Privacy Policy

We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Think Ahead Technologies GmbH. The use of the Think Ahead Technologies GmbH website is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Think Ahead Technologies GmbH. By means of this privacy policy, our company wishes to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

Think Ahead Technologies GmbH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions can in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us by alternative means, for example by telephone.

1. Definitions

The privacy policy of Think Ahead Technologies GmbH is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

2. Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

3. Cookies

The Think Ahead Technologies GmbH website uses cookies. Cookies are text files that are stored and saved on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, Think Ahead Technologies GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user who uses cookies, for example, does not have to enter access data each time the website is accessed because this is taken over by the website and the cookie thus stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be entirely usable.

4. Collection of General Data and Information

The Think Ahead Technologies GmbH website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, Think Ahead Technologies GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Think Ahead Technologies GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Contact Possibility via the Website

The Think Ahead Technologies GmbH website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

6. Routine Erasure and Blocking of Personal Data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

7. Webinars and Online Events

8. Interactive Product Demos (Arcade)

On certain pages of our website (e.g., kunnus.tech/en/walkthrough), we embed interactive product demonstrations powered by Arcade (operated by Arcade Software, Inc., USA). These demos allow visitors to explore the Kunnus platform in a guided, click-through format without creating an account. When you interact with an Arcade demo, Arcade may collect the following data: usage data (clicks, interactions, steps completed within the demo), technical data (IP address, browser type, device type, operating system), and analytics data (session duration, demo completion rate, referrer URL). Arcade processes this data to provide and optimize the interactive demo experience. The legal basis for this processing is Art. 6(1) lit. f GDPR (legitimate interest in presenting our product effectively and analyzing user engagement with our demos).

For more information about Arcade's data processing practices, please visit: https://www.arcade.software/privacy

9. Google Ads and Conversion Tracking

We use Google Ads, an online advertising service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to promote our services. In connection with Google Ads, we use Google Ads Conversion Tracking to measure the effectiveness of our advertising campaigns. When you click on a Google ad placed by us, a conversion tracking cookie is set on your device. This cookie has a limited validity period and does not contain any personal data that allows personal identification. If you visit certain pages on our website while the cookie is still active, both we and Google can recognize that you clicked on an ad and were redirected to our website. The information collected through conversion cookies is used to generate aggregate conversion statistics. We do not receive any information that personally identifies individual users.

• Data collected: click data, conversion events, IP address (anonymized), device and browser information.
• Purpose: measuring ad effectiveness, optimizing ad spend.
• Legal basis: Art. 6(1) lit. a GDPR (consent via cookie banner, Marketing Cookies category).
• Data transfer: data may be transferred to Google servers in the USA, governed by the EU-U.S. Data Privacy Framework.
• Retention: conversion data is retained by Google for up to 90 days.

Google Ads conversion tracking scripts are only loaded after you have given your consent via our cookie consent banner. You may withdraw your consent at any time by adjusting your cookie preferences.

For more information: https://policies.google.com/privacy

To opt out of personalized advertising: https://adssettings.google.com

10. Google Search Console

We use Google Search Console, a service provided by Google Ireland Limited, to monitor and optimize the visibility of our website in Google Search results. Google Search Console is a webmaster tool that provides us with aggregated, anonymized data about how our website appears in search results (e.g., number of impressions, click-through rates, average position for search queries). Google Search Console does not set cookies on your device and does not collect personal data from website visitors. No separate legal basis under Art. 6 GDPR is required for this tool.

11. Google Analytics 4

On this website, the controller has integrated Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies to help us analyze how users interact with our website. IP addresses are anonymized before processing.

• Data collected: pages visited, session duration, browser type, device type, geographic location (anonymized IP), traffic sources.
• Cookies used: _ga, _gid, _ga_* (duration: up to 2 years).
• Purpose: understanding user behavior, optimizing website content and user experience.
• Legal basis: Art. 6(1) lit. a GDPR (consent via cookie banner, Analytics Cookies category).
• Data transfer: data stored on Google servers, transfers governed by the EU-U.S. Data Privacy Framework.

Google Analytics scripts are only loaded after you have given your consent via our cookie consent banner. You can opt out at any time by managing your cookie preferences or by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

12. Data Protection Provisions about the Application and Use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside of the USA LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

13. Data Protection Provisions about the Application and Use of X (formerly Twitter)

On this website, the controller has integrated components of X (formerly Twitter). X is a multilingual, publicly-accessible microblogging and social networking service on which users may publish and spread short messages known as posts. These posts are available for everyone, including those who are not logged on to X. The posts are also displayed to so-called followers of the respective user. Followers are other X users who follow a user's posts. Furthermore, X allows you to address a wide audience via hashtags, links or reposts.

The operating company of X is X Corp. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). For data protection matters in Europe, the responsible entity is Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland). Data may be transferred to the United States. These transfers are governed by the EU-U.S. Data Privacy Framework.

14. Rights of the Data Subject

15. Legal Basis for the Processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

16. Legitimate Interests Pursued by the Controller or by a Third Party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and our shareholders.

17. Period for Which the Personal Data Will be Stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period and the purpose of processing. Below are the specific retention periods for different categories of personal data:

• Contact and demo request data: 6 months after the last interaction, unless a business relationship is established
• CRA assessment data and reports: 12 months after generation
• Email delivery logs (Resend): 30 days
• Website analytics data (Google Analytics): up to 26 months (as configured in GA4)
• Google Ads conversion data: up to 90 days
• Cookie consent preferences: 12 months
• Server log files: 30 days
• Webinar registration data (without marketing consent): 6 months after the webinar
• Webinar registration data (with marketing consent): until withdrawal of consent, maximum 24 months
• Webinar recordings: maximum 24 months
• Contract-related data: duration of the contract plus statutory retention periods (up to 10 years under German commercial and tax law)

After expiration of the applicable retention period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

18. Provision of Personal Data as Statutory or Contractual Requirement

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

19. Overview of Third-Party Services and Data Processors

The following table provides an overview of third-party services used on this website:

20. Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.