Privacy Policy

Last update: December 5, 2024

This Privacy Policy is our privacy statement and explains how your personal data is processed when you visit the websites available at ylem.co and datamin.io and platform available (after registration and login) at app.ylem.io and app.datamin.io (collectively the “Website”) or use the services offered within either of these offerings (collectively the “Services”). This Privacy Policy also informs you about your rights under the EU General Data Protection Regulation (“GDPR”) and your options to manage your personal data and protect your privacy.

The data controller for the Website as well as for the Services is Datamin GmbH, Charlottenstrasse 4, 10969 Berlin, (“we”/”We”, “us” or “Datamin”). If you have any questions regarding the processing of your data, you can contact us by e-mail at support@datamin.io.

Please note:
You are neither legally nor contractually obliged to provide us with the personal data specified in this Privacy Policy. However, if you do not provide us with certain personal data, we may not be able to enter into a contract with you and you may not be able to use our Services, or only to a limited extent.

1. Data We Process when providing our Website and Services

When we provide our Website, we process personal data from various sources. We process data for each visitor when they access the Website. We also process certain data if you decide to contact us or use certain functions of the Website. Further, we process data we receive from your organization or third-parties.

a. Data we collect automatically when you visit our Website
When you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case we collect the following usage and web access data (which we call “Usage Data”):
  • the date and time of the visit and the duration of the use of the Website;
  • the IP address of your device;
  • the referrer URL (the Website from which you may have been redirected);
  • the subpages of the Website visited; and
  • further information about your device (device type, browser type and version, settings (including language and locale settings), operating system) location (on a city level based on the IP address of your service).
We process the Usage Data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process Usage Data to analyze the performance of the Website, to continuously improve the Website and correct errors or to personalize the content of the Website for you. We also process the Usage Data to ensure IT security and the operation of our systems and to prevent or detect misuse, especially fraud. Our legal basis for processing this data is Art. 6 (1) lit. f) GDPR.

We use cookies for the automatic processing of Usage Data. Cookies are small text files that you upload to your device when you visit our Websites and store the above information about you. For more information about the use of cookies on the Website, please see below in the section about cookies, web analytics and other tracking technologies at the end of this Privacy Policy.

b. Data you proactively transmit to us
In addition to the data we process on all Website visitors, we also process other data when you use our contact form and chat. You can see the details in the contact form and chat area. We process this data exclusively for the purpose of processing your request.

We further process data you provide to use during registration. You can see the details and data categories upon registration. We process this data exclusively for the purpose of registering, opening and maintaining your user account and to the extent required to provide our Services.

We further process content you provide when using our Website or Services. This may include text or other content provided by you. We process this data exclusively for the purpose of providing our Services.

The legal basis in each case is Art. 6 (1) lit. a) GDPR (your consent).

c. Data we process when Using our Services
We process further personal data if you choose to use our Services. This includes:
  • your log-in credentials,
  • the content data uploaded to our Website or Services by yourself,
  • Usage Data such as the time and duration of your log-in
  • User activity (clicks, scrolls etc) including timestamps thereof.
For analyzing user activity, we use MouseFlow, a service provided by Mouseflow, Inc. 501 Congress Ave Suite 150, Austin, TX 78701, United States and Flaesketorvet 68, 1711 Copenhagen, Denmark, to gain insights of our customers’ needs and to optimize our Services continuously. Further information provided on MouseFlow, their privacy policy and opt-out options are provided at the end of this Privacy Policy in the section about cookies, web analytics and other tracking technologies.

We process this data to provide you with the Services and to enable you to communicate with other users of the Services. We also process this data in order to detect and correct errors, to improve the Services (for example, by means of pseudonymous A/B tests to optimize user experience) or, in individual cases, to prevent abuse of the Services in breach of contract or applicable law.

The legal basis for the processing of Usage Data within the scope of our Services is Art. 6 (1) lit. b) GDPR with regards to the provision of Services, and Art. 6 (1) lit. f) GDPR with regards to other purposes.

d. Data we receive from other users of your organization when using our Services
We process personal data (including messages or other content submitted through our Website) which we receive from other users of our Website or Services. Such data may include your name, age, email address, job title, and department. We process this data exclusively for the purpose of providing our Services.

The legal basis for such data processing is Art. 6 (1) lit. b) GDPR.

2. Further Processing Purposes

We have already informed you above for which purposes we process your data. Furthermore, we may also process your data for other purposes in certain situations. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defense against legal action by yourself or third parties. In these cases, the legal basis is either a legal obligation (Art. 6 (1) lit. c) GDPR) or our legitimate interests (Art. 6 (1) lit. f) GDPR).

3. To Whom We Transfer Your Data

Your personal data will only be disclosed to third parties if this is necessary for the provision of the Website or Services. Our Website is hosted on Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA (“AWS”). Our Services run on AWS cloud resources and are stored in their data center in Frankfurt, Germany. All these data recipients have entered into strict contractual agreements (e.g. data processing agreements) with us to process data exclusively within the scope of our instructions.

Data recipients also include the third-party providers listed in our overview of cookies and analytics tools. Detailed information about the third-party providers we use in this context, e.g. to process customer inquiries or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this Privacy Policy.

4. Data Processing Outside the European Economic Area (EEA)

We do not transfer your personal data to countries outside the EEA without implementing appropriate safeguards.

We host your data with a service provider headquartered in the United States (AWS, see above, Section 3). Although all servers are physically located in AWS data centers in Frankfurt, Germany, your data will still be considered to have been transferred to the United States, a country outside the EEA.

When we transfer your data outside of the EEA, we will ensure that an adequate level of data protection is maintained at all times. We will ensure that all data recipients provide appropriate safeguards to provide an adequate level of protection for your data, by accepting to the terms of the EU standard contractual clauses, included in our contracts with these providers in order to guarantee security of processing, or by providing other guarantees in accordance with GDPR requirements.

5. Duration of Processing

We process and store your personal data for as long as this is necessary to fulfil our contractual or legal obligations under the user and/or subscription agreement to the extent applicable to you. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law. If the data is no longer required to fulfil legal obligations (e.g. under tax or commercial law), it will be deleted unless further processing is necessary to preserve evidence or to defend against legal claims against us.

6. Data security

We take all appropriate technical, organizational and administrative security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment, which is not publicly accessible. Your personal data is encrypted when transferred using Secure Socket Layer (SSL) technology, a well-established encryption method for the communication between your computer and our servers.

7. Your legal rights under the GDPR

Within the scope of the GDPR you can assert the following rights against us:
  • your right of access to information under Art. 15 GDPR,
  • your right of rectification under Art. 16 GDPR,
  • your right to erasure in accordance with Art. 17 GDPR,
  • your right to restriction of processing in accordance with Art. 18 GDPR,
  • your right to data portability according to Art. 20 GDPR, and
  • your right not to be subject to a decision based solely on automated processing, including profiling according to Art. 22 GDPR.
You further have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR).

In addition, you can also withdraw a given declaration of consent at any time. However, this withdrawal will have future effect only. Any processing that may have taken place before the withdrawal remains unaffected. If you wish to exercise your rights as a data subject, you can do so by contacting support@datamin.io.

Information about your right of objection under Art. 21 GDPR

In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that such processing is carried out on the basis of Art. 6 (1) lit. f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate that our interests, rights and freedoms outweigh your legitimate interests and therefore justify the processing.

You also have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter), at no additional cost; this also applies to the creation of a user profile (“profiling”), insofar as this is related to direct marketing. If you object, we will not process your personal data for the purpose of direct marketing in the future.

Please note that if you do not provide us with certain data or if you object to the use of such data, you may not be able to use the Website or Services, or may only be able to use them to a limited extent.

The objection may be filed informally and should be sent to: support@datamin.io.