Privacy Policy
How we protect your data
Last updated: November 2025
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.
How do we collect your data?
We do not collect personal data when you visit our website for informational purposes only. The use of the website is possible without providing personal data. However, with each access to the website, technical data is collected by our hosting provider (Railway). This data is used exclusively for the operation and security of the website and includes, for example, IP addresses, browser type and version, and other technical parameters. However, this data is not suitable for identifying individuals.
Log data retention: Server logs (including IP addresses) collected by Railway are stored for a maximum of 30 days and then automatically deleted. Processing is based on our legitimate interest in the technical security and functionality of the website (Art. 6 para. 1 lit. f GDPR).
What do we use your data for?
The technical data collected by the hosting provider (Railway) is used to provide and securely operate the website.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future.
SSL/TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
2. Hosting
External Hosting
This website is hosted by external service providers. The personal data collected on this website (e.g., IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other generated data) are stored on the servers of
Railway Inc., 548 Market St #73394, San Francisco, CA 94104, USA (Server location: Amsterdam, Netherlands)
The use of this service provider is based on: • Fulfilling our contractual obligations to potential and existing customers (Art. 6 para. 1 lit. b GDPR) and • Our legitimate interest in a secure, fast and efficient provision of our online offer by professional providers (Art. 6 para. 1 lit. f GDPR).
We have concluded a data processing agreement pursuant to Art. 28 GDPR with Railway Inc. Railway processes your data only in accordance with our instructions and takes appropriate technical and organizational measures to protect your data. The Data Processing Agreement and the provider's privacy policy can be found here:
Railway: https://railway.app/legal/privacy3. General Information and Mandatory Disclosures
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, no personal data is collected unless you contact us via the provided contact options (e.g., by email).
Notice on the Responsible Party
The responsible party for data processing on this website is:
20Seven Ventures UG (haftungsbeschränkt)
Holzbauerstr. 2
86911 Dießen am Ammersee
E-Mail: contact@borealyn.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
4. Data Collection on This Website
Cookies
We use cookies and similar technologies on this website. When you first visit our website, you will be asked for your consent via a cookie banner. You can revoke or adjust your consent at any time via the cookie settings.
Cookie Categories:
- Necessary cookies: These cookies are required for the basic functions of the website and cannot be disabled.
- Functional cookies: Enable extended functions and personalization (only after consent).
- Analytics cookies: Help us understand how visitors interact with our website (only after consent).
- Marketing cookies: Used for personalizing content and for marketing purposes (only after consent).
You can disable tracking at any time by deactivating the "Analytics" and "Marketing" categories in the cookie settings.
Web Analytics (Umami)
We use Umami, a privacy-focused web analytics service, to understand how visitors interact with our website.
What data is collected?
Pages visited and time spent, Referrer (where you came from), Technical information: Browser, operating system, screen resolution, Country (based on anonymized IP)
The data is used to improve our website and understand user behavior.
Processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw consent at any time via the cookie settings.
Umami is self-hosted on Railway Inc. (Server location: Amsterdam, Netherlands). Umami is designed to be privacy-friendly and does not use cookies for tracking.
Analytics data is stored for a maximum of 24 months.
Umami Privacy Policy: https://umami.is/privacyMarketing Automation (Mautic)
We use Mautic, a self-hosted open-source marketing automation platform, to analyze user behavior and optimize our marketing activities.
What data is collected?
Pages visited and time spent, Referrer (where you came from), Technical information: Browser, operating system, screen resolution, Anonymized IP address (last octets are removed), When identified via email links: Email address and associated activities
Purpose
Analysis of user behavior to improve our website, Personalization of content and marketing measures, Success measurement of marketing campaigns
Processing is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw consent at any time via the cookie settings.
Hosting & Privacy Measures
System: Mautic (Open Source Marketing Automation), Hosting: Self-hosted on Railway Inc., Server location: Amsterdam, Netherlands (EU), IP anonymization: Enabled (last octets are removed)
The collected data is stored for a maximum of 24 months. Anonymized, aggregated data may be kept longer.
You can disable tracking at any time by deactivating the "Analytics" and "Marketing" categories in the cookie settings. Already collected data can be deleted upon request to contact@borealyn.com.
Inquiries by Email
When you contact us by email, your inquiry and all personal data contained therein (e.g., name, email address) will be stored and processed for the purpose of handling your inquiry. This data will not be passed on to third parties unless there is a legal obligation to do so.
Processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).
The data you send to us will remain with us until you request deletion or the purpose for data storage no longer applies (e.g., after your inquiry has been processed).
5. Your Rights as a Data Subject
You have the following rights regarding your personal data:
Right to Access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and to further information (e.g., processing purposes, categories of personal data, recipients).
Right to Rectification (Art. 16 GDPR)
You have the right to request immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
Right to Erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted immediately if one of the legally prescribed reasons applies and insofar as the processing is not necessary.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the legal requirements is met (e.g., accuracy of the data is contested).
Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.
Right to Object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. f GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Withdrawal of Consent (Art. 7 para. 3 GDPR)
If the processing of your personal data is based on consent you have given, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the withdrawal is not affected.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
The supervisory authority responsible for us is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach Phone: 0981 180093-0 Email: poststelle@lda.bayern.de Website: https://www.lda.bayern.de
Contact for Data Protection Inquiries
To exercise your rights or if you have questions about data protection, you can contact us at any time: Email: contact@borealyn.com Address: 20Seven Ventures UG (haftungsbeschränkt), Holzbauerstr. 2, 86911 Dießen am Ammersee