We believe trust starts with transparency. That’s why we want you to understand exactly how your information is handled when you use our services. This Privacy Policy explains what data we collect, why we collect it, and how we protect it, so you can use our platform with confidence.
This Privacy Policy provides information about how we process personal data when you use:
Personal data means any information relating to an identified or identifiable individual (e.g. name, email address, IP address).
Controller (Art. 4(7) GDPR):
dive solutions GmbH
Mollstraße 30–32, 10249 Berlin, Germany
Email: info@divecae.com
Represented by: Maik Störmer, Pierre Sabrowski
Data Protection Officer:
heyData GmbH
Schützenstraße 5, 10117 Berlin, Germany
Email: datenschutz@heydata.eu
We detail the scope of data processing, processing purposes and legal bases below. In principle, the following come into consideration as the legal basis for data processing:
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed by adequacy decisions of the EU Commission, insofar as they exist (e.g. for Great Britain, Canada and Israel) (Art. 45 para. 3 GDPR).
In the case of data transfer to service providers in the USA, the legal basis for the data transfer is an adequacy decision of the EU Commission if the service provider has also certified itself under the EU US Data Privacy Framework.
In other cases (e.g. if no adequacy decision exists), the legal basis for the data transfer are usually, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 para. 2 lit. b GDPR, they ensure the security of the data transfer.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Data subjects have the following rights against us with regard to their personal data:
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data. Contact details of the data protection supervisory authorities are available at https://www.bfdi.bund.de/EN/Service/ Anschriften/Laender/Laender-node.html.
Within the scope of the business or other relationship, customers, prospective customers or third parties need to provide us with personal data that is necessary for the establishment, execution and termination of a business or other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or to provide a service or will no longer be able to perform an existing contract or other relationship.
Mandatory data are marked as such.
As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 GDPR to establish and implement the business or other relationship. Should we use these procedures in individual cases, we will inform of this separately if this is required by law.
When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) to answer inquiries directed to us. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
We reserve the right to inform customers who have already used services from us or purchased goods from time to time by e-mail or other means about our offers, if they have not objected to this. The legal basis for this data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest is to conduct direct advertising (recital 47 GDPR). Customers can object to the use of their e-mail address for advertising purposes at any time without incurring additional costs, for example via the link at the end of each e-mail or by sending an e-mail to our above-mentioned e-mail address.
Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Subscription takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another clear action, whereby interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 para. p. 1 lit. a GDPR. Consent can be revoked at any time, e.g. by clicking the corresponding link in the newsletter or notifying our email address given above.
Based on the consent of the recipients (Art. 6 para. 1 s. 1 lit. a GDPR), we also measure the opening and click-through rate of our newsletters to understand what is relevant for our audience.
Our website stores information in the terminal equipment of website visitors (e.g. cookies) or accesses information that is already stored in the terminal equipment (e.g. IP addresses).
This storage and access is based on the following provisions:
The subsequent data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.
During the informative use of the website, i.e. when site visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
These data are:
This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.
Our website is hosted by Webflow. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. In doing so, the provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data in the USA. Further information can be found in the provider’s privacy policy at https://webflow.com/legal/eu-privacy-policy.
When contacting us via the contact form on our website, we store the data requested there and the content of the message. The legal basis for the processing is our legitimate interest in answering inquiries directed to us. The legal basis for the processing is therefore Art. 6 para. 1 s. 1 lit. f GDPR. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
We publish vacant positions on our website, on pages linked to the website or on third-party websites.
The processing of the data provided as part of the application is carried out for the purpose of implementing the application process. Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. GDPR in conjunction with Sec. 26 para. 1 of the German Data Protection Act (Bundesdatenschutzgesetz).
We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter.
If we enter into an employment relationship with the applicant following the application process, we delete the data only after the employment relationship has ended. Otherwise, we delete the data no later than six months after rejecting an applicant.
Site visitors can book appointments with us on our website. For this purpose, we process meta data or communication data in addition to the data entered. We have a legitimate interest in offering interested parties a user-friendly option for making appointments. Therefore, the legal basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR.
For the processing of payments, we use payment processors who are themselves data controllers within the meaning of Art. 4 No. 7 GDPR. Insofar as they receive data and payment data entered by us in the ordering process, we thereby fulfill the contract concluded with our customers (Art. 6 para. 1 s. 1 lit. b GDPR).
These payment processors are:
We use HubSpot for analytics, for marketing automation, to generate leads. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin. The provider processes usage data, meta/communication data, content data in the EU. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR. Further information: https://legal.hubspot.com/de/privacy-policy.
We use Google Analytics for analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data, meta/communication data in the USA. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://business.safety.google/privacy/.
We use Google Tag Manager for advertising, for analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://business.safety.google/privacy/.
We use Meta Pixel for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://www.facebook.com/policy.php.
We use YouTube Videos for videos on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://policies.google.com/privacy.
We use Adobe fonts for fonts on the website. The provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart Dublin 24., Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://www.adobe.com/privacy/policy.html.
We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://business.safety.google/privacy/.
We use Facebook Conversion API for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://www.facebook.com/policy.php.
We use Zoominfo as a database as a service, to identify opportunities. The provider is ZoomInfo, 805 Broadway, Suite 900, Vancouver, WA 98660, USA. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. Further information: https://www.zoominfo.com/about-zoominfo/privacy-policy.
We have integrated a data protection seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g. IP addresses) in the EU. The legal basis of the processing is Art. 6 para. 1 s. 1 lit. f GDPR. Further information: https://heydata.eu/en/privacy-policy.
We are represented in social media networks in order to present our organization and our services there. The operators of these networks regularly process their users’ data for advertising purposes.
We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php.
We maintain a profile on Instagram. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.
We maintain a profile on X. The operator is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here: https://twitter.com/de/privacy.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.
We reserve the right to change this privacy policy with effect for the future. A current version is always available here.
If you have any questions or comments regarding this privacy policy, please feel free to contact us.
Email: privacy@divecae.com
Last updated and Effective Date: April 29, 2026
