ClimeNow GmbH (Luise‑Ullrich‑Str. 20, 80636 Munich, Germany, hello@climenow.com) explains below which personal data we process, for what purpose, on which legal basis, and how long. This notice fulfils Art. 12–14 GDPR and § 25 TTDSG.
1 Who is responsible?
ClimeNow GmbH, represented by Managing Director Robert Kellner. We have not appointed a Data Protection Officer; please write to the address above with the subject “Data Protection”.
2 When does this notice apply?
Visiting climenow.com (incl. QuickScan & blog)Showing the cookie banner (Usercentrics)Contact / demo forms or scheduling via CalendlyNewsletter, webinar or event sign‑upB2B sales & support (Attio CRM, Microsoft 365).
3 Which data do we collect?
- Technical: IP address (truncated), device/browser, pages viewed, date/time
- Consent: cookie choice, timestamp, anonymised IP segment
- Identification & contact: name, role, company, phone, e‑mail
- Scheduling details: preferred slot, time zone, agenda notes (Calendly)
- Contract & billing: company address, VAT ID, order history
- Correspondence: any information you send us
4 Why and on which legal grounds?
- Provide website & ensure IT security – Art. 6 (1)(f) GDPR (legitimate interest)
- Set necessary cookies – § 25 (2) TTDSG; all others only with consent (Art. 6 (1)(a))
- Analyse usage (Google Analytics 4) – consent (Art. 6 (1)(a))
- Answer enquiries, deliver QuickScan, arrange demos – pre‑contractual steps (Art. 6 (1)(b))
- Schedule and hold meetings – legitimate interest (Art. 6 (1)(f))
- Send newsletters/webinar info – consent (Art. 6 (1)(a)); existing customers – legitimate interest + § 7 (3) UWG
- Manage CRM & sales pipeline – legitimate interest (efficiency)
- Fulfil contracts, accounting & tax – Art. 6 (1)(b)(c)
- Assert or defend legal claims – Art. 6 (1)(f)
- We balance our interests against yours and only rely on Art. 6 (1)(f) where your fundamental rights are not overridden.
5 Who receives your data?
We use carefully chosen processors bound by Art. 28 GDPR:
- Webflow Inc. – website/CMS hosting (servers in EU via AWS)
- Usercentrics GmbH – cookie consent platform (Germany)
- Google LLC – Analytics 4 (USA, IP anonymised)
- Calendly LLC – meeting scheduling (USA, EU–US Data Privacy Framework + SCCs)
- Microsoft Ireland Ops Ltd. – Microsoft 365 (EU Data Boundary)
- Attio Solutions Ltd. – CRM (EU‑FRA region)
- LinkedIn Corp. – Insight Tag (USA, only after consent)
- HubSpot Germany GmbH – marketing automation (EU)
- Public authorities may receive data where law requires.
6 International transfers
Where providers are outside the EEA, we rely on an adequacy decision (e.g. UK) or Standard Contractual Clauses and additional safeguards, or the EU‑US Data Privacy Framework if certified (e.g. Calendly, Google).
7 How long do we store data?
- Server logs – 14 days
- Consent records – 3 years (burden of proof)
- Calendly bookings – 12 months after the meeting
- CRM prospects – 24 months after last contact
- Contracts & invoices – 6/10 years (German tax & commercial law)
- Newsletter data – until you unsubscribe or revoke consent
8 Cookies & similar tech
Strictly necessary cookies run automatically. Analytics/marketing cookies load only after explicit consent via the Usercentrics banner (fingerprint icon in footer). You can change your choice at any time.
9 No automated decision‑making
We do not use automated decisions or profiling in the sense of Art. 22 GDPR.
10 Your rights
Right of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent at any time (Art. 15‑21 GDPR). Contact us as in § 1. You may also lodge a complaint with the Bavarian data‑protection authority (BayLDA, Ansbach).
11 Security
We protect data with TLS encryption, strict access control, MFA, regular penetration tests, ISO 27001‑certified hosting and an internal information‑security program.
12 External links
Our pages may link to third‑party sites (e.g. LinkedIn). Their privacy rules apply; we have no control over external processing.
13 Updates
We will post changes here and, where significant, inform you by e‑mail or banner at least 14 days before they take effect.
Last updated: 16 May 2025