Privacy Policy
1. General Information on Data Processing
This Privacy Policy describes the collection and use of personal data in connection with the use of our website https://recareai.com (“Website”) in accordance with the requirements of the General Data Protection Regulation (“GDPR”). Processing activities not covered by this Privacy Policy may be supplemented by additional privacy policies that must be observed separately.
1.1Â Data Controller
The data controller within the meaning of the GDPR is:
RECARE DEUTSCHLAND GMBH (“Recare”/“we”/“us”)
Bertha-Benz-StraĂźe 5
10557 Berlin
Germany
1.2Â Data Protection Officer
Recare’s Data Protection Officer is Boris Arendt of Simpliant GmbH in Berlin (https://simpliant.eu).
You can reach our appointed Data Protection Officer by email at: datenschutz@recaresolutions.com
1.3Â Data Subject Rights and Supervisory Authority
You may exercise the following rights:
- Right of access to your data stored with us and its processing (Art. 15 GDPR),
- Right to rectification of inaccurate personal data (Art. 16 GDPR),
- Right to erasure of your data stored with us (Art. 17 GDPR),
- Right to restriction of data processing where we are not yet permitted to delete your data due to statutory obligations (Art. 18 GDPR),
- Right to data portability where you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR),
- Right to object to the processing of your data by us (Art. 21 GDPR).
‍
To exercise your rights, you may contact us by email at datenschutz@recaresolutions.com. Please note that in this case we will need to verify your identity and therefore identify you by appropriate means.
‍
The processing of your request and the identification of your person is carried out on the basis of Art. 6(1)(c) GDPR.
‍
You may at any time lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with Section 19 BDSG, e.g. with the competent supervisory authority of the federal state in which you reside, or with the authority responsible for us. All supervisory authorities can be found at the following link:Â
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
1.4Â Legal Basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The legal basis for all our processing activities is Art. 6(1) GDPR. In particular, your data is processed on the basis of:
- Art. 6(1)(a) GDPR – Your consent – Where you have given your consent, you may withdraw it at any time with effect for the future,
- Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures,
- Art. 6(1)(c) GDPR – Compliance with legal obligations,
- Art. 6(1)(f) GDPR – Legitimate interests.
1.5Â Retention Period
We take all reasonable steps to ensure that your personal data is only processed for the period required for the respective processing purpose. Unless the retention period is stated further below, your personal data will be deleted or blocked once the purpose or legal basis for storage no longer exists. Personal data will not be deleted if storage is required by law (e.g. Section 257 HGB, Section 147 AO). Furthermore, we may retain your personal data until the expiry of applicable statutory limitation periods (normally 3 years; in individual cases up to 10 years or longer) where this is necessary for the establishment, exercise or defence of legal claims.
1.6Â Data Security
To protect the security of your data during transmission, we use technical and organisational security measures, in particular the encryption of our website, to prevent unauthorised access by third parties. Our security measures are continuously improved and adapted in line with technological developments.
1.7Â Transmission to Service Providers
We use service providers to deliver our offerings. These service providers act solely on our instructions and are contractually obligated to comply with the requirements of Art. 28 GDPR.
1.8Â Transmission to Affiliated Companies
Where necessary for the purposes of the processing activities described herein, data collected via this website may also be shared with affiliated Recare entities.
1.9Â Data Transfer to Third Countries
Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries where the requirements of Art. 44–49 GDPR are met, in particular standard contractual clauses, binding corporate rules, or an adequacy decision by the Commission.
1.10Â No Obligation to Provide Data / No Profiling
There is no statutory or contractual obligation to provide us with data. However, some services can only be provided if the required data is made available by you. Your personal data will not be used for automated individual decision-making including profiling.
2. Website
Our website offers various sections with different functionalities for visitors, which are described in more detail below.
2.1Â Server Logs
NATURE AND PURPOSE OF DATA PROCESSING
When you visit our website, our web servers temporarily store each access in a log file. The following data is recorded and stored until automatic deletion:
- IP address,
- Date and time of access,
- Name and URL of the retrieved file,
- Volume of data transferred,
- Notification of whether the retrieval was successful,
- Identification data of the browser and operating system used,
- Website from which access was made.
Processing is carried out for the following purposes:
- Ensuring a stable connection to the website,
- Ensuring smooth use of our website,
- Evaluating system security and stability.
LEGAL BASIS
Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in hosting the website and improving and monitoring the security, stability and functionality of the website.
‍
RECIPIENTS
Recipients of the data may be processors. These service providers are obligated to process your data securely and only in accordance with our instructions. Appropriate safeguards have been put in place for the transfer of your data to countries outside the EEA. Where transfers to the USA occur in exceptional cases, the service provider has committed under the Trans-Atlantic Data Privacy Framework (TADPF).
2.2Â Contact Form
NATURE AND PURPOSE OF PROCESSING
You can contact us by email or via a contact form. Various data is required to respond to your enquiry and is automatically stored for processing. The following data is collected as a minimum via the contact form (marked as mandatory fields):
- Email address,
- First name,
- Last name,
- Subject,
- Phone number,
- Message.
Data will not be passed on to third parties. We process your data solely to handle your contact request.
LEGAL BASIS
The processing of data submitted by email is based on a legitimate interest (Art. 6(1)(f) GDPR) in efficient and straightforward communication with you. Depending on the nature of your request, the processing of data submitted by email may also serve the performance of (pre-)contractual measures (Art. 6(1)(b) GDPR).
RECIPIENTS
Recipients of the data may be processors. These service providers are obligated to process your data securely and only in accordance with our instructions. Appropriate safeguards have been put in place for the transfer of your data to countries outside the EEA. The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
2.3Â Customer Relationship Management (Sales Process)
NATURE AND PURPOSE OF PROCESSING
As part of customer relationship management, our sales and account management teams are enabled to carry out meaningful and customer-friendly sales and relationship-building activities. This means that we may contact you by telephone (Voice over IP) and email and schedule appointments. The nature and purpose of the processing relates exclusively to active leads and not to website visitors per se.
During the course of the relationship, the following data may be processed:
- Name,
- Address (work),
- Job title/position,
- Email (work),
- Phone (work),
- Gender,
- Title,
- Company name,
- Fax number,
- Contact details,
- Contact history,
- Appointment data,
- Industry information,
- Customer type information,
- Customer number.
Form data as well as data collected during the sales process (e.g. name, email address, company, role) is stored and processed in our CRM system Salesforce. This enables our sales and account management teams to maintain structured communication and relationships with prospects and customers.
LEGAL BASIS
We process your data in the context of pre-contractual measures or for the performance of a contract pursuant to Art. 6(1)(b) GDPR.
RECIPIENTS
Recipients of the data may be processors. These service providers are obligated to process your data securely and only in accordance with our instructions. Appropriate safeguards have been put in place for the transfer of your data to countries outside the EEA. The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
A further recipient of the data is Salesforce, Inc., 415 Mission Street, San Francisco, CA 94105, USA. A data processing agreement pursuant to Art. 28 GDPR exists with Salesforce. The transfer of data to the USA is based on standard contractual clauses of the EU Commission pursuant to Art. 46(2)(c) GDPR. Salesforce is also certified under the EU-US Data Privacy Framework (DPF).
2.4Â Website Analytics
NATURE AND PURPOSE OF PROCESSING
We are able to collect and analyse data on the use of our website. Usage data from our website visitors, such as referrer URL, country and time, session, page and data point ID, user agent, browser, UTM parameters and language, is collected, evaluated and compiled into automated reports. No cookies or similar technologies are placed on the end devices of website visitors (this does not apply to Google Analytics). We use IP anonymisation in our analysis. Your IP address is anonymised so that it can no longer be unambiguously attributed to you.
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics allows us to analyse user behaviour on our website. Among other things, the following data is processed: IP address (anonymised), pages visited, time on site, origin of visit (referrer URL), browser and device information, and UTM parameters. IP anonymisation is active, so your IP address is truncated within the EU before being transmitted. A data processing agreement pursuant to Art. 28 GDPR exists with Google.
LEGAL BASIS
This analytics tool is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its web offering and its advertising. Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
RECIPIENTS
The recipient of the data is Simple Analytics, Hooftlaan 4, 1401 ED Bussum, Noord-Holland, Netherlands.
Data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The transfer is based on standard contractual clauses of the EU Commission. Google LLC is also certified under the EU-US Data Privacy Framework (DPF).
‍
2.5 Website Analytics – Google Tag Manager
NATURE AND PURPOSE OF PROCESSING
We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool for the technical management of website tags (code snippets). It does not itself process any personal data of website visitors, but enables the integration and control of other analytics and marketing tools that may process data in turn. Google Tag Manager does not trigger cookies and is active without consent.
LEGAL BASIS
Google Tag Manager is used on the basis of our legitimate interest in the efficient technical management of our website pursuant to Art. 6(1)(f) GDPR.
‍
2.6 Vimeo without Tracking (Do-Not-Track)
NATURE AND PURPOSE OF PROCESSING
We provide videos on various topics on our website. When videos are retrieved, the page you visited is recorded and your IP address is processed. Your user activity is not tracked and no cookies are set.
LEGAL BASIS
Processing is carried out on the basis of Art. 6(1)(a) GDPR; consent may be withdrawn at any time.
RECIPIENTS
This website uses plugins from the video platform Vimeo. The recipient is Vimeo Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA.
TRANSFER TO THIRD COUNTRIES
Where data is transferred to the USA when using Vimeo content, such transfer is based on standard contractual clauses of the EU Commission pursuant to Art. 46(2)(c) GDPR.
3. Cookies
Our website uses what are known as cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective and secure. Cookies are small text files that are placed on your device and stored in your browser.
Most of the cookies we use are so-called session cookies. These cookies are automatically deleted at the end of the session. Session cookies are used to assign successive page views to the individual users accessing our website. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can configure your browser to inform you when cookies are set, to decide on a case-by-case basis whether to accept them or to exclude the acceptance of cookies in general, and to activate automatic deletion of cookies when closing the browser. You can manage many online advertising cookies from companies via the American website https://www.aboutads.info or the European Union website http://www.youronlinechoices.com. Please note that the use and in particular the convenience of use may be restricted without the use of cookies.
4. Cookiebot by Usercentrics
NATURE AND PURPOSE OF PROCESSING
Our website uses Cookiebot by Usercentrics, a consent management tool by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. The tool enables us to obtain, document and manage your consent to the use of cookies and similar technologies in a data protection-compliant manner. Among other things, the following data is processed: IP address (anonymised), consent status, timestamp of consent, and technical information about the device and browser used. The corresponding cookie is placed on your device and stores your consent decision.
LEGAL BASIS
Processing is carried out to fulfil our statutory obligation for documented consent management pursuant to Art. 6(1)(c) GDPR, as well as on the basis of our legitimate interest in the legally compliant design of our website pursuant to Art. 6(1)(f) GDPR.
RECIPIENTS
The recipient of the data is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. As a European provider, no transfer to third countries takes place.
Further information is available at: https://www.cookiebot.com/de/privacy-policy/
5. Hosting – Webflow
NATURE AND PURPOSE OF PROCESSING
Our website is hosted via the Webflow service of Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, USA. Webflow technically processes all data arising from visits to our website, in particular IP addresses and access times (see also Section 2.1 Server Logs).
LEGAL BASIS
Processing is carried out on the basis of our legitimate interest in the reliable operation of our website pursuant to Art. 6(1)(f) GDPR.
THIRD COUNTRY TRANSFER
A data processing agreement pursuant to Art. 28 GDPR exists with Webflow. The transfer of data to the USA is based on standard contractual clauses of the EU Commission pursuant to Art. 46(2)(c) GDPR. Webflow, Inc. is also certified under the EU-US Data Privacy Framework (DPF).
Further information is available at: https://webflow.com/legal/privacy
6. Appointment Booking – Calendly
NATURE AND PURPOSE OF PROCESSING
Our website offers the option to book appointments via Calendly. Calendly is a service of Calendly LLC, 271 17th St NW, Suite 1000, Atlanta, GA 30363, USA. When booking an appointment, among other things the following data is processed: name, email address, desired appointment time, and any additional information you provide in the booking form.
LEGAL BASIS
Processing is carried out for the implementation of pre-contractual measures and for the performance of a contract pursuant to Art. 6(1)(b) GDPR, as well as on the basis of our legitimate interest in efficient appointment management pursuant to Art. 6(1)(f) GDPR.
THIRD COUNTRY TRANSFER
A data processing agreement pursuant to Art. 28 GDPR exists with Calendly. The transfer of data to the USA is based on standard contractual clauses of the EU Commission pursuant to Art. 46(2)(c) GDPR. Calendly LLC is also certified under the EU-US Data Privacy Framework (DPF).
Further information is available at: https://calendly.com/privacy
7. Webinars – Livestorm
NATURE AND PURPOSE OF PROCESSING
We use the Livestorm platform of Livestorm SAS, 89 Rue La Boétie, 75008 Paris, France, for hosting webinars and online events. When participating in a webinar, among other things the following data is processed: name, email address, IP address, technical usage data (browser, operating system), time and duration of participation, as well as audio and video if you activate your camera or microphone.
LEGAL BASIS
Processing is carried out for the implementation of pre-contractual measures and for the performance of a contract pursuant to Art. 6(1)(b) GDPR, as well as on the basis of our legitimate interest in conducting digital events pursuant to Art. 6(1)(f) GDPR.
RECIPIENTS
The recipient of the data is Livestorm SAS, 89 Rue La Boétie, 75008 Paris, France. As a European provider, no transfer to third countries takes place.
Further information is available at: https://livestorm.co/privacy-policy
8. Applicant Data
We offer you the opportunity to apply to us via our website. We provide an applicant portal for this purpose, which is accessible at https://careers.recaresolutions.com. Supplementary privacy notices for applicants are available on the applicant portal.
9. Social Media
DATA PROCESSING BY SOCIAL NETWORKS
We maintain publicly accessible profiles on social networks. The specific social networks we use can be found below.
Social networks such as LinkedIn, X (formerly Twitter) etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.
This Privacy Policy applies to the following social media presences:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal may be able to attribute this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. This data collection occurs, for example, via cookies stored on your device or by recording your IP address.
‍
Using the data collected in this way, the operators of the social media portals can create user profiles containing your preferences and interests. In this way, interest-based advertising can be displayed to you both inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are or have been logged in.
‍
Please also note that we cannot trace all processing operations on the social media portals. Depending on the provider, further processing operations may be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.
LEGAL BASIS
Our social media presences are intended to ensure the widest possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).
DATA CONTROLLER AND EXERCISING RIGHTS
When you visit one of our social media presences, we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You may generally exercise your rights (access, rectification, erasure, restriction of processing, data portability and complaint) against both us and the operator of the relevant social media portal.
Please note that, despite joint responsibility with the social media portal operators, we do not have full influence over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
RETENTION PERIOD
Data collected directly by us via the social media presence is deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for storing the data ceases to apply. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We have no influence over the retention period of your data stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
INDIVIDUAL SOCIAL NETWORKS
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfers to the USA are based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
Vimeo
We have a profile on Vimeo. The provider is Vimeo, Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA. Data transfers to the USA are based on the standard contractual clauses of the EU Commission. Details can be found here: https://vimeo.com/privacy.
X (formerly Twitter)
We have a profile on X (formerly Twitter). The provider is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. For details on how they handle your personal data, please refer to X’s privacy policy: https://twitter.com/de/privacy.
10. Newsletter
You can subscribe to our newsletter to receive regular information about Recare and our products. Data processing in connection with the newsletter is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw this consent at any time (see Section 1.3). Each email also contains a link to unsubscribe from the newsletter.
For sending the newsletter, we use the services of Brevo (formerly Sendinblue) GmbH, Köpenicker Straße 126, 10179 Berlin.
Newsletter dispatches are sent using the so-called double opt-in process: after signing up, you will receive an email with a confirmation link that you must actively click before you receive any newsletter emails from us.
For sending the newsletter, we process via Brevo your email address, your name, and the type of institution you belong to. Brevo also enables data analysis that shows whether a newsletter was opened and whether any links were clicked.
Further information about Brevo’s features is available at: https://www.brevo.com/de/newsletter-software/.
11. Online Meetings
We use the tools “Google Meet”, “Microsoft Teams” and “GoTo Webinar” for video conferences.
Google Meet is a service of Google Ireland Limited. Microsoft Teams is a service of Microsoft Corporation. GoTo Webinar is a service of GoTo Technologies Ireland Unlimited Company.
Participation in online meetings is voluntary. Should you participate in an online meeting, your personal data may be processed, in particular your IP address, technical usage data, and audio and video material.
Recare will not record online meetings without your consent. In addition, Recare will always choose the most privacy-friendly settings available when conducting online meetings.
The processing of your data in connection with online meetings generally takes place within the EU. Should data processing in the USA occur in individual cases, both Google and Microsoft and GoTo Technologies are certified under the EU-US Data Privacy Framework.
Further information on data protection with Google Meet is available at: https://support.google.com/meet/answer/10382037?hl=de
Further information on data protection with Microsoft Teams is available at: https://privacy.microsoft.com/de-de/privacystatement
Further information on data protection with GoTo Webinar is available at: https://www.goto.de/company/rechtliches/datenschutz/us
With your consent, Recare uses the AI-based tool “tldv” for recording, summarising and analysing video conversations. This only takes place with your express, voluntary consent.
tldv is a service of tldx Solutions GmbH.
The processing of your data when using tldv generally takes place within the EU. Should data transfers to the USA or a third country occur, appropriate measures within the meaning of Art. 45 et seq. GDPR will be taken to ensure the lawfulness of the transfer.
Further information on data protection with tldv is available at: https://intercom.help/tldv/en/articles/5946379-privacy-policy.
12. Events
Where Recare organises events, your data may also be used for the planning, execution and follow-up of the event. For this purpose, your data may also be shared with service providers who assist with the implementation of the event, where necessary. The legal basis for data processing is the initiation and performance of a contractual relationship within the meaning of Art. 6(1)(b) GDPR, as well as legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Where you have also given your consent to the transfer of your data to cooperation partners as part of your participation in the event, the legal basis is Art. 6(1)(a) GDPR. You may withdraw this consent at any time.
13. Changes to this Privacy Policy
We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to make changes to our offerings in the Privacy Policy, e.g. when introducing new services. The current version of the Privacy Policy shall apply at all times.
‍
Version 1.8 – April 2026
‍