT.

LinkedIn is operated by:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland

The embedding of LinkedIn content is implemented using the service:

SociableKIT
https://www.sociablekit.com

When such content is loaded, your browser may establish a connection to external servers in order to retrieve the embedded content. In this process, technical data such as your IP address, browser information and the accessed page may be transmitted to the respective service provider.

If you are logged into LinkedIn while visiting our website, LinkedIn may associate your visit with your LinkedIn account.

The integration of LinkedIn content is carried out in order to present company updates and social media content and is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Further information about LinkedIn’s privacy practices can be found at:
https://www.linkedin.com/legal/privacy-policy

Contacting Us

If you contact us via email or through a contact form, the personal data you provide (such as name, email address or message content) will be processed solely for the purpose of handling your inquiry.

Processing is based on:

  • Art. 6(1)(a) GDPR where consent has been given
  • Art. 6(1)(b) GDPR where the request relates to contractual matters

The data will be deleted once the request has been fully processed unless statutory retention obligations apply.

Job Applications

Applicants may submit applications via our website or by email.

Personal data submitted as part of an application will be processed exclusively for the purpose of evaluating the application and determining whether an employment relationship should be established.

Processing is based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

If an employment relationship is established, the data may be further processed for employment-related purposes.

If no employment relationship is established, application data will generally be deleted within six months after completion of the recruitment process.

Data Sharing

Personal data will not be transferred to third parties unless:

  • you have explicitly consented
  • the transfer is necessary for contractual purposes
  • the transfer is required by law
  • the transfer is necessary to establish or defend legal claims

International Data Transfers

We generally process personal data within the European Union or the European Economic Area.

If service providers outside the EU or EEA are involved, appropriate safeguards such as EU Standard Contractual Clauses are implemented.

Data Security

We implement appropriate technical and organisational security measures to protect personal data from loss, destruction or unauthorized access.

Security measures are regularly reviewed and updated in line with technological developments.

Data Retention

Personal data is retained only as long as necessary to fulfill the purpose for which it was collected or as required by law.

Your Rights Under the GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent at any time (Art. 7 GDPR)

You also have the right to lodge a complaint with a supervisory authority.

Right to Object

If personal data is processed based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing under Art. 21 GDPR.

Automated Spam Detection

Visitor comments may be checked through automated spam detection services.