Get your free and exclusive 50-page Banking Passkey Report

Privacy Policy

1. General information

Protecting your personal data is vital to us. We handle information shared on our website with utmost confidentiality, following data protection laws and this privacy policy. This policy details the data we collect, its use, potential sharing, and your rights concerning your information. Personal data is any information linked to an identifiable individual as defined in Article 4 No. 1 of the GDPR.

1.1 Responsible

Responsible for this website is:
Corbado GmbH
Lindwurmstraße 44
8033 Munich

2. Data processing for informational use of our website

The handling of data on this site encompasses the personal information vital for facilitating an informative experience of our website. Additional personal details are only processed with your explicit consent or if permitted by applicable legal provisions. When you engage with our website strictly for informational insights without registering or providing personal details, we only process the data relayed by your browser to our server. This encompasses:
  • internet browser (browser type and browser version)
  • operating system used
  • source URL
  • host name of the accessing computer
  • time of the page requested
  • IP address
These specifics are crucial for us to present our website accurately to you, ensuring both stability and security. Thus, their processing is essential on our part. The foundation for such data processing lies in Art. 6 para. 1 p. 1 lit. b) GDPR, owing to our need for the automatically retrieved data to efficiently render our website. Additionally, Art. 6 para. 1 p. 1 lit. f) GDPR also justifies this process, as the retention of this data aligns with our genuine interest in maintaining our website's security and stability. For a comprehensive overview of personal data collection during your site visit, kindly turn to section 4.

3. Data processing when using functions on our website

3. 1 Use of cookies

Our website uses cookies, which are small text files stored in web browsers. They store identifiers and other data on devices like computers and phones, enhancing the overall user experience of our online service. Cookies cannot harm your device in any way; instead, they help us remember settings like language preferences, understand if you've accepted other optional cookies, and identify returning visitors. They also allow for a smoother browsing experience and the efficient functioning of our website. We don't just refer to traditional cookies. When we mention "cookies", it includes similar technologies serving the same purpose. Our site integrates both our proprietary cookies and those from third-party services.

Technically necessary or required cookies:
These are set when you visit our website and are critical for its proper functioning. Examples include cookies recognizing language choices or noting if you've agreed to other optional cookies. These essential cookies are temporary and get removed when you close your browser. The use of such cookies aligns with Art. 6 para. 1 p. 1 lit. f) GDPR, reflecting our genuine intent to ensure a seamless and efficient website experience.

Non-Required Cookies:
These are used to gather extra insights about our visitors' preferences and behaviors, helping us refine our website and improve customer interactions. Setting these cookies happens only with your clear approval. The legal grounding for these cookies comes from your explicit consent, as per Art. 6 (1) S.1 lit. a) GDPR.

3.2 Registration on this website

You can register on our website by providing personal data in order to use our Service. The data is entered in an input mask and transmitted to us and stored. Registration is required for the provision of certain content and services on our website.
The following data is collected during the registration process:
  • Username
  • Email address

The following data is also stored at the time of registration:
  • Email address
  • IP address
  • First name
  • Last name
  • Username
  • Additional context may include IP, device information, etc.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 p. 1 lit. b) GDPR). The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Mandatory legal provisions - in particular legal retention periods - remain unaffected.

3.3 Newsletter Signup

We offer a newsletter service through the third-party provider Substack. When you subscribe through the widget on our website, you will be redirected to Substack's website for the completion of the subscription process. The data collected includes:
  • Email address
  • Any additional information requested by Substack

The data entered during the subscription is processed for the purpose of sending you our newsletter, based on your explicit consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR. Your data will be transferred to Substack Inc., which is based in San Francisco, CA, USA. The data transfer is safeguarded by standard contractual clauses in compliance with GDPR Article 46(2)(c). Learn more in Substack’s privacy policy: https://www.substack.com/privacy.

4. Integrated third party services

To deliver the features of our website, we incorporate services from third parties. We categorize these services into functional and analytical ones in the sections below.

4.1 Functional services

Functional services ensure a seamless experience on our website and are essential for its use.

StripeThis site offers payment through Stripe Payments Europe, Ltd, Grand Canal Dock, Dublin. When paying via Stripe, your data is sent through our interface for processing. Learn more in Stripe's privacy policy: https://stripe.com/de/privacy. Data transfer to Stripe follows Art. 6 para. 1 p.1 lit. b) GDPR and our interest in secure payment methods (Art. 6 para. 1 p.1 lit. f) GDPR). Data is stored for its intended purpose and then deleted, unless legally required otherwise.

Hotjar
We use Hotjar for analytics, provided by Hotjar Ltd in Malta. They process user and meta data in the EU. The processing is based on consent per Art. 6 para. 1 p. 1 lit. a DSGVO, which can be revoked anytime. Data is kept until its purpose ends and there's no retention obligation. More details: https://www.hotjar.com/legal/policies/privacy/.

Webflow
We use Webflow, based in San Francisco, CA, USA, for website creation. They process user and meta data in the USA. Our legitimate interest in maintaining a website is grounded on Art. 6 para. 1 p. 1 lit. f DSGVO. Data transfer outside the EEA relies on standard contractual clauses, ensuring protection per GDPR's Article 46(2)(c). Data is kept until its purpose concludes. More details: https://webflow.com/legal/eu-privacy-policy.

Sendgrid
We use Sendgrid by Twilio, Inc, based in San Francisco, CA, USA, for sending emails.They process content and data in the USA. Order confirmations rely on Art. 6 para. 1 b) DSGVO, while consent-based emails use Art. 6 para. 1 lit. a) DSGVO. Data is retained until its purpose concludes. More details: https://www.twilio.com/legal/privacy.

4.2 Analytical services

These services assist us in gaining insights into the usage patterns of our website.

Google Analytics
We use Google Analytics, a tool from Google Ireland Limited, to analyze our website's user behavior. It gathers data like pages viewed, time spent, operating systems, and user origins, which Google may organize into specific user profiles. This service uses technologies like cookies and may store data on US-based Google servers. Due to potential data protection differences, there's a risk of data access by authorities in the USA. For enhanced privacy, we employ IP anonymization, truncating IP addresses within the European Union before sending them to the USA. Google processes this data to assess website usage and promises not to merge IP addresses with other data. Users can restrict Google's data collection by installing a specific browser plugin.

Google Ads
The website uses Google Ads from Google Ireland Limited for online advertising. Google Ads displays ads based on user's search terms and user data like location and interests. We can assess the effectiveness of our ads by analyzing which search terms triggered them and the resulting clicks. Using Google Ads requires explicit user consent as per Art. 6 para. 1 p. 1 lit. a) GDPR, which can be withdrawn anytime.

Google Conversion-Tracking
This website utilizes Google Conversion Tracking, provided by Google Ireland Limited, Gordon House, Dublin. Google and we use this tool to track user actions, like button clicks and frequent product views or purchases. The gathered data helps us generate conversion stats, but doesn't personally identify users. Google employs cookies or similar technologies for this. Your consent, based on Art. 6 para. 1 p. 1 lit. a) GDPR, is required and can be revoked anytime. More on Google Conversion Tracking is in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Tag Manager
We use Google Tag Manager, by Google Ireland Limited in Dublin, for analysis and advertising. They process user data in the USA. Based on Art. 6 para. 1 p. 1 lit. a DSGVO, processing requires consent, which can be revoked at any time via our privacy policy contact details. Data transfer outside the EEA is secured by standard contractual clauses following GDPR's Article 46(2)(c). Data is retained until its purpose ends. More: https://policies.google.com/privacy?hl=de.

Matomo
We use Matomo for website analytics, operated by Matomo.org in Wellington, New Zealand. Matomo analyzes user behavior, including site visits and device details, based on Art. 6 para. 1 p. 1 lit. a DSGVO and user consent. Consent can be revoked anytime via our contact details. We store Matomo data on our servers, ensuring enhanced privacy, and anonymize IP addresses. Data is kept until its purpose concludes. More details: https://matomo.org/privacy-policy/.

5. Disclosure of personal data to third parties

5.1 External hosting

Our website is hosted by an external provider. Data, including IP addresses, contact details, and website activity, is stored on their servers. We use this hoster to fulfill contracts with clients and ensure our website is secure and efficient as per Art. 6 para. 1 p. 1 lit. b) and f) GDPR. The hoster processes your data only as required to provide their services.

5.2 Other cases

Unless specified in this Privacy Policy, your personal data won't be shared with third parties or processors as per Article 28 of the GDPR.

6. Transfer of personal data to third countries

Your personal data may be processed in third countries, subject to local laws, making them accessible to local entities. To ensure data security during such transfers outside the EU, we adopt measures like EU standard contractual clauses or internal data protection guidelines. If these aren't applicable, transfers are conducted based on Art. 49 GDPR exceptions. Regardless of location, we implement safeguards to maintain data security at EU-equivalent levels.

7. Storage periods

We prioritize minimalistic data processing and only store your personal data as long as necessary for its original purpose or as mandated by legal obligations, such as commercial and tax retention requirements. Typically, data is retained for the duration of our contractual relationship or in line with legal retention periods, like those in the German Commercial Code and Tax Code. For security and technical reasons, IP addresses and server log files are stored for seven days. The duration of storage is also influenced by factors like data relevance, contract status, inquiry status, and relevant legal retention periods for the respective personal data.

8. Your data protection rights

Individuals have the following rights regarding their personal data:
  • Right to Information: Request details about your personal data, its use, recipients, and storage duration.
  • Right to Rectification or Deletion: Correct, delete, or restrict processing of your data if it's inaccurate, no longer needed, or if consent was revoked.
  • Right to Object: Object to processing, especially for direct advertising or if there are specific reasons tied to your situation.
  • Right to Data Portability: Receive your data in a structured, machine-readable format, and request transfer to a third party, if technically feasible.
  • Automated Decision-Making & Profiling: Not be subjected to decisions based solely on automated processing with significant impact.
  • Revocation of Consent: Withdraw consent at any time without affecting prior lawful data processing.
  • Complaints: Lodge complaints with a data protection supervisory authority if you believe your data processing violates data protection laws.
For exercising these rights, raising concerns, or filing complaints, contact usas provided in section 2.

9. Privacy policy update

We reserve the right to change this privacy policy as our website is updated. Please visit this website regularly to review the most current Privacy Policy.
This Privacy Policy was last updated on 30th October 2023.