Privacy Policy

Status: 01.10.2025

1. Name and Contact Details of the Controller

Controller

Contact Person for Data Protection Questions

Since the legal requirements for appointing a Data Protection Officer (DPO) are not met by our company, we have not appointed one.

However, our direct contact person for data protection inquiries is:
Noah Yildiz
Email: noah.yildiz@tulip-insights.com
Phone: 01731707155

2. General Information on Data Processing

Scope of Processing and Legal Basis

We process personal data of our users only insofar as this is necessary to provide a functional website, our content, and services.

Processing is carried out on the basis of the following legal grounds:

• Consent (Art. 6 (1) lit. a GDPR): If you give us your consent.
• Contract fulfillment and pre-contractual measures (Art. 6 (1) lit. b GDPR): Insofar as processing is required for the fulfillment of a contract or the implementation of pre-contractual measures (e.g., demo requests).
• Legitimate Interest (Art. 6 (1) lit. f GDPR): Insofar as processing is necessary to protect a legitimate interest of our company and your interests or fundamental rights and freedoms do not override that interest (e.g., IT security).

Retention Period (Speicherdauer)

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if provided for by the European or national legislator (e.g., 6 years for business correspondence, 10 years for invoices).

3. Data Processing when Visiting the Website

Server Logfiles

With every access to our website, our system automatically collects data and information from the computer system of the accessing computer (so-called Server Logfiles).

These include, among other things, your IP address. We process this data to enable the delivery of the website to your computer, to ensure functionality, and to protect our IT systems against attacks. The legal basis for this is our legitimate interest pursuant to **Art. 6 (1) lit. f GDPR**. The data is stored for a maximum of 7 Days and then deleted.

No Tracking or Cookies

According to your information, we **do not use cookies** on this website and **do not use any analysis or tracking tools** (such as Google Analytics or similar).

4. Specific Data Processing and Communication

4.1 Communication via Email ("Contact" Button)

When you click the "Contact" button, your email program opens and you can send us an email to **info@tulip-insights.com**. Your **email address, name, and the content of the email** are transmitted to us. The processing serves the purpose of handling your inquiry and communicating with you.

The legal basis depends on the content of the inquiry: For pre-contractual inquiries, **Art. 6 (1) lit. b GDPR** serves as the basis; for other inquiries, our **legitimate interest (Art. 6 (1) lit. f GDPR)** in responding to the correspondence. The data will be deleted as soon as the purpose of storage ceases to apply and there are no legal retention periods to the contrary.

4.2 Demo Booking (Form)

We offer the opportunity to book a demo of our "Tulip Insights" software. We collect the following data: **First Name, Last Name, Work Email, Company, Job Title, Primary Use Case, and your needs (Tell us about your needs)**.

The purpose is the implementation of pre-contractual measures to fulfill your demo request. The legal basis is therefore **Art. 6 (1) lit. b GDPR**. The data will be deleted if the communication does not lead to a business relationship and there are no retention periods to the contrary (usually after 6 months).

Appointed Service Provider (Email Dispatch)

We use the service Postmark from Wildbit, LLC for the reliable dispatch of the email containing your demo request.

5. Hosting and Third-Country Transfer

Hosting Infrastructure

We use **Microsoft Azure** for the provision of our services. The hosting servers and the database used (Superbase Version) are located **exclusively in Germany**. Data transfer to third countries through hosting does not occur.

Third-Country Transfer via Postmark (USA)

The email service provider **Postmark (Wildbit, LLC)** is based in the USA. The transfer of data to the USA (third country) takes place on the condition that an adequate level of protection is guaranteed. This is ensured through the use of **Standard Contractual Clauses (SCCs)** of the EU Commission.

6. Your Rights as a Data Subject

As a data subject, you are entitled to the following rights at any time. To exercise these rights, please contact us using the contact details provided above (email or postal mail):

• **Right of Access (Art. 15 GDPR)**
• **Right to Rectification (Art. 16 GDPR)**
• **Right to Erasure** ("Right to be Forgotten", Art. 17 GDPR)
• **Right to Restriction of Processing (Art. 18 GDPR)**
• **Right to Object** to processing (Art. 21 GDPR)
• **Right to Data Portability (Art. 20 GDPR)**
• **Right to Withdraw Consent (Art. 7 (3) GDPR)**

You also have the **Right to Lodge a Complaint** with a supervisory authority (**Art. 77 GDPR**) if you believe that the processing of your personal data violates the GDPR.

Competent Supervisory Authority

Since our company is based in Bavaria, the competent authority is the **Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)**.
Promenade 18, 91522 Ansbach.