Privacy Policy

This Privacy Policy explains how we process personal data when you visit our website qa365.ai, contact us, or use our services. It applies to visitors from the European Union (EU) and worldwide.

We take the protection of your personal data very seriously and process it in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Telemedia Data Protection Act (TTDSG).

1. Controller

The controller responsible for data processing on this website within the meaning of the GDPR is:

Marces Engel
Zur Fierwand 34
31840 Hessisch Oldendorf
Germany

Email: hello@qa365.ai
Phone: +49 176 64044273

2. Data Protection Contact

You can contact us with any questions regarding data protection at: hello@qa365.ai.

3. Categories of Data and Purposes of Processing

We process personal data that you provide to us or that is generated when you use our website. This includes in particular:

• Server log data (IP address, timestamp, requested URL, referrer, browser data);
• Technical usage data (pages visited, clicks, scrolls, session duration, approximate region);
• Cookie and consent information (your selections in the cookie banner);
• Contact data you provide voluntarily (name, email, phone, message text).

We use this data to operate the website, ensure IT security, analyse usage (with consent), and respond to inquiries.

For detailed information on the specific cookies and similar technologies used on this website, including their providers, purposes and durations, please refer to our separate Cookie Policy.

4. Legal Bases

• Art. 6(1)(b) GDPR – contract performance or pre-contractual steps;
• Art. 6(1)(c) GDPR – compliance with legal obligations;
• Art. 6(1)(f) GDPR – legitimate interests (secure, reliable website);
• Art. 6(1)(a) GDPR – consent for analytics, marketing, and tracking.

5. Hosting via Amazon Web Services (AWS)

Our website is hosted and delivered using Amazon Web Services (AWS), including Amazon S3, CloudFront and Route53. AWS may route traffic through global edge locations.

5.1 Purpose & Data

When accessing our website, AWS processes your IP address and technical connection data in log files to deliver content securely and efficiently.

5.2 Legal Basis

Legitimate interest (Art. 6(1)(f) GDPR).

5.3 Transfers

Data may be transferred to the USA. AWS participates in the EU–U.S. Data Privacy Framework and uses Standard Contractual Clauses where required.

5.4 More Information

• AWS Privacy
• AWS GDPR Center

6. Google Analytics (GA4) – With Consent Mode

We use Google Analytics 4 provided by Google Ireland Ltd. Google Analytics helps us analyse how visitors use our website.

6.1 Script Loading & Consent Mode

The Google Analytics script is loaded when you visit the site. However, through Google Consent Mode, the script remains in a restricted, privacy-preserving mode until you provide consent for analytics.

Before you give consent:

• no analytics cookies are set,
• no identifiers are stored,
• no analytics events or personal data are sent to Google,
• Google Analytics operates with limited functionality that does not permit user profiling.

After consent, Google Analytics activates full measurement functionality.

6.2 Data Processed After Consent

Once consent is given, Google may process event data such as page views, interactions, device information and approximate region.

6.3 IP Handling

GA4 does not store or log IP addresses. Geolocation is derived on-the-fly without IP retention.

6.4 Legal Basis

Consent (Art. 6(1)(a) GDPR, Sec. 25 TTDSG).

6.5 Transfers

Google LLC (USA) may process data. Google participates in the EU–U.S. Data Privacy Framework and uses SCCs when necessary.

6.6 Opt-Out

You may withdraw consent at any time via Cookie Settings.

6.7 Further information

• Google Privacy Policy
• [GA4] EU-focused data and privacy (Analytics Help)
• Privacy disclosures policy for Google Analytics

7. Google Ads (Conversion Tracking & Remarketing) – With Consent Mode

We use Google Ads to measure campaign success and deliver advertising.

7.1 Script Loading & Consent Mode

Google Ads scripts load on the website, but through Consent Mode they do not transmit conversion data, remarketing signals, or advertising identifiers until you consent to marketing cookies and personalised advertising.

Before consent:

• no advertising cookies are set,
• no personalised ads signals are sent,
• tags operate in a non-identifying, limited mode.

After consent:

• conversion tracking becomes active,
• remarketing data may be transmitted,
• Google may link interactions to advertising segments.

7.2 Legal Basis

Consent (Art. 6(1)(a) GDPR; Sec. 25 TTDSG).

7.3 Transfers

Google LLC (USA) participates in the EU–U.S. Data Privacy Framework.

7.4 Further Information

Google Ads Technology

8. Microsoft Clarity – With Consent Mode

We use Microsoft Clarity to analyse website usage (heatmaps, session replays, interactions).

8.1 Script Loading & Consent Mode

The Clarity script loads on the website at page load. However, Clarity supports a Consent Mode in which tracking depends entirely on your consent choice.

Before consent:

• Clarity does not send behavioural or session data,
• no cookies or identifiers are set,
• each page load is treated as an isolated non-tracking event,
• no session replay or heatmap data is collected.

After consent:

• session replay and heatmap data may be collected,
• Clarity may set cookies to distinguish repeat visits,
• interaction and device data may be transmitted to Microsoft.

8.2 Independent Processing by Microsoft

Microsoft may use aggregated or pseudonymised Clarity data for its own purposes (e.g., advertising safety, fraud detection), acting as an independent controller. Details: Microsoft Privacy Statement.

8.3 Legal Basis

Consent (Art. 6(1)(a) GDPR; Sec. 25 TTDSG).

8.4 Transfers

Microsoft may process data in the USA and participates in the EU–U.S. Data Privacy Framework.

8.5 Further Information

Clarity Consent Mode

9. Cookie Consent Management (CookieYes)

We use CookieYes as our consent-management platform (CMP). CookieYes shows the cookie banner, stores your selections, and ensures that your consent preferences are passed to the scripts we use (e.g. Google Analytics, Google Ads, Microsoft Clarity).

9.1 How CookieYes Works

CookieYes does not block or control third-party scripts by itself. Instead, CookieYes provides consent signals which our website and the third-party tools interpret in real time.

This ensures that third-party scripts may load technically, but they do not transmit personal data or set non-essential cookies until you have given the corresponding consent.

9.2 Data Processed by CookieYes

• your consent selections (e.g. analytics, marketing),
• timestamp of consent,
• an anonymised consent ID,
• browser/device metadata.

9.3 Legal Basis

CookieYes is used to fulfil our legal obligation to obtain and document consent (Art. 6(1)(c) GDPR; Sec. 25 TTDSG) and for our legitimate interest in transparent consent management (Art. 6(1)(f) GDPR).

9.4 Further Information

CookieYes Website

9.5 Your choices

You can adjust or withdraw your consent at any time by using the “Cookie Settings” link in the footer of our website or by clicking the following link: Cookie Settings.

When you withdraw consent, the affected services (e.g. Google Analytics, Google Ads, Microsoft Clarity) switch to a consent-denied mode in which no non-essential cookies are set and no personal data is transmitted.

9.7 Cookie Policy

A comprehensive list of all cookies and similar technologies used on this website—including providers, purposes, categories and retention periods—is available in our Cookie Policy. This information is automatically maintained by our consent-management platform (CookieYes) to ensure accuracy and transparency.

10. Contacting Us & Google Workspace

When you contact us (e.g., via email), your message and the personal data it contains are processed to handle your inquiry.

10.1 Email Processing via Google Workspace

We use Google Workspace (Gmail) to receive and store email inquiries. Google acts as our processor under a Data Processing Addendum aligned with Art. 28 GDPR.

10.2 Transfers

Emails may be processed on servers outside the EU, including the USA. Google participates in the EU–U.S. Data Privacy Framework and uses SCCs.

10.3 Retention

We keep correspondence for the duration necessary to process your inquiry and meet legal retention obligations.

11. Recipients

Personal data is transferred only to processors (e.g. hosting, analytics, email, advertising) or where legally required.

12. Retention

Data is stored only as long as necessary or legally required, then deleted or anonymised.

13. Your Rights

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint (Art. 77 GDPR)

14. Supervisory Authority

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5, 30159 Hannover, Germany lfd.niedersachsen.de

15. Security

We maintain appropriate technical and organisational security measures.

16. Changes

We may update this policy to reflect legal or technological changes. The current version is always available on this website.

Last updated: 21. November 2025