General Terms & Conditions

General Terms & Conditions

General Terms & Conditions

General Terms & Conditions

Website, last amended: November 2023

We have created these terms to inform you about how personal data is collected, processed and used when you visit our website and use our services.

1. Contact Information

The website is provided by Pyne GmbH, Große Hamburger Str. 17, 10115 Berlin (hereinafter referred to as “Pyne” or “we”). Pyne is also the controller within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing and use of personal data of website visitors (hereinafter referred to as “you”). Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection team by sending an email to

2. Data Privacy and Processing 

2.1 Visiting the website

In principle, it is possible to visit our website without providing additional personal data. Personal data is only collected if this is necessary for technical reasons to use our website or if you use certain functions or services offered on our website, e.g. the Contact Us button or the application form.

The following access data are automatically recorded every time our website is accessed: date and time of access name of the file requested website from which the file was requested access status (e.g. file transferred, file not found)your web browser and your device’s operating system the IP address of the requesting deviceIt is necessary to process this data to make it possible to visit the website and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6(1) lit b GDPR.For the purposes described above, the access data specified is also temporarily stored in internal log files in order to generate statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices with which the pages are accessed increases) and for the general administrative maintenance of our website. The legal basis for this data processing is Art. 6(1) lit. f GDPR, based on our legitimate interest in appropriately optimising our website.

The information stored in the log files does not allow any conclusions about your person and we only store IP addresses in the log files in shortened, anonymised form. We point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data from third-party access is not possible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as a site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the address line of the browser from "http://" to "https://," and by the lock icon in your browser line. When the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

2.2 Applying to Pyne

You can apply to us for advertised vacancies using our online form or via email. The purpose of data collection here is the selection of applicants for potential employment at Pyne. In order to receive and process your application, we collect the following applicant data: first and last name, email address, telephone number and application documents (curriculum vitae and cover letter). You may also voluntarily provide us with additional information that you may want us to consider when you apply (e.g. your salary expectations, availability or additional documents).

If you apply for a position at Pyne, in principle we will not pass on your applicant data to third parties. If you have any questions regarding data protection in the application process (e.g. with regard to your rights under data protection law), please contact us at

The legal basis for the processing of your applicant data is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG). We store your applicant data upon receipt of your application. If we accept your application and subsequently employ you, we will store your applicant data for as long as the data is necessary for your employment and as far as we are legally required to retain it. If we reject your application, we will store your applicant data for a maximum of six months after rejection of your application. The data will be deleted automatically after this period.

We use the external service provider Notion (Notion Labs, Inc., 930 Alabama Street, 94110 San Francisco, United States) for our application system. We have concluded a data processing agreement with Notion, pursuant to Art. 28 GDPR, to ensure that Notion processes the data in accordance with our instructions and the European data protection principles. If Notion transfers data to companies outside Europe (e.g. to the USA), Notion has taken contractual precautions to ensure compliance with the European data protection principles. However, when personal data is processed outside Europe, it may in individual cases be the case that the rights of EU citizens cannot or cannot fully be enforced. You can revoke consent and withdraw your application at any time.

2.3 Contacting Pyne

To contact Pyne you can use the Contact Us button on our website and send us an email.  When contacting us via email, we store and process your email address and name and surname, if included in your written email, to reply to your email and for any further inquiries. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR. You can revoke your consent at any time.

2.4 Data processing when using our services

How do we collect your data?

Some data is collected when you provide it to us. This could be, for example, data you enter into a contact form or into the chatbot.

What do we use your data for?

For the operation of our AI chatbot, certain data is crucial. It contributes to basic functions such as organizing your chat sessions and processing your queries. Without this information, our chatbot cannot function correctly.

We use publicly available data from websites for training purposes of our chatbots. Only on request of our customers, we can include further non sensitive information for the training of our chatbots.

What rights do you have regarding your data?

You have the right to receive free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. In addition, you have the right to request the limitation of the processing of your personal data under certain circumstances. You also have the right to file a complaint with the relevant supervisory authority.

For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.

Use of Chatbots

We use chatbots to communicate with you. Chatbots are capable of responding to your questions and other inputs without human intervention. For this purpose, chatbots analyze other data besides your inputs to give appropriate responses (e.g., names, email addresses, and other contact details, customer numbers, and other identifiers, orders, and chat histories). Your IP address, log files, location information, and other metadata can also be collected via the chatbot. These data are stored on the chatbot provider's servers.

For the operation of our AI chatbot, certain data is crucial. It contributes to basic functions such as organizing your chat sessions and processing your queries. Without this information, our chatbot cannot function correctly.

Since the use of our chatbot does not require the input of personal data, we ask that you do not enter any personal data.

If you have given your consent, we can measure and analyze our performance using analysis cookies so that we understand how you use our chatbot and our website. These data provide us with insights into the topics and content that particularly interest you. They help us to improve our chatbot and our website further and to offer you more relevant and useful content. This helps us provide you with a better online experience and to continually improve.

Furthermore, a cookie ensures that your chat history is retained and recognition is possible when you close and reopen the chat window.

The data you enter during communication remains stored with us or the chatbot operator until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after the completion of processing your request). Mandatory legal provisions - especially retention periods - remain unaffected.

The legal basis for the use of chatbots is Art. 6 Para. 1 lit. b GDPR, provided the chatbot is used for contract initiation or as part of the fulfillment of a contract. If a corresponding consent has been obtained, processing is based solely on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of TTDSG. The consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in the most effective customer communication (Art. 6 Para. 1 lit. f GDPR).

We collect, process, and use personal customer and contractual data for the establishment, content design, and modification of our contractual relationships. Personal data concerning the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable or bill the user for the use of the service. The legal basis for this is Article 6(1)(b) of the GDPR.

The collected customer data will be deleted after the order has been completed or the business relationship has ended, and after any existing legal retention periods have expired. Legal retention periods remain unaffected.

2.5 Subprocessors - Personal Data Storage and Processing

Pyne uses third-party sub-processors to provide infrastructure services, host and process personal data submitted to our services, and help us provide customer and chatbot services for lead generation purposes. The pyne production systems used for hosting personal data for the services are in location facilities in the United States and Europe and in the infrastructure sub-processors listed below. Customer accounts are established in one of these regions based on where the customer is located but may be shifted among locations to ensure the performance and availability of the services. The following table describes subprocessors, processing activity, and countries engaged by pyne in the processing and/or storage of personal data.

Pyne’s services are hosted with the following providers, who are subcontractors of pyne:

Supabase: Database, Authentication; Location of processing: Germany

When you log in to our customer portal, Supabase captures various log files including your IP addresses. For details, please refer to Supabase's privacy policy:

Render: Hosting and Cloud Platform; Location of processing: Germany

When you use our services, Render captures various log files including your IP addresses. For details, please refer to Render's privacy policy:

Cloudflare: Content Delivery Network, Web Application Firewall, and DDOS Protection; Location of processing: Globally

Framer: Website Hosting; Location of processing: United States

OpenAI (ChatGPT API): Service provider for AI-enabled functionality; Location of processing: United States

OpenAI’s Data Processing Addendum can be accessed here. Based on this agreement, the user’s prompts (input), completions (outputs), embeddings and training data used for operating pyne’s chatbot, are not available to other OpenAI customers, are not available to OpenAI, and are not used to improve OpenAI models.

2.6 Storage Duration

Unless specifically stated in this terms and conditions, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur once these reasons no longer apply.

3. Disclosure of data

In principle, we will only pass on the data we collect if:you have given your express consent to this pursuant to Art. 6(1) lit. a GDPR; disclosure is necessary pursuant to Art. 6(1) lit. f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that there is an overriding legitimate interest in not disclosing the data; we are legally obliged to do so under Art. 6(1) lit. c GDPR; or this is permitted by law and is required under Art. 6(1) lit. b GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.Part of the data processing described in this privacy policy may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may, in particular, include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

4. Data transfer to third countries

As explained in this terms and conditions, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is provided for and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your affected rights cannot be guaranteed.

6. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose.

You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided.

In order to assert your rights described here, you can contact us at any time using the contact details provided in Section 1 above. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection.

In addition, you have the right to object to data processing if it occurs based on Art. 6(1) lit. f GDPR or for direct marketing purposes. Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

‍Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

If we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

Effective as of: November 2023