Recall Space
en
en
de

Privacy Policy

Thank you for your interest in Recall Space and for visiting the website www.recall.space.

Effective date: 2024-12-01

Updated on: 2025-05-29

‍

1. Who we are

Controller: Recall Space GmbH,
Julius-Hatry-Str. 1,
68163 Mannheim, Germany,
‍info@recall.space,
Data-Protection Officer (DPO): dpo@recall.space

‍

2. Scope

This notice explains how we process personal data when you visit www.recall.space, interact with our marketing, request a demo, or otherwise contact us. It complements—does not replace—contractual or product-specific terms.

‍

3. What data we collect, why, and on what legal basis

Category / Data Types (Examples) Purpose GDPR Lawful Basis* Typical Retention**
Technical & Log Data – IP address (anonymised), device/OS/browser details, pages visited, time stamps, HTTP response codes, cookies Serve website, secure platform, detect abuse, compile usage statistics Art 6 (1)(f) Legitimate interest (security & performance) 7 days (logs), up to 2 months (analytics)
Contact & Demo Requests – name, email, company, job title, phone, message text Respond to enquiries, schedule demos, pre-contract steps Art 6 (1)(b) Contract; Art 6 (1)(f) Legitimate interest (customer service) Until request resolved + 12 months (evidence)
Newsletter / Webinar / Download Registration – name, email, country, interest areas, engagement metrics (opens, clicks) Send requested content, track consent, tailor marketing Art 6 (1)(a) Consent; proof of consent: Art 6 (1)(f) Until you unsubscribe; consent logs kept 3 years
CRM Interaction Data (HubSpot) – emails, call notes, marketing segmentation, website behaviour tied to email Lead management, customer communication, campaign optimisation Art 6 (1)(f) Legitimate interest; Consent where cookies apply 24 months of inactivity, then anonymised
Third-party Integrations (Google Analytics 4, LinkedIn Insight) – pseudonymised IDs, cookie IDs, IP (truncated), event data Audience analytics, remarketing Consent (Art 6 (1)(a)); Legitimate interest where strictly necessary See individual provider policies; max 26 months
Social Media Embeds (YouTube videos) – device data, interaction data Provide rich content Consent (Art 6 (1)(a)) As per provider
Customer & Contract Data – billing contact, subscription details, invoices, payment references Fulfil and support paid services, comply with tax law Art 6 (1)(b) Contract; Art 6 (1)(c) Legal obligation 6–10 years (German tax code)
*We rely on consent only where strictly required (e.g., non-essential cookies, email)

‍

4. Cookies

This website uses cookies to improve user experience. Essential cookies load automatically. All analytics/marketing cookies are held back until you opt in via the banner.

Strictly necessary

Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.

Performance

Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.

Targeting

Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.

‍

‍

5. Who receives your data

  • Processors: Webflow (hosting, EU datacenter), HubSpot (CRM & email), Google Ireland (Analytics, YouTube, Ads), LinkedIn Ireland (Insight Tag), 11x AI Inc.  (AI-powered customer assistant). Each is bound by a Data-Processing Agreement incorporating EU Standard Contractual Clauses or certified under the EU–US Data Privacy Framework.
  • Authorities: we disclose only if required by law or to protect our rights.
  • Corporate transactions: data may transfer if we undergo a merger or acquisition (you will be notified).

‍

6. International transfers

When service providers are in the United States, transfers rest on SCCs plus provider DPF certification (Webflow, HubSpot, Google, LinkedIn).

‍

7. Security

We run ISO 27001-aligned controls: TLS 1.3 in transit, AES-256 at rest, role-based access, MFA, quarterly vulnerability scans, and annual penetration tests. Employee access is “need to know”.

‍

8. Your rights under GDPR

You may, at any time:

  1. Access – obtain a copy of the data we hold about you (Art 15).
  2. Rectify – correct incomplete or inaccurate data (Art 16).
  3. Erase – request deletion where data is no longer needed, consent withdrawn, or processing unlawful (Art 17).
  4. Restrict – have processing suspended in certain cases (Art 18).
  5. Object – stop processing based on legitimate interest or direct marketing (Art 21).
  6. Data portability – receive data in a machine-readable format or have it sent to another controller (Art 20).
  7. Withdraw consent – at any time, without affecting past processing (Art 7 (3)).
  8. Lodge a complaint – with the Baden-Württemberg supervisory authority (LfDI BW) or your local authority (Art 77).

‍

9. Exercising rights

Email privacy@recall.space or write to the DPO (address above). We normally respond within one month.

‍

10. Children

Our site is not intended for children under 16; we do not knowingly collect their data. If you believe we have done so, contact us and we will delete it promptly.

‍

11. Updates

When we materially change this notice, we will post the new version here and, for significant changes, email registered users. Latest revision date appears at the top.

‍

info@recall.space
Mafinex
Julius-Hatry-Str. 1
68163 Mannheim
Germany
HomeResearchManifestoBlog
ImprintPrivacy PolicyTerms & Conditions
Don’t miss the opportunity to meet Lisa and Recall Space!
Schedule a demo
© Copyright Recall Space GmbH. All rights reserved.
linkedin