Data protection

The following information is provided in accordance with Art. 13 of the General Data Protection Regulation (GDPR) regarding the processing of your personal data in connection with the use of Polyteia support and help center via docs.polyteia.com.

1. Controller

The controller for data processing in connection with the use of the platform docs.polyteia.com is:

Polyteia GmbH Schlesische Straße 27 10997 Berlin Email: [email protected]

2. Data Protection Officer

Our external data protection officer is available for inquiries regarding data protection at the following contact details:

Ali Tschakari, LL.M. Bitkom Servicegesellschaft mbH Albrechtstraße 10 10117 Berlin Email: [email protected]

Please indicate when contacting that it concerns the platform docs.polyteia.com.

3. Purposes and Legal Bases of Processing

When visiting the website docs.polyteia.com (help center), personal data is processed to

• provide the content of the help center,

• ensure technical security and stability,

• and respond to inquiries or feedback.

This data processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in the informative and technically secure provision of the help center). If you actively contact us (e.g., by email), the legal basis is Art. 6 para. 1 lit. b GDPR (contract or pre-contractual measures).

4. Categories of Processed Data

When accessing docs.polyteia.com, the following data is automatically collected by our technical service provider GitBook:

• IP address

• Date and time of access

• Pages accessed and referrer URL

• Browser type and language

• Device/operating system used

• Click behavior (e.g., navigation, scrolling, page changes)

• Usage data (e.g., start, end, scope of use)

• Location data (e.g., derived from IP address)

• pseudonymized user profiles (e.g., from cookies or web analytics)

This data is stored in server logs and analyzed in pseudonymized form.

5. Hosting and Data Recipients

The website docs.polyteia.com is hosted by the service provider GitBook Inc., 440 N Barranca Ave #7171, Covina, CA 91723, USA. GitBook acts as a data processor within the meaning of Art. 28 GDPR. Data is only shared with third parties:

• in the context of technical provision by subcontractors,

• in case of legal obligations,

• or with your explicit consent.

GitBook's complete privacy policy can be found at: Privacy Statement | GitBook Site Policy

6. Data Transfers to Third Countries

The technical provision and hosting of the help center at https://docs.polyteia.com is carried out by the external service provider GitBook Inc., 440 N Barranca Ave #7171, Covina, CA 91723, USA.

In this context, personal data is processed by GitBook in the United States of America (USA).

We base the transfer of your personal data on appropriate safeguards in accordance with Art. 46 GDPR.

In particular, the following data protection measures have been contractually agreed with GitBook:

• Conclusion of Standard Contractual Clauses (SCCs) of the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR

• Conclusion of a Data Processing Addendum (DPA) with detailed requirements for data protection and data security

• Obligation to implement appropriate technical and organizational measures (TOMs) in accordance with Art. 32 GDPR – including access restrictions, encryption, monitoring and rights management

• Obligation to support data protection requests and report data protection violations

GitBook acts as a technical data processor within the meaning of Art. 28 GDPR exclusively on the instructions of Polyteia GmbH.

GitBook is contractually obligated to respond to requests from authorities only under strict legal requirements and to inform the affected persons (or Polyteia) where possible.

• GitBook's complete privacy policy can be found at: Privacy Statement | GitBook Site Policy

• Details on data processing are regulated in the publicly accessible Data Processing Addendum (DPA): GitBook DPA

• Information on security measures taken by GitBook: GitBook Security FAQ

7. Contact

For contacting Polyteia support, the following communication channels are available:

• Email

• Contact form

• Telephone

• Online meeting / appointment scheduling

Details on data processing can be found in the following subsections.

7.1 Contact via Email

When you contact us by email, your inquiry including all resulting personal data (name, first name, inquiry, etc.) is stored and processed by us for the purpose of handling your request.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completing the processing of your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

7.2 Contact Form (future)

Within the platform, there is a link that leads to a contact form that can be used for electronic contact. When you contact us via our contact form or by means of personal messages, the data entered in the input mask is transmitted to us and stored.

Fields marked with * are mandatory fields. We use this data based on Art. 6 para. 1 lit. f GDPR to respond to your inquiry.

In addition, Art. 6 para. 1 lit. b GDPR may also be considered as a legal basis if your inquiry serves to implement pre-contractual measures.

Fields not marked with "*" are purely voluntary information. The processing of data that you voluntarily enter into the form is done on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by informal notification, e.g., by email to [email protected].

7.3 Contact by Telephone

When you contact us by telephone, no personal data is generally collected. Personal data is only collected if you expressly request a callback or written response. In these cases, we process your information (e.g., telephone number, name, request) exclusively for the purpose of processing your inquiry.

The legal basis for processing your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the effective processing and response to your contact. If your telephone inquiry aims at concluding a contract or implementing pre-contractual measures, processing is based on Art. 6 para. 1 lit. b GDPR.

7.4 Online Meeting / Appointment Scheduling

To give you the opportunity to schedule an appointment for an online meeting, we collect certain personal data from you. This includes your name, email address, and possibly other contact details that you provide when scheduling an appointment. This data is used exclusively for the purpose of appointment scheduling and communication with you.

We use this data based on Art. 6 para. 1 lit. b GDPR (fulfillment of a contract or implementation of pre-contractual measures) to schedule an appointment with you and respond to your inquiries.

7.5 System Communication and Product-Related Notifications

As part of using the platform app.polyteia.com, we regularly send system-related notifications via email or messages within the platform to inform you about relevant processes and functions. These communications are an essential part of platform use and serve the secure, transparent, and effective provision of our services. Users can choose which of these two communication channels should be used for message delivery. This includes in particular:

• Confirmations in the context of registration or password reset

• Notices of planned maintenance or technical changes

• Product information about new or changed functions

• Notifications about activities within the platform (e.g., "A report has been shared with you", "You have been invited to a group")

These messages are not sent for advertising purposes, but to ensure proper operation and to provide information about relevant events related to your use of the platform.

Legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as the information is necessary for the implementation of the usage relationship, as well as Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring a functional, secure, and user-friendly platform operation.

7.5.1 Mailjet

For sending certain email notifications, Polyteia uses the service "Mailjet", an offering from Sinch E-Mail-Group (Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France). This is a specialized service provider for email communication, which is used, among other things, for sending notifications about shared content within the Polyteia platform, announcements of new functions, and invitations to training or webinars.

Processing is carried out on behalf of Polyteia on Mailjet's servers. Sinch Email processes the transmitted personal data exclusively for the technical provision and optimization of email communication. Mailjet also processes so-called metadata (e.g., sending times, email addresses, technical information for delivery) to improve deliverability and prevent abuse.

Mailjet/Sinch Email processes the personal data exclusively on the basis of a data processing agreement within the meaning of Art. 28 GDPR. According to the provider, no processing for their own purposes, such as marketing purposes, takes place.

If the email notifications serve contract fulfillment, processing is based on Art. 6 para. 1 lit. b GDPR. For optional communications, we rely on Art. 6 para. 1 lit. f GDPR. Polyteia has a legitimate interest in informing users about shared content, new functions, and relevant training offerings as part of platform use. The communication is expected, purpose-bound, and involves low intervention intensity.

Further information on data processing by Mailjet/Sinch Email can be found in their privacy policy.

7.6 Contact Service Providers

For providing certain functions in the context of communication with users (e.g., email dispatch, video conferences, or appointment coordination), we use external services. These tools are not hosted on our own servers. Use of these services leads to content being loaded directly from the respective third-party providers' servers and usage data being processed. The respective providers receive, in particular, information that you have interacted with our system, as well as the technically required connection data in this context (e.g., IP address, timestamp, browser information).

We have concluded data processing agreements in accordance with Art. 28 GDPR with these service providers. In cases where the service providers are based outside the European Union or the European Economic Area, the transmission of personal data is exclusively based on appropriate safeguards in accordance with Art. 44 ff. GDPR, in particular through the conclusion of EU Standard Contractual Clauses (SCCs) of the European Commission.

The integration of these services is based on Art. 6 para. 1 lit. b GDPR, insofar as the communication serves to implement a contract or pre-contractual measures. In other cases, we base the processing on our legitimate interest in secure, efficient, and user-friendly communication in accordance with Art. 6 para. 1 lit. f GDPR. If it concerns voluntary information, processing is based on your consent according to Art. 6 para. 1 lit. a GDPR.

8. Storage Duration

GitBook stores technical access data according to its own information as long as an account is active or as required for services. We ourselves store corresponding usage data for a maximum of 15 days.

9. Cookies and Tracking

When visiting our help center at https://docs.polyteia.com, various types of cookies and similar technologies are used to a limited extent by our technical service provider GitBook Inc.. These serve technical provision, security, and possibly analysis of website usage.

9.1 Use of Technically Required Cookies

For secure provision of content and technical functionality of the site, GitBook uses technically necessary cookies. These are required to ensure basic functions of the web offering, e.g.:

• reliable delivery of page content

• storage of user preferences (e.g., language)

• protection against abusive access

Processing is based on Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 No. 2 TDDDG. Our legitimate interest lies in the secure, stable, and user-friendly provision of the help center.

9.2 No Use of Tracking or Analysis Tools

No web tracking, reach measurement, or profiling takes place in the help center by Polyteia. However, this may be done by the provider GitBook (see GitBook's privacy policy).

9.3 User Control

You can prevent or delete the storage of cookies at any time through appropriate settings in your browser. Please note that deactivating technically necessary cookies may limit the functionality of the help center.

9.4 Further Information

Information on cookie use by GitBook can be found in GitBook's privacy policy at: Cookies | GitBook Site Policy

10. Obligation to Provide Data

The provision of personal data is not legally or contractually required, but is necessary for the technical operation of the site. Without an IP address, web access cannot be enabled.

11. Your Rights as a Data Subject

Regarding the data processing listed here, you have various data subject rights that are regulated in the GDPR.

11.1 Right of Access

You have the right under Art. 15 EU-GDPR to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 para. 1 sentence 2 EU-GDPR. This includes in particular the purpose of processing, the categories of processed data, the recipients to whom data has been or will be disclosed, the planned duration of storage or the criteria for the duration of storage, where possible.

11.2 Right to Rectification

You have the right under Art. 16 EU-GDPR to demand the immediate rectification of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to demand the completion of incomplete personal data – including by means of a supplementary statement.

11.3 Right to Erasure

You have the right under Art. 17 EU-GDPR to demand that we delete personal data concerning you immediately. We are obligated to delete personal data immediately, provided one of the reasons listed in Art. 17 para. 1 EU-GDPR applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.

11.4 Right to Restriction of Processing

You have the right under Art. 18 EU-GDPR to demand restriction of processing from us if one of the conditions mentioned in Art. 18 EU-GDPR is met. This includes, for example, if you contest the accuracy of personal data. Then we may only process the data in a restricted manner for as long as it takes to verify the accuracy of the personal data.

11.5 Right to Data Portability

You have the right under Art. 20 EU-GDPR to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another controller, i.e., another entity that processes data, without hindrance, provided the original processing was based on consent or was necessary for the performance of a contract.

11.6 Right to Object

You have the right under Art. 21 EU-GDPR to object at any time to the processing of personal data concerning you if this data is processed on the basis of Art. 6 para. 1 lit. e) or f) EU-GDPR and there are grounds arising from your particular situation. Objection to the processing of data for the purpose of direct marketing can be made at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by informal declaration. A written statement or alternatively an email to the above-mentioned contact address is sufficient.

11.7 Right to Lodge a Complaint with a Supervisory Authority

You have the right under Art. 77 EU-GDPR, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation. In the present case, the competent supervisory authority is:

Berlin Commissioner for Data Protection and Freedom of Information Alt-Moabit 59-61 10555 Berlin Entrance: Alt-Moabit 60 Tel.: +49 (0)30 13889-0 Email: [email protected]

12. Is There Automated Decision-Making / Profiling?

No. Automated decision-making in accordance with Art. 22 GDPR or profiling does not take place in the context of using the platform.

13. Final Provisions

Polyteia GmbH reserves the right to adjust this privacy policy at any time so that it always complies with current legal requirements or to implement changes to services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to any renewed access to this website.

As of: June 2025

Further information and relevant documents for download can be found in our Trust Center.