Privacy Policy
Information on the processing of your data according to Art. 13 GDPR
Last updated: January 2026
Data Controller
Responsible for data processing on this website:
20Seven Ventures UG (haftungsbeschränkt)
Holzbauerstr. 2
86911 Dießen am Ammersee, Germany
E-Mail: contact@borealyn.com
General Information
The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Server Logs & Hosting
Hosting Provider:
Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723, USA
Type and scope of processing:
When you visit this website, technical information is automatically stored in server log files by the hosting provider:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system
Purpose of processing:
Processing is carried out for the technical provision of the website, to ensure system security, and to optimize the website.
Legal basis:
Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the proper functioning and security of our website.
Storage duration:
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is usually the case after 7 to 30 days.
Third country transfer:
Vercel operates servers worldwide, including in the USA. Data transfer to the USA is based on the EU-US Data Privacy Framework, for which the European Commission has issued an adequacy decision (Art. 45 GDPR). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Vercel.
Web Analytics (Umami)
This website uses Umami, a privacy-friendly, cookie-free open-source web analytics software. Umami does not set cookies and does not store personal data.
Data collected:
Umami only collects anonymous, aggregated usage data such as page views, time spent, and referrer. It is not possible to identify individual visitors.
Cookies & Tracking:
Umami is completely cookie-free and GDPR compliant. No cookies are set and no fingerprinting is performed.
Hosting:
Umami is self-hosted by us on servers of Railway Inc. in the European Union. Railway is a US company certified under the EU-US Data Privacy Framework. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Railway. No data is transferred to third parties.
Legal basis:
Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in analyzing and optimizing our website. Since Umami does not collect personal data and does not set cookies, no consent is required.
Contact by Email
If you contact us by email, the data you provide (your email address, possibly your name, and other information you provide) will be stored by us to process your inquiry.
Purpose:
Processing your inquiry and communicating with you.
Legal basis:
Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to your inquiry) or Art. 6 para. 1 lit. b GDPR if your inquiry is aimed at concluding a contract.
Storage duration:
The data is deleted as soon as the processing of your inquiry is completed and no legal retention obligations exist.
Contact Form & Lead Management
If you contact us via a contact form on this website, your data will be processed for lead management and customer service.
Data collected:
Name, email address, phone number (optional), company (optional), message, and timestamp of the inquiry.
Purpose of processing:
Lead management, customer service, processing inquiries, and, if applicable, contract initiation.
Legal basis:
Art. 6 para. 1 lit. b GDPR (contract initiation) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing your inquiry and customer care).
System used:
The transmitted data is stored in our self-hosted Odoo CRM system to process your inquiry and manage customer contacts.
Hosting location:
Odoo is hosted on our own servers at Hetzner Online GmbH in Germany. No data is transferred outside the European Union.
Storage duration:
Lead data is stored as long as it is required for processing your inquiry or for a potential business relationship. After completion of correspondence, the data is deleted unless legal retention obligations (e.g., commercial or tax law) exist. These are usually 6 to 10 years.
Data processing agreement:
A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner Online GmbH, ensuring compliance with European data protection standards.
Support & Live Chat
If you use our live chat or submit a support request through our ticket system, your data will be processed to handle your concern.
Data collected:
Name, email address, subject, message, chat history, timestamp, and, if applicable, ticket number.
Purpose of processing:
Processing your support or chat request, tracking the matter, and communicating with you.
Legal basis:
Art. 6 para. 1 lit. b GDPR (contract fulfillment) or Art. 6 para. 1 lit. f GDPR (legitimate interest in processing your inquiry).
System used:
Zammad – a self-hosted open-source system for support tickets and live chat.
Hosting location:
Zammad is hosted on our own servers at Hetzner Online GmbH in Germany. No data is transferred outside the European Union.
Storage duration:
Support tickets are retained for an appropriate period after the matter is closed to be available for follow-up questions. Deletion occurs as soon as no retention obligations exist.
Your Rights as a Data Subject
You have the following rights regarding your personal data:
Right to Access (Art. 15 GDPR)
You have the right to obtain information about your personal data processed by us.
Right to Rectification (Art. 16 GDPR)
You have the right to request immediate rectification of inaccurate data or completion of your stored data.
Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of your data stored by us, unless processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing of your personal data if the accuracy of the data is disputed, the processing is unlawful, we no longer need the data, or you have objected.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your data that you have provided to us in a structured, commonly used, and machine-readable format or to request transfer to another controller.
Right to Withdraw Consent (Art. 7 para. 3 GDPR)
If processing is based on your consent, you have the right to withdraw this consent at any time. The lawfulness of processing carried out on the basis of consent until withdrawal is not affected.
Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement.
Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. f GDPR (data processing based on a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
Contact for objection: contact@borealyn.com
Competent Supervisory Authority
The data protection supervisory authority responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Data Protection Officer
The appointment of a data protection officer is not legally required for our company. For questions about data protection, please contact: contact@borealyn.com
Automated Decision-Making
No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.
Changes to this Privacy Policy
We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.