Privacy Policy

Privacy Notice
In this privacy notice, we inform you about the processing of personal data on our website.

1. Controller and contact person for

The contact person and controller for the processing of your personal data when you use our website within the meaning of the General Data Protection Regulation (GDPR) is:

aryve technologies GmbH
Richardstraße 85
12043 Berlin
Germany

Email: dataprotection@aryve.com

2. Data Processing on our Website

2.1 Accessing our website / connection data
Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data includes the so-called HTTP header information, including the user agent, and in particular contains:
• IP address of the requesting device;
• Method (e.g. GET, POST), date and time of the request;
• Address of the requested website and path of the requested file;
• If applicable, the previously accessed website/file (HTTP referrer);
• Information about the browser and operating system used;
• Version of the HTTP protocol, HTTP status code, size of the delivered file;
• Request information such as language, type of content, content encoding, character sets;
• Cookies from the accessed domain stored on the end device.

The processing of this connection data is necessary to enable visits to the website, to ensure the long-term functionality and security of our systems, and to maintain our website in general for administrative purposes at . The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the minimum necessary, in order to find the cause of and take action against repeated or criminal access attempts that jeopardise the stability and security of our website.
The legal basis for this processing is Art. 6(1)(b) GDPR, provided that the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6(1)(f) GDPR on the basis of our legitimate interest in enabling website access and ensuring the long-term functionality and security of our systems.

2.2 Contact
You have the option of contacting us via the contact form. In this context, we process your data exclusively for the purpose of communicating with you.
The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as your details are required to respond to your enquiry or to initiate or execute a contract, and otherwise Art. 6(1)(f) GDPR on the basis of our legitimate interest in you contacting us and us being able to respond to your enquiry. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. In these cases, the legal basis is Art. 6 (1) (a) GDPR in conjunction with Section 7 (2) No. 1 or 2 UWG (German Unfair Competition Act).

2.3 Newsletter subscription
When you subscribe to our newsletter, we store your email address, the time of registration and the IP address used for registration for the duration of the subscription and then archive them for a limited period after you unsubscribe or revoke your consent. The sole purpose of storage is to send you the newsletter and to be able to prove your registration.
The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future by unsubscribing from the newsletter. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details provided above or in the newsletter (e.g. by email or letter) is of course also sufficient for this purpose.

2.4 Use of tools on the website
This website uses various services and applications (collectively referred to as "tools") that are provided either by us or by third parties. These include, in particular, tools that use technologies to store or access information on the end device:
• Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.
• Web storage (local storage/session storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of local storage with time entry). Information in local and session storage can also be removed manually.
• JavaScript: programming codes (scripts) embedded in or called up by the website, which, for example, set cookies and web storage or actively collect information from the end device or about the usage behaviour of visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but most services will then no longer function.
• Pixels: Tiny graphics automatically loaded by a service that can enable visitors to be recognised by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address accessed and time of access) and, for example, determine when an email is opened or a website is visited. Pixels can be used for "passive fingerprinting" and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, but this severely restricts the display.
With the help of these technologies, is possible to create so-called "fingerprints", i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints based on the connection establishment cannot be completely prevented manually.
Most browsers are set by default to accept cookies, execute scripts and display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services will probably not work or will not work properly.
We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 (1) lit. b GDPR. In these cases, access to and storage of information on the end device is necessary and is carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25(2) TDDDG.
We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. Access to and storage of information on the end device is then carried out on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG. Data processing using these tools only takes place if we have obtained your prior consent.

2.4.1 Cloudflare
We use the content delivery network of the provider Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107 USA ("Cloudflare") on this website to make our website faster and more secure.
Cloudflare offers a globally distributed content delivery network that creates copies of our website and stores them on Cloudflare's servers. This ensures that when you visit our website, the content is delivered from the server that can display our website to you the fastest. Cloudflare also blocks threats and limits abusive bots and crawlers that would slow down the website or attack our systems. To use the content delivery network, data traffic between your browser and our website flows through Cloudflare's infrastructure.
When using the Content Delivery Network, Cloudflare receives information about IP addresses and connection log data (such as the HTTP header with user agent information). The IP addresses are merely pseudonymized data that could, at best, theoretically be assigned to a natural person, but not without considerable effort and expense. Data processing and storage generally takes place in the European Union.
For security reasons, Cloudflare also uses a strictly necessary cookie:
• "__cf_bm" (30 minutes): security cookie, detection of bots and defense against cyber attacks;
• "_cfuvid" (session): Detection and management of incoming connections to implement Cloudflare's policies for reducing traffic and preventing abuse.
For more information about the cookies stored by Cloudflare, please visit: https://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/ .
As a rule, Cloudflare stores your data for up to seven days. However, if your IP address triggers a security warning at Cloudflare, there may be exceptions to the storage period specified above.
The legal basis is Art. 6 (1) lit. f GDPR, whereby our legitimate interest lies in ensuring the security and rapid accessibility of our website.
We have concluded a data processing agreement with Cloudflare. Your personal data may also be transferred by Cloudflare to the United States and processed there. Cloudflare has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the United States in accordance with Art. 45 GDPR.

2.4.2 HubSpot
Our website uses services provided by HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("HubSpot").
The following cookies are also set by HubSpot for usage analysis:
• "_hstc" (180 days): Tracking cookie with information about user identification, timestamp of the first, last and current session, and number of sessions;
• "_hssc" (30 minutes): tracking cookie for tracking sessions;
• "_hssrc" (session): Tracking cookie to detect a browser restart;
• "hubspotutk" (180 days): recognition of visitors.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TDDDG.
We have concluded a data processing agreement with HubSpot. Your personal data may also be transferred by HubSpot Ireland Limited to HubSpot Inc Two Canal Park, Cambridge, MA 02141 in the USA. HubSpot Inc. has joined the EU-US Data Privacy Framework , which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
For further information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy .

2.4.5 Vimeo videos
We have embedded videos on our website that are stored on the Vimeo video platform and can be played from our websites. Vimeo is a multimedia service provided by Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, USA ("Vimeo").
When you visit our websites, Vimeo receives information that you have accessed the corresponding subpage. This can happen regardless of whether you are logged in to Vimeo or not.
The legal basis for this data processing is your consent in accordance with Art. 6(1)(a) GDPR. Access to and storage of information on the end device is then based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25(1) TDDDG.
Your personal data may also be transferred by Vimeo to the USA and processed there. Vimeo has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA.
Further information can be found in Vimeo's privacy policy: https://vimeo.com/privacy .

3. Recipients of data
The data collected by us will only be forwarded on if there is a lawful basis for this under data protection law in the specific case, in particular if:
• you have given your consent (Art. 6 (1)(a) GDPR), or
• this is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 (1)(b) GDPR), or
• we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement (Art. 6 (1)(c) GDPR), or
the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest which requires protection in not disclosing your data (Art. 6 (1)(f) GDPR).

4 . Transfer to third countries
We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.
If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this decision. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.
If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR).
Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

5. Storage period
In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims (e.g. three years), due to statutory retention obligations (e.g. two to ten years) or there is another lawful basis under data protection law for the continued processing of your data in the specific individual case.

6. Data subject rights, including the right to object
Your rights have been stipulated in Art. 7 (3), Art. 15 - 22 GDPR and you can exercise them at any time if the respective legal requirements are met:
• Right to withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR);
• Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes (Art. 21 GDPR);
• Right to obtain information about your personal data processed by us (Art. 15 GDPR);
• Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);
• Right to erase your personal data (Art. 17 GDPR);
• Right to restrict processing of your personal data (Art. 18 GDPR);
• Right to receive your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR);
• Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).
You can easily exercise your right to withdraw your consent to the use of the tool in our consent banner.
To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your request.
Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. In London, where we are based, the competent supervisory authority is: Information Commissioner's Office, 10 Downing Street, London SW1Y 5AA.

7. Automated decision-making
We do not carry out automated decision-making, including profiling under Art. 22 GDPR, which produces legal effects or similarly significantly affects you.

8. Access and Storage of Information on the Device
We only access or store information on your device if this is strictly necessary to provide your requested services, i.e. for the main functions of our services, or if you have given your prior consent, i.e. for optional services, in accordance with the implementing laws of Art. 5 (3) of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG.

Version 1.0/ September 2025

Interested? Contact us!