Privacy Terms

1. Controller

The controller responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is:

Convaise UG (haftungsbeschränkt) Minervaweg 4 85586 Poing

Email: kontakt@convaise.com

2. Data Protection Officer

You can reach our data protection officer at: datenschutz@convaise.com

3. Collection of General Data and Information

Our agents collect a range of general data and information with each access. This general data and information is stored in the server's log files. The following may be collected:

• browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system reaches our agents (so-called referrers),
• the date and time of access,
• an Internet Protocol address (IP address),
• the Internet service provider of the accessing system.

When using this general data and information, we do not draw conclusions about the data subject. Rather, this information is needed to correctly deliver the content of our agents, to ensure the permanent functionality of our information technology systems, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This anonymously collected data and information is evaluated statistically and with the aim of increasing data protection and data security. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

4. Reach Measurement

We use Plausible Analytics for our agents, a web analytics service from Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. Plausible Analytics collects the following data:

• Pages visited
• Time spent
• Referring source (referrer)
• Browser and operating system used

Plausible Analytics does not store personal data and does not use cookies.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in statistical analysis of user behavior for optimization purposes).

Hosting: The data is hosted exclusively in Germany and the European Union. No data transfer to third countries takes place.

More information about data processing by Plausible Analytics can be found at https://plausible.io/data-policy

A data processing agreement has been concluded with Plausible Insights OÜ.

5. Type and Purpose of Processing

In the context of using our agents, personal data is processed to provide the functionality of the agents. This includes in particular:

• Recording user inputs for processing inquiries
• Storage and forwarding of inputs to client interfaces
• Transmission to third-party systems, if required for order processing
• Creation and processing of documents based on user inputs
• Upload and analysis of documents provided by the user

If documents are created during use, they are provided via a protected, personalized download link with time-limited access.

Inquiries made during use are automatically analyzed to generate appropriate responses. The generated responses are stored for quality assurance. We recommend not entering personal data in inquiries unless it is necessary for processing the inquiry.

For processing, our own AI models as well as large language models (LLMs) are used. Processing is largely stateless - the model operators do not permanently store the inputs. The data is not used for training LLMs.

Data processing takes place exclusively in Germany and the European Union.

6. Storage Duration

Data collected during the use of our agents is stored as follows:

• Generated documents: Deletion after 24 hours, unless otherwise specified for the specific agent
• Uploaded documents: Deletion after 24 hours after processing
• User inquiries and responses: Deletion after termination of agent operation
• LLM-processed content: Storage for up to 30 days by model operators for abuse evaluation

Agent-specific deviations are explained in the respective agent-specific privacy notices.

7. Legal Basis

The processing of your personal data is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Consent is expressly obtained before using the agent and can be revoked at any time. Revocation does not affect the lawfulness of processing carried out until that point. Without consent, individual functions may be restricted.

8. Recipients of Personal Data

For the technical provision of our agents, we use the following processors:

• Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
• Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany

The data never leaves the European Union. Data processing agreements have been concluded with all processors.

In addition, the data may be transmitted to the respective client of the agent as well as to their contractors (e.g. IT service providers, specialized application operators) as joint controllers or independent controllers within the meaning of Art. 4 No. 7 GDPR.

Agent-specific recipients are explained in the respective agent-specific privacy notices.

1. Right of Access

Pursuant to Art. 15 EU-GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed. If such processing takes place, you have the right to information about the processing purposes, the categories of data processed, the recipients and the planned storage period.

2. Right to Rectification

Pursuant to Art. 16 EU-GDPR, you have the right to request the immediate rectification of inaccurate personal data as well as the completion of incomplete personal data.

3. Right to Erasure

Pursuant to Art. 17 EU-GDPR, you have the right to request the immediate erasure of personal data concerning you, provided the data is no longer necessary for the purposes for which it was collected.

4. Right to Restriction of Processing

Pursuant to Art. 18 EU-GDPR, you have the right to request the restriction of processing, e.g. if you dispute the accuracy of the data.

5. Right to Data Portability

Pursuant to Art. 20 EU-GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, provided the processing is based on consent or a contract.

6. Right to Object

Pursuant to Art. 21 EU-GDPR, you have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 Para. 1 lit. e) or f). You may object to direct marketing at any time. You may exercise your objection by informal declaration or by email.

7. Right to Withdraw Consent

Pursuant to Art. 7 Para. 3 EU-GDPR, you have the right to withdraw your consent at any time. The lawfulness of processing carried out on the basis of consent until the withdrawal is not affected. You may exercise the withdrawal by informal declaration or by email. Cookie preferences can be revoked at any time via the cookie banner.

8. Right to Complain to the Supervisory Authority

Pursuant to Art. 77 EU-GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is:

Bavarian State Office for Data Protection Supervision Promenade 18 91522 Ansbach Tel.: +49 (0)981 180093-0