SUPPORT

Data protection

gradient

Effective Date: April 17, 2025

This privacy policy informs you about how deepstay (hereinafter referred to as “we”, “us”, or “our”) processes personal data when you visit our website. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

1. Controller

The controller responsible for the processing of personal data within the meaning of Article 4(7) GDPR is:

deepstay
Email: contact@deepstay.ai

If you have any questions regarding this privacy policy or the processing of your personal data, please contact us using the information provided above.

2. Scope of Data Processing

We process personal data solely for the purpose of communication, recruitment, and scheduling meetings. Our website is designed to minimize data collection. Specifically, we collect personal data in the following ways:

a) Scheduling via Calendly
If you schedule a meeting with us through Calendly, Calendly collects your name, email address, and availability. Calendly, a third-party service, processes this information on our behalf. For more information, please review Calendly’s privacy policy: https://calendly.com/privacy

b) Communication via Email (Gmail)
If you send us an email, including job applications or CVs, we will process the data you provide (e.g. name, email address, attached files, and message content). Gmail is provided by Google Ireland Ltd. and may involve processing outside the EEA under Standard Contractual Clauses (SCCs).

c) Accessing White Papers
Our website provides public access to PDF documents (white papers). These are accessible without submitting any personal data. We do not track downloads or use embedded analytics within the documents.We do not use cookies, analytics tools, or contact forms.


3. Legal Basis for Processing

We process your personal data based on the following legal bases under

   • Article 6 GDPR:Article 6(1)(a) GDPR – Consent: where you have voluntarily scheduled a call via       Calendly or submitted your application to us.
   •Article 6(1)(b) GDPR – Contract initiation: where communication is required to enter into a      potential contract (e.g. service inquiries or job applications).
   •Article 6(1)(f) GDPR – Legitimate interest: for general business communication and ensuring the      security and functionality of the website.


4. Recipients of Personal Data

Your personal data may be shared with service providers that support our business operations. These include:
    • Calendly LLC – for meeting scheduling
    • Google Ireland Ltd. – for email communicationThese service providers may process data        outside the European Economic Area. In such cases, appropriate safeguards are in place, such        as Standard Contractual Clauses approved by the European Commission.


5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. In particular:
   • Emails and job applications will be stored for up to six months after final communication unless       legal obligations require longer retention.
   • Scheduling data via Calendly is retained according to Calendly’s own data retention policies.You       may request deletion of your data at any time, subject to legal retention requirements.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or loss. This includes:

   • TLS/SSL encryption on our website
   • Access control and secure cloud infrastructure
   • Use of reputable third-party platforms with strong security protocols

7. Your Rights under the GDPRAs a data subject, you have the following rights in accordance with Articles 12–23 GDPR:

   • Right of access (Art. 15 GDPR) – to obtain information about your stored data
   • Right to rectification (Art. 16 GDPR) – to correct inaccurate or incomplete data
   • Right to erasure (Art. 17 GDPR) – to request deletion of your data
   • Right to restriction of processing (Art. 18 GDPR) – to limit processing in certain cases
   • Right to data portability (Art. 20 GDPR) – to receive your data in a structured format
   • Right to object (Art. 21 GDPR) – to object to data processing based on legitimate interest
   • Right to withdraw consent – if processing is based on your consent, you may withdraw it at any       time with future effect

To exercise these rights, please contact us at contact@deepstay.ai

8. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

In Germany, the competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI): https://www.bfdi.bund.de

9. Updates to This Policy

We may update this privacy policy to reflect legal, regulatory, or operational changes. Please check this page regularly to ensure you are aware of the latest version.

Last updated: April 21, 2025

deepstay

© 2025 deepstay. All rights reserved.

CareersContact usData protectionCookie policyTerms of use