Trendbird's Privacy Notice

1. General Information

The protection of your personal data is important to us. This Privacy Policy explains how personal data is processed when you visit our website and informs you about your rights under the General Data Protection Regulation (GDPR).

Personal data refers to any information relating to an identified or identifiable natural person. We process personal data exclusively in accordance with applicable data protection laws, in particular the GDPR.

2. Controller

The controller responsible for data processing on this website is:

3. Data Processing When Visiting Our Website

When you access our website, information is automatically transmitted by your browser and stored in server log files. This may include:

• IP address (potentially anonymized)
• date and time of access
• accessed pages and files
• referrer URL
• browser type and operating system

This data is technically required to deliver the website, ensure system security and stability, and improve our services. It is not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

4. Cookies and Consent Management

Our website uses cookies and similar technologies only to a limited extent. A small number of strictly necessary cookies and locally stored values (for example your language preference and your cookie consent decision) are used to deliver core website functionality.

Marketing and tracking cookies are only set after you have given your explicit consent via our cookie banner. We use Google Consent Mode v2: until you grant consent, all consent-relevant signals (such as analytics_storage and ad_storage) are set to 'denied' by default, so no marketing or advertising data is processed.

You can change or withdraw your consent at any time using the 'Cookie settings' link in the footer.

Legal basis: Art. 6(1)(f) GDPR for strictly necessary functions, Art. 6(1)(a) GDPR for cookies and tools requiring consent.

5. Plausible Analytics (cookieless web analytics)

We use Plausible Analytics, a privacy-friendly web analytics service provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia (EU).

Plausible does not use cookies, does not store any data on your device and does not collect any personal data. All measurement happens in aggregate and is fully anonymous. IP addresses are processed only briefly in memory in order to derive country-level information and are then immediately discarded; they are not stored.

We use Plausible to understand how often pages are viewed, which content is relevant and how users navigate our website, in order to improve our offering. No cross-site tracking takes place and no personal profiles are created.

Because Plausible is fully cookieless and processes no personal data, no consent is required. Data is processed exclusively within the European Union.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly reach measurement).

6. Google Tag Manager

We use Google Tag Manager (GTM), a tag management service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager itself does not collect any personal data. It is a technical container that allows us to manage other tags (e.g. marketing or measurement tags) without changing the website's source code each time. GTM only triggers other tools once you have given the corresponding consent via our cookie banner.

We use Google Consent Mode v2 in combination with GTM. Until you grant consent, all consent signals (analytics_storage, ad_storage, ad_user_data, ad_personalization) are set to 'denied' by default, so no marketing or analytics data is sent to Google or other vendors.

When loading GTM, your IP address is technically transmitted to Google. Data transfers to third countries are safeguarded through appropriate measures, in particular the EU standard contractual clauses and Google's certification under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR for the technical loading of the container, Art. 6(1)(a) GDPR for any tags that subsequently fire based on your consent.

7. HubSpot

We use HubSpot, a CRM and marketing automation platform provided by HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland (parent company: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA).

HubSpot is used to manage contact requests, marketing communication and customer relationships and to analyze the use of our website (e.g. visited pages, interaction history). HubSpot uses cookies and similar technologies to recognize visitors across pages and sessions.

The HubSpot tracking script is only loaded once you have given your consent for marketing cookies via our cookie banner. Without your consent, no HubSpot data is collected on this website.

If you contact us via a HubSpot form, the data you enter (e.g. name, email address, company, message) is processed in order to handle your inquiry and, where applicable, for further marketing communication.

HubSpot processes data on our behalf as a data processor. Data transfers to third countries are safeguarded through appropriate legal mechanisms, in particular the EU standard contractual clauses and HubSpot's certification under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent) for tracking, and Art. 6(1)(b) or Art. 6(1)(f) GDPR for handling contact requests.

8. Hosting and Content Delivery

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel processes technical access data (e.g. IP address, browser type, time of access) on our behalf in order to deliver the website securely and reliably.

Data transfers to the USA are safeguarded through the EU standard contractual clauses and Vercel's certification under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a stable and secure provision of our website).

9. Contact Requests

If you contact us by email, phone or via a form on our website, we process the personal data you provide exclusively to handle your inquiry and any related follow-up.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual or contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

10. Data Retention

Personal data is stored only as long as necessary to fulfill the respective processing purposes or to comply with statutory retention obligations. Data is deleted or anonymized once no longer required.

11. Your Rights

Under the GDPR, you have the following rights:

• right of access (Art. 15 GDPR)
• right to rectification (Art. 16 GDPR)
• right to erasure (Art. 17 GDPR)
• right to restriction of processing (Art. 18 GDPR)
• right to data portability (Art. 20 GDPR)
• right to object (Art. 21 GDPR)
• right to withdraw consent at any time (Art. 7(3) GDPR)

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection laws.

13. Data Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or manipulation. These measures are regularly reviewed and updated.