Privacy

Privacy

Last updated: March 30, 2026

1. Data controller

KnowFab GmbH i.G.

Neumarkt 31, 04109 Leipzig

E-Mail: tom.suesskind@knowfab.ai

2. Purposes and legal bases

  • Provision of the website, technical delivery, form security, and abuse prevention based on Art. 6(1)(f) GDPR.
  • Handling contact requests based on Art. 6(1)(b) GDPR for pre-contractual matters and otherwise Art. 6(1)(f) GDPR.
  • Newsletter delivery including double opt-in and unsubscribe management based on Art. 6(1)(a) GDPR.
  • Use of external services and links, especially Google Maps, LinkedIn, and XING, based on Art. 6(1)(f) GDPR.

3. Hosting and server log files

Our website is hosted by STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. According to STRATO, the hosting services are operated in German data centers.

When you access the website, STRATO processes technical access data such as IP address, date and time of access, requested file, referrer, browser type, and HTTP status. This processing serves stability, security, and troubleshooting. The place of processing is Germany. STRATO provides log files for the last 6 weeks.

4. Contact form and email

If you use our contact form or contact us by email, we process your name, company, email address, and the content of your message in order to handle your request. For form submissions, we additionally process the IP address, the submission timestamp, and the language selection in order to ensure delivery, IT security, and abuse prevention. The entries are processed server-side, stored in a protected location, and sent via Brevo for delivery of the request. Your email address is also stored in Brevo as a contact with list assignment.

We generally retain contact requests locally for up to 12 months after receipt. This also includes the IP address and timestamps recorded as part of the request. Short-lived rate-limit data for abuse prevention is regularly cleared after no later than 10 minutes. Where statutory retention periods apply, we keep the relevant content until those periods expire. In Brevo, contact and delivery data including delivery logs may additionally be retained as long as required for delivery, handling, tracking delivery events, and meeting legal accountability obligations.

5. Newsletter

For our newsletter, we process your email address, your consent, the signup time, your language preference, the signup source, and technically required confirmation and unsubscribe tokens in hashed form. Signup follows a double opt-in process. The subscription becomes active only after confirmation via the link sent by email. Active recipients are managed in Brevo as our delivery service provider; confirmation emails and the monthly newsletter are sent via Brevo.

For abuse prevention, we additionally process the IP address for newsletter signups in short-lived rate-limit data that is regularly cleared after no later than 10 minutes. We delete unconfirmed newsletter signups after 30 days. Active subscriptions are stored until you unsubscribe. After an unsubscribe, we generally retain proof of consent and unsubscribe for up to 3 years in order to meet our legal accountability obligations. In Brevo, recipient, list, and suppression information may remain stored until deleted by us or until the purpose no longer applies.

6. Email delivery via Brevo

We use Brevo (Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France) as our technical email delivery provider for contact notifications, double opt-in emails, and the monthly newsletter. According to Brevo's current GDPR information, the hosting servers used for processing and databases are located exclusively within the European Union. Brevo names OVH in France and Germany as its primary hosting provider and Google Cloud in Belgium for cloud storage and backups.

Brevo is used only on the basis of a data processing agreement. Within Brevo, in particular the email address, list assignment, delivery status, delivery timestamps, and the contents of sent transactional emails are processed. For contact requests, this regularly also includes the name, company, message, and the IP address collected in the form because this information is contained in the notification email. In addition, depending on the enabled tracking settings, Brevo may log delivery and interaction events such as deliveries, opens, clicks, bounces, and unsubscribes. After an unsubscribe, suppression or blacklist information may remain stored in order to prevent future mailings.

7. External content and links

Our company page embeds a Google Maps map. Loading the map may transmit personal data, in particular your IP address and technical connection data, to Google. We also link to external platforms such as LinkedIn and XING. Data is transferred to those providers only when you actively use the respective embed or link.

Please note that some providers may process data outside the EU or EEA. The relevant provider privacy notices apply.

8. Cookies and tracking

We currently do not use our own analytics or marketing tools. However, technically required cookies or similar technologies may be used by embedded third-party providers when their content is loaded.

9. Recipients

Recipients of personal data may in particular include STRATO as hosting provider, Brevo including any sub-processors used according to Brevo's current documentation as technical provider for email delivery and contact management, and external platforms when you actively use their content or links.

10. Your rights

  • Access to stored personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure or restriction of processing (Art. 17 and 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Withdrawal of consent with future effect (Art. 7(3) GDPR)

11. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.