S
I
Q
Company

Privacy Policy

This website and its associated services are operated by Three Towers UG (haftungsbeschränkt) ('Three Towers', 'we', 'us', or 'our'). The protection of your personal data is a matter of great importance to us. This Privacy Policy explains what personal data we collect, how we process it, and for what purposes.

1. Controller and Contact Information

Controller for data processing within the meaning of the GDPR:
Three Towers UG (limited liability)
Kirchberg 17
85283 Geroldshausen
Germany
Email: mail@siq.company

We have not appointed a data protection officer, as the legal requirements for this are not met. If you have any questions about data protection, you can contact us directly.

2. Processing of Personal Data

2.1 Provision of the Website and Server Log Files

Each time you access our website and our application, technically necessary data is collected by our hosting service provider and stored in server log files.

Data processed: IP address, date and time of access, browser type and version, operating system, referrer URL.

Purpose: Ensuring a stable and secure operation of our online services.

Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR) in the secure and functional provision of our services.

Hosting service providers:

  • Backend & Database: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Data processing takes place exclusively in data centers in Germany.
  • Frontend: Google Cloud Run, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of Google Cloud Run may result in the transfer of data (e.g., IP addresses) to the USA.

Basis for processing: We have concluded data processing agreements (DPA) with both providers in accordance with Art. 28 GDPR. For data transfers to the USA in the context of Google Cloud, we rely on the EU Commission's adequacy decision for the EU-U.S. Data Privacy Framework (DPF), under which Google is certified.

2.2 Contact via Email

If you contact us by email, the data you provide will be stored by us to process your request and for any follow-up questions.

Data processed: Email address, time of contact, and any other data you provide in your message.

Purpose: Processing your request.

Legal basis: The processing is necessary for the performance of pre-contractual measures or for the fulfillment of a contract (Art. 6(1)(b) GDPR) or is based on our legitimate interest in responding to your inquiry (Art. 6(1)(f) GDPR).

2.3 Use of Our SaaS Application and Integrated AI Services

When you use our software, the data you enter is processed to provide the contractual services. This includes the transfer of data to specialized AI service providers whose APIs are integrated into our application.

Data processed: User and master data (name, email), contract data, and the content you enter into the application for processing (e.g., texts). Passwords are only stored in hashed form.

Purpose: Providing our contractually owed SaaS service, in particular the processing and enhancement of data by AI models.

Legal basis: The processing is necessary for the fulfillment of our contract with you (Art. 6(1)(b) GDPR).

Integrated API service providers:

  • OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA.
  • Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.
  • DeepL SE, Maarweg 165, 50825 Cologne, Germany.

Basis for processing: Corresponding data processing agreements have been concluded with these providers. Where data is transferred to the USA (OpenAI, Google), this is done on the basis of the EU-U.S. Data Privacy Framework (DPF) or through the conclusion of EU Commission Standard Contractual Clauses.

2.4 Cookies and Consent Management

We use cookies on our website. Cookies are small text files that are stored on your device. We distinguish between technically necessary cookies, which are essential for the basic functioning of the website, and optional cookies.

Technically necessary cookies: Used to ensure the basic functionality and security of our services (e.g., storing login information).

Optional cookies: Used for purposes such as analytics or marketing.

Legal basis: The use of technically necessary cookies is based on our legitimate interest (Art. 6(1)(f) GDPR). All optional cookies are only set after you have given your explicit consent (Art. 6(1)(a) GDPR).

Consent Management: To obtain and manage your consents, we use a consent management platform (cookie banner). There you will receive detailed information about each cookie, its provider, purpose, and storage duration, and you can adjust or revoke your choice at any time.

2.5 Web Analytics and Marketing Tools

We currently do not use any specialized services for analyzing user behavior (such as Google Analytics) or for retargeting marketing (such as Meta Pixel). Should this change, we will adapt this privacy policy and obtain your explicit consent.

3. Data Security

We take modern technical and organizational security measures in accordance with the GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. This includes, among other things, the use of SSL/TLS encryption for data transmission and the storage of passwords exclusively in hashed form.

4. Storage Duration

We store your personal data only as long as necessary to achieve the respective processing purposes or as required by statutory retention periods (e.g., from commercial or tax law). After the purpose has been fulfilled or the periods have expired, the data is routinely deleted.

5. Your Rights as a Data Subject

You have the right at any time to:

  • Access information about your data processed by us (Art. 15 GDPR).
  • Rectification of inaccurate data (Art. 16 GDPR).
  • Erasure of your data ('right to be forgotten') (Art. 17 GDPR).
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Object to the processing of your data (Art. 21 GDPR).
  • Withdraw a given consent with effect for the future (Art. 7(3) GDPR).
  • Lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

To exercise your rights, an informal notification to the contact details mentioned in section 1 is sufficient.

6. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.

*Only legally binding in German language