Privacy Policy for Customers

The data protection notice for customers contains the necessary information regarding the collection of personal data in accordance with Art. 13 GDPR. Below, we would like to inform you which personal data we process from you in connection with the contract concluded with you, what rights you have in this regard, and how you can contact us.

I. Data Controller

The controller within the meaning of the GDPR is:

Genow GmbH, Grafenstraße 19, 64283 Darmstadt, Germany, Tel.: +49 (0) 6151 3942692, E-mail: hey@genow.ai

Genow GmbH is registered in the commercial register under HRB 105742 (Darmstadt District Court). The management consists of Dr. Timo Koppe, Adrian Glauben, and Dr. Sara Jourdan.

Contact for data protection inquiries:

E-mail: privacy@genow.ai

External Data Protection Officer:

DataCo GmbH, Sandstr. 33, 80335 Munich, Germany, Tel.: +49 (0) 89 452459 900, E-mail: datenschutz@dataguard.de

II. Type of Data and Purpose of Data Processing

We generally process your data only for the purposes for which we received or collected it. Processing for other purposes only takes place in compliance with the legal requirements pursuant to Art. 6 (4) GDPR.

1. Data Processing for the Performance of a Contract (Art. 6 (1) (b) GDPR)

The following stored data primarily serves to fulfill the contract or license agreement concluded with you regarding the use of an offered product or service, including payment processing and delivery.

  • Name, address and contact details
  • Order data (e.g. products, services, software usage)
  • Invoice data/order data (e.g. invoice number, item, article, name, address)
  • Data for payment processing (e.g. credit card details, bank account details, payment date, reminders)
  • Documents (e.g. correspondence, appointment scheduling)
  • Cost estimates and offers
  • Customer contact person (e.g., name, contact details, status)
  • Project data (e.g., customer requirements, responsibilities)
  • Ticket data (e.g. errors and events that occurred, measures taken, responsibilities, contact details)
  • Data on complaints and their outcomes
  • User data during software use (e.g., username, password, access log data)
  • Contract data (e.g. license agreements or data processing agreements)
  • Calendar and appointment data
  • Remote maintenance data (e.g. session ID, date and time of remote maintenance, duration, computer name)

2. Data Processing for the Fulfillment of a Legal Obligation (Art. 6 (1) (c) GDPR)

We also store much of the data listed above in order to comply with legal obligations, e.g., accounting obligations.

This includes invoice data, delivery data, and payment processing data.

You are not obligated to provide the aforementioned personal data. However, the data you provide may be necessary for establishing and executing a contractual relationship and fulfilling the associated contractual obligations. Without providing this data, we may not be able to communicate with you or conclude or execute the contract.


3. Data Processing Based on a Legitimate Interest (Art. 6 (1) (f) GDPR)

In connection with the use of our software, user metadata is processed.

  • Date and time the software was retrieved
  • IP address of the requesting computer
  • Hostname of the accessing computer
  • Transferred data volumes
  • Notification of whether the retrieval was successful
  • Information about the browser type and the operating system version used.


III. Storage Duration

The data you provide will only be stored for as long as necessary for the respective purpose of data processing. This includes storing data due to legally mandated retention obligations under Secs. 146 et seqq. AO, Sec. 257 HGB and Sec. 74 (4) BDSG, as well as deleting the data after the statutory retention periods have expired and warranty claims have expired.


IV. Legal Basis for Data Processing

The data is processed on the basis of the following legal grounds:

  • For the purposes of processing orders and handling complaints and warranty claims: Art. 6 (1) (b) GDPR
  • Compliance with statutory retention periods: Art. 6 (1) (c) GDPR
  • Use of data for postal advertising: Art. 6 (1) (f) GDPR


V. Categories of Recipients

The above-mentioned data will be passed on to the following recipients for the stated purposes.


1. Data Transmission for Billing Purposes

We may transfer your data to the following recipients. This is for the purpose of processing payments:

  • Financial institutions
  • Tax office

2. Data Transmission for the Use of our Software and Data Storage

For the use of our software and for data storage, we transmit data to the following recipients:

  • Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland
  • Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland
  • Brave Software, Inc., 580 Howard St. Unit 402, San Francisco, CA 94105, USA
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA
  • Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany


VI. Transfer to Third Countries

Your personal data is generally processed by us in data centers within the European Union.

If you contact us by email or use our software, your personal data will be processed by Google, Google Cloud, and Brave Software. Since these companies may also store data on servers distributed worldwide, data may be transferred to third countries (especially the USA). To ensure an adequate level of protection, the necessary level of data protection for these providers is legally secured through the conclusion of EU Standard Contractual Clauses.

Furthermore, we use the HubSpot system to manage our customer relationships. As part of this, customer data, in particular communication history, is stored on HubSpot 's servers. The necessary level of data protection for this processing has also been legally secured through the conclusion of EU Standard Contractual Clauses.


VII. Rights of Those Affected

As a data subject, you have the following rights under the GDPR:

  • Information, rectification, erasure (Art. 15, 16, 17)
  • Restriction of processing (Art. 18) and data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Withdrawal of consent (Art. 7 (3))


VIII. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 (1) GDPR. This includes the data protection supervisory authority responsible for the controller: Hessian Commissioner for Data Protection and Freedom of Information (HBDI) (+49 (0) 611 14080; poststelle@datenschutz.hessen.de).


IX. Existence of Automated Decision-Making

Automated decision-making pursuant to Art. 22 (1), (4) GDPR – including profiling – does not take place.

X. Governing Language

In the event of any discrepancies between the German version of this privacy policy for customers and any translation thereof, the German version shall prevail.