ClimeNow GmbH (Luise-Ullrich-Str. 20, 80636 Munich, Germany, hello@climenow.com) explains below which personal data we process, for what purpose, on which legal basis, and how long. This notice fulfils Art. 12–14 GDPR and § 25 TTDSG.
1 Who is responsible? ClimeNow GmbH, represented by Managing Director Robert Kellner. We have not appointed a Data Protection Officer. Please contact us at the address above with the subject “Data Protection”.
2 When does this notice apply? When you use: - climenow.com (incl. blog) - Cookie and consent banner (Usercentrics) - Contact/demo forms Scheduling (Calendly) - Newsletter, webinar or event sign-up - B2B sales, support and CRM (Pipedrive, Microsoft 365) - Typeform questionnaires and surveys (e.g. readiness scans)
3 Which data do we collect? Technical data - IP address (truncated/anonymised) - Browser/device type - Pages viewed, date/time, referrer
Consent data - Cookie choice (Usercentrics) - Timestamp, anonymised IP segment
Identification & contact data - Name, role, company - Phone number, e-mail address
Assessment / Readiness Scan (incl. Typeform) - Execution & readiness signals - Fundraising timeline, confidence levels - Outreach metrics, hit rates - Runway data, cash-in plans - Other structured inputs you submit via Typeform or our website
Scheduling - Preferred slot, time zone, agenda notes (Calendly)
Contract & billing - Company address - VAT ID - Order and invoice history
Correspondence - Any information voluntarily shared with us
4 Why and on which legal grounds? Provide website & ensure IT security Art. 6(1)(f) GDPR (legitimate interest)
Set necessary cookies § 25(2) TTDSG (all others only with consent under Art. 6(1)(a) GDPR)
Analytics (Google Analytics 4) Only with consent — Art. 6(1)(a) GDPR
Where we rely on Art. 6(1)(f), we balance our interests with your rights.
5 Who receives your data? We use carefully selected processors under Art. 28 GDPR: - Webflow Inc. – Website/CMS hosting (EU servers via AWS) - Usercentrics GmbH – Consent management (Germany) - Typeform SL – Surveys & structured assessments (EU, SCCs) - Google LLC – Analytics 4 (USA, IP anonymised, DPF) - EmailJS Inc. – Automatic email delivery (USA, DPF + SCCs) - Calendly LLC – Scheduling (USA, DPF + SCCs) - Microsoft Ireland Ops Ltd. – Microsoft 365 (EU Data Boundary) - Pipedrive OÜ – CRM (EU-based) - LinkedIn Corp. – Insight Tag (USA, only after consent) - Papermark Inc. – Secure data room (USA, DPF + SCCs) Public authorities may receive data where required by law.
6 International transfers Where data is transferred outside the EEA, we rely on: - An adequacy decision (e.g. UK) - EU–US Data Privacy Framework for certified providers (e.g. Google, Calendly, EmailJS) - Standard Contractual Clauses (SCCs) with supplementary safeguards - EU hosting options wherever possible
7 How long do we store data? - Server logs: 14 days - Consent records: 3 years (legal burden of proof) - Typeform/assessment data: 24 months after completion or deletion request - Calendly bookings: 12 months after meeting - CRM prospects: 24 months after last contact - Contracts & invoices: 6/10 years (German tax & commercial law) - Newsletter: until unsubscribe or consent withdrawal
8 Cookies & similar tech Strictly necessary cookies run automatically. Analytics/marketing cookies (Google, LinkedIn) load only after explicit consent in the Usercentrics banner. You can change your choice any time via the fingerprint icon in the footer.
9 No automated decision‑making We do not conduct automated decision-making or profiling under Art. 22 GDPR.
10 Your rights Under Art. 15–21 GDPR, you may request: - Access - Correction - Deletion - Restriction - Data portability - Objection to processing - Withdrawal of consent at any time You may also lodge a complaint with the Bavarian Data Protection Authority (BayLDA, Ansbach).
11 Security We use TLS encryption, strict access control, MFA, regular penetration testing, ISO 27001-certified hosting and internal information-security controls.
12 External links Links to third-party sites (e.g. LinkedIn, partner pages) are subject to their own privacy policies.
13 Updates We may update this policy from time to time. Substantial changes will be communicated via e-mail or a website banner at least 14 days before they take effect..
