Privacy Policy

Privacy Policy

The protection of personal data and thus your privacy is of paramount importance to Splitbot GmbH. For Splitbot GmbH, it is a matter of course that all legal data protection regulations are complied with to ensure the greatest possible protection of your privacy. Below, we inform you about what data is involved, how it is processed, and what rights you have in this regard.

In the context of using our website www.splitbot.de, our social media channels, and our Kosmo app, your personal data is processed by us, Splitbot GmbH, as the data controller, and stored for the duration necessary to fulfill the stated purposes and legal obligations. Below, we inform you about what data is involved, how it is processed, and what rights you have in this regard.

According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data refers to all information relating to an identified or identifiable natural person. We generally collect and use your personal data only to the extent necessary for the provision of a functional application or for the initiation and discussion of a business relationship and termination of our cooperation, and where processing is legally permissible, i.e., it is purpose-bound and based on a legal basis.

  • General
  • Website
  • Social Media
  • Kosmo

General

Name and Contact Details of the Data Controller and the Data Protection Officer

This privacy information applies to data processing in the context of using the Kosmo App by the controller:

Splitbot GmbH

Managing Directors: Tadeusz Nikitin & Carolina Wehrmann

Seelandstr. 1 Building 6

23569 Lübeck

Phone: 0451- 599 8300

Email: hello@splitbot.de

You can reach our Data Protection Officer, André Vogel, at 0451- 599 8300 or at our postal address with the addition of ‘Data Protection Officer’.

Name and Contact Details of the Data Controller and the Data Protection Officer

You have the following rights with us regarding your personal data:

  1. Right of Access pursuant to Art. 15 GDPR: You can contact us if you would like to know what data we have stored about you. The exceptions to this right regulated in § 34 BDSG apply.
  2. Right to Rectification pursuant to Art. 16 GDPR: You have the right to have personal data corrected if the processed personal data is inaccurate or incomplete.
  3. Right to Erasure pursuant to Art. 17 GDPR: You have the right to have your personal data erased by us without undue delay. However, this is only possible if the collected data is no longer necessary, is processed unlawfully, or a corresponding consent has been withdrawn. The exceptions to this right regulated in § 35 BDSG apply.
  4. Right to Restriction of Processing pursuant to Art. 18 GDPR: You have the right to temporarily prevent further processing of your personal data. A restriction primarily occurs during the examination phase of other rights exercised by the data subject.
  5. Right to Data Portability pursuant to Art. 20 GDPR: You have the right to receive your personal data from us in a common, machine-readable format, to have it transmitted to another controller, if applicable. However, according to Art. 20 Para. 3 Sentence 2 GDPR, this right is not available if the data processing serves the performance of a task carried out in the public interest.
  6. Right to Object pursuant to Art. 21 GDPR: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. The controller shall no longer process the personal data concerning you unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  7. Right to Lodge a Complaint: You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The competent supervisory authority is the ULD, Holstenstraße 98, 24103 Kiel.

How Long Do We Store your Personal Data?

We store your personal data and user files that you upload only for as long as necessary to achieve the purpose for which they were collected or to comply with legal obligations. For this purpose, we apply criteria to determine the appropriate periods for storing your personal data depending on the processing purpose, e.g., account management, to facilitate customer relationship management, and to fulfill legal claims or requests from authorities.

Website

Collection of Personal Data

  1. When merely using the website for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
    • IP address
    • Date and time of request
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request (specific page)
    • Access status/HTTP status code
    • Amount of data transferred in each case
    • Website from which the request originates
    • Browser
    • Operating system and its interface
    • Language and version of the browser software
  2. In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offering more user-friendly and effective overall.
  3. Use of Cookies: This website uses the following types of cookies, the scope and functionality of which are explained below. You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.
    • Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the common session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
    • Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.

Social Media

This Privacy Policy applies to the following social media presences:

  • https://www.facebook.com/kontor.businessit.web
  • https://www.instagram.com/splitbot.de/
  • https://de.linkedin.com/company/splitbot
  • https://www.xing.com/pages/splitbot-gmbh

Collection of Personal Data via Social Media Channels

Social networks such as Facebook, Instagram, etc., can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Our social media presences are intended to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

  1. If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection occurs, for example, via cookies stored on your device or by collecting your IP address.
  2. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or have been logged in.
  3. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details on this, please refer to the terms of use and data protection regulations of the respective social media portals.

Controller and Assertion of Rights

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence over the data processing operations of the social media portals. Our possibilities are largely determined by the corporate policy of the respective provider. You can assert your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) in principle both against us and against the operator of the respective social media portal.

Data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply. Stored cookies remain on your device until you delete them. Mandatory legal provisions — especially retention periods — remain unaffected. We have no influence on the storage duration of your data that is stored by the operators of social networks for their own purposes. For details, please inform yourself directly with the operators of the social networks (e.g., in their privacy policy, see below).

Social Networks in Detail

Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the collected data is also transferred to the USA and other third countries. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. The company has a certification under the ‘EU-US Data Privacy Framework’ (DPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. You can independently adjust your advertising settings in your user account. Details on how Facebook handles personal data can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the collected data is also transferred to the USA and other third countries. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. The company has a certification under the ‘EU-US Data Privacy Framework’ (DPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. You can independently adjust your advertising settings in your user account. Details on how Instagram handles personal data can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. According to LinkedIn, the collected data is also transferred to the USA and other third countries. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. The company has a certification under the ‘EU-US Data Privacy Framework’ (DPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. Details on how LinkedIn handles personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

XING
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Kosmo

When you use the Kosmo App from Splitbot, personal data is processed. For our corporate services, a strict principle applies that no data we receive via our application is used for purposes other than providing the application’s functions or improving the application. Furthermore, we do not use corporate data to train our AI models. This includes all data generated during the use of our services, from content creation to any form of communication. We ensure that your data remains strictly under your control and offer you a secure environment in which you can use our AI application without concerns regarding data usage.

Splitbot implements appropriate technical and organizational measures to protect your personal data. Our server location for our applications is German data centers. Only authorized employees of Splitbot or selected third-party companies (e.g., service providers) have access to your personal data. Splitbot employees are obliged to adhere to our privacy policy. Furthermore, Splitbot has concluded contracts with third-party companies that have access to your personal data.

Collection of Personal Data when Using Kosmo

  1. Personal data provided by you: We collect personal data that you voluntarily provide to us when you register for the services or express your interest in information about us or our products and services. The personal data we collect depends on the context of your interaction with us and the services, the choices you make, and the products and features you use.
    • Account Information: When you create an account with us, we collect basic information such as your name, email address, and password. This information is used to identify you and provide personalized services.
    • Messages and Content: This includes the messages you send and receive via the application.
    • Uploaded Documents: The documents you upload to your knowledge base are exclusively for your personal use and to improve the functionality of the tool. By default, we do not use the uploaded data for retraining our models. The files are stored securely and remain only as long as you keep them in your knowledge base. Should you decide to delete them, they will be permanently removed from our systems. The processing of your uploaded documents is carried out exclusively by Splitbot, without the involvement of third parties.
    • Profile: We do not use the data you provide when creating your profile to train our AI models. The information you provide is used exclusively for the purpose of defining your profile and does not contribute to our general model training data. If you decide at any time to delete a profile you have created, the corresponding information and associated data will also be completely removed from our system.
  2. Automatically collected personal data: We automatically collect certain information when you visit, use, or navigate our services. This information does not reveal your specific identity (such as your name or contact information) but may include device and usage information. This information is primarily needed to maintain the security and operation of our services and for our internal analytics and reporting purposes.
    • Log and Usage Data: Log and usage data are service-related, diagnostic, usage, and performance information that our servers automatically collect when you access or use our Services, and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, and information about your activity within the Services (e.g., date/time stamps associated with your usage, pages and files viewed, searches, and other actions you perform, such as which features you use), device event information (e.g., system activity, error reports, and hardware settings).
    • Device Data: We collect device data such as information about your computer, mobile phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or your proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration.
  3. Personal Data Collected via the App:
    • Mobile Device Access: We may request access to or permission for certain features of your mobile device. If you wish to change our access or permissions, you can do so in your device’s settings.
    • Mobile Device Data: We automatically collect device information (e.g., your mobile device ID, model, and manufacturer), operating system, version information, and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and IP address (or proxy server). When you use our app, we may also collect information about the telephone network connected to your mobile device, your mobile device’s operating system or platform, the type of mobile device you are using, your mobile device’s unique device ID, and information about the features of our app you have accessed.
    • Push Notifications: We may ask to send you push notifications regarding your account or certain features of the app. If you wish to opt out of receiving these types of communications, you can disable them in your device’s settings. This information is primarily used to maintain the security of our app’s operations, for troubleshooting, and for our internal analysis and reporting purposes.
  4. Personal Data When Using Third-Party Services: When integrating external services, we carefully select the third-party providers and implement their availability. In this process, personal data (e.g., IP addresses, information from pseudonymized cookies, etc.) may be transferred or automatically transmitted to the third-party providers. The type, scope, purpose, and duration of these personal data processing activities may vary in individual cases. The legal basis for processing personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest). If the user has given consent, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR.
    • You have the option to use the WebSearch feature. This can be added at any time via an opt-in function. When using WebSearch, personal data is transferred to the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to Google, the collected data is also transferred to the USA and other third countries. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. For details, please refer to Google’s privacy policy: https://policies.google.com/privacy

Permissions

To enable you to use the app on your mobile devices, we require the following system permissions on your device and use them as follows:

Permissions for Android

  • ACCESS_NETWORK_STATE
    Required to check for a valid network connection.
  • INTERNET
    Required to retrieve data from the internet.
  • READ_EXTERNAL_STORAGE
    Required to read files such as documents from the device’s external storage.
  • READ_INPUT_STATE
    Required to capture your text input in real-time and enable faster and more precise responses.
  • WRITE_SECURE_STORAGE
    Required to store sensitive information such as login credentials, tokens, or personal preferences in an encrypted manner.

Permissions for iOS

  • READ_EXTERNAL_STORAGE
    Required to read files such as documents from the device’s external storage.
  • WRITE_SECURE_STORAGE
    Required to store sensitive information such as login credentials, tokens, or personal preferences in an encrypted manner.

Security

To protect your personal data, Splitbot maintains a secure IT environment and has taken measures to prevent unauthorized access to this data (e.g., admission controls, access controls, user access controls, transmission controls, input controls, availability controls, segregation principle). You can find details on how these measures are specifically implemented in our Data Processing Agreements and Technical and Organizational Measures.