BetterBusiness Privacy Policy

Effective Date: 28.03.2025

1. Introduction & Data Controller

BetterBusiness GmbH (referred to as “BetterBusiness,” “we,” “us,” or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our services or visit our website, in compliance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also reflects requirements under the Privacy and Electronic Communications Regulations 2003 (PECR), particularly regarding cookies and similar technologies.

Data Controller: BetterBusiness GmbH

Registered Address: Tucholskystraße 13, 10117 Berlin, Germany

Contact Information: Phone: +49 30 629 393 46, Email: info@betterbusiness.com

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above. For UK users, you may also contact our UK representative (if applicable) or our Data Protection Officer (if one is appointed) at the same email address.

2. General Information on Data Collection and Use

We collect and process personal data about you when you interact with our website or use our services. Personal data means any information relating to an identified or identifiable natural person. This includes information you provide directly (for example, by filling out a contact form) and data generated by your use of our website.

Data You Provide: If you contact us or submit information through a form on our site (e.g. to request a quote or service), we will process the personal data you provide (such as your name, contact details, and any query details).

Data We Collect Automatically: When you use our website, we collect certain data automatically from your device. This may include your device’s IP address, browser type, operating system, referring URLs, pages viewed, access times, and other standard log information. We may also store or retrieve information on your device using cookies or similar technologies (see Section 4 on Cookies and Tracking below).

Purpose of Collection: We use this information to operate and improve our website and services, respond to your requests, and carry out the activities described in this Privacy Policy. We will only process personal data as necessary for specific purposes and on a lawful basis under UK GDPR (see Section 3 on Legal Bases).

We will explain in detail the specific data we collect in different scenarios, the purpose and legal basis for processing, any third-party recipients of the data, and how long the data is stored. We will also inform you about your rights regarding your personal data (see Section 8 on Your Rights) and our data retention practices (see Section 9 on Data Retention).

3. Lawful Bases for Processing Personal Data

Under the UK GDPR, we must have a valid lawful basis to process your personal data. Depending on how you interact with us, we process data under one or more of the following bases: contract necessity, legitimate interests, legal obligation, or consent. If no other legal permission applies, we will request your consent before processing your personal data. Below we describe the different scenarios of data collection and the corresponding legal bases and, if applicable, any third-party data sharing. a) When You Use Our Website Forms

If you submit your contact details or other information through forms on our website (for example, to request partner offers or price comparisons), we will process the data you enter to provide the requested service. This processing is necessary to take steps at your request prior to entering into a contract or to perform a contract (Article 6(1)(b) UK GDPR). It is also subject to our website’s Terms of Use.

Forwarding to Partners: If you request, for instance, a comparison of offers or a specific quote through our site, we will forward the details of your inquiry and your contact information to our relevant partners so they can provide you with a tailored quote or service proposal. This forwarding of data is also based on contractual necessity (Article 6(1)(b) UK GDPR) – it’s required to deliver the service you asked for. Our partners, upon receiving your data, become independent data controllers for your information and are responsible for informing you about how they process your data. They should provide you with their own privacy notice when they contact you.

b) Data Transfers for Lead Qualification

In some cases, our business customers include agencies or other intermediaries who work with multiple partner companies. If you submit your contact information on our website, we may also share your data with such agencies or intermediaries for the purpose of lead qualification. This means the agency or intermediary may contact you to gather additional details about you, your company, or your project needs before referring you to one of their partners for a final offer.

Purpose and Legal Basis: This data transfer is done to fulfill the contract or service you have requested (Article 6(1)(b) UK GDPR) and is also in our legitimate interests as well as the legitimate interests of the involved agencies, intermediaries, and partners (Article 6(1)(f) UK GDPR). The legitimate interest here is to ensure you receive the most suitable, well-matched offer for your business needs by doing a preliminary qualification.

Please note that the agencies or intermediaries will also be independent controllers of your data once they receive it, and they should inform you about any further processing they do.

c) When You Book Services or Contact Us via Phone/Live Chat

If you purchase a service from us or request a consultation (for example, if you engage us for advisory, programming, or design services), or if you reach out through our telephone support or live chat feature and provide personal data in the process, we will process your data to handle your request.

Purpose and Legal Basis: In these cases, processing is necessary for the performance of a contract or to take steps at your request before entering a contract (Article 6(1)(b) UK GDPR). Additionally, if you contact us with an inquiry (but not necessarily a contract yet), we may rely on our legitimate interest (Article 6(1)(f) UK GDPR) to respond to your questions and improve our services. It is in our mutual interest to use your data to answer your query effectively.

Data Storage in CRM: If needed to serve you or to follow up on your requests, we may store your information in our customer relationship management (CRM) system. This helps us manage ongoing communications and service delivery. Such data may be stored on our own servers or on systems provided by our service providers (see Section 6 for details on service providers). All storage and processing will remain in line with the original purposes and legal bases described above.

d) Note on Your Rights and Data Deletion:

We would like to highlight that you have certain rights regarding your personal data, including rights to access, correct, or delete your data, as described in Section 8 of this policy. You can also find information about how long we keep your data and when we delete it in Section 9 of this policy. We encourage you to review those sections for more details. If we ever intend to process your personal data for a purpose other than those stated at the time of collection, we will provide you with information on that new purpose and any other relevant information before we begin the new processing, and if necessary, seek your consent.

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as pixels or tags) to provide and enhance our services. This section explains what these technologies are, why we use them, and how you can manage your preferences. a) What Are Cookies and Pixels?

Cookies: Cookies are small text files that are stored on your device (computer, smartphone, tablet, etc.) when you visit a website. They can be used to remember your preferences, track activities, and improve your experience on the site. Some cookies are essential for the website to function properly, while others help us understand how you use the site or enable targeted advertising.

Pixels (Web Beacons): Pixels (also known as web beacons or tracking pixels) are small invisible images or snippets of code embedded on websites or emails. When you load a page or email with a pixel, it communicates with the server and can provide information such as whether an email was opened or a website was visited. Pixels often work in conjunction with cookies to collect data about website usage and user interactions.

When you first visit our site, we will inform you about our use of cookies and, where required by law, request your consent for non-essential cookies. Without your prior consent, we only use cookies and similar tools that are strictly necessary for the operation of the website or for providing a service you explicitly request (in accordance with Regulation 6 of the PECR). This means that, until you opt in, we will not set cookies that are used for analytics, marketing, or personalization. If these tools also process personal data, we ensure such processing complies with the UK GDPR. Your consent, when given, will apply to both the storage/retrieval of information on your device and the subsequent processing of personal data collected via those technologies. b) How Can I Manage or Disable Cookies?

You have the right to choose whether or not to accept cookies. Here are some ways you can manage cookies and similar technologies:

Browser Settings: Most web browsers allow you to control cookies through their settings preferences. For example, you can usually set browsers to block all cookies, accept only certain types, or delete cookies when you close your browser. Please note that if you disable or delete certain cookies, you might not be able to use all features of our website. Essential parts of the site might not function properly without cookies.

Cookie Banner/Tool: On our website, when you first visit, we provide a cookie notice or banner with options to accept or reject different categories of cookies (where applicable). You can adjust your preferences at any time by accessing our cookie settings link (typically found at the bottom of the page).

Opt-Out Links and Plugins: For certain analytics or advertising cookies (like Google Analytics), you can also opt out directly via special tools or links. For instance, Google provides a browser add-on to opt out of Google Analytics tracking (see Section 5(a) below for details). Similarly, you can use advertising industry opt-out sites (such as YourOnlineChoices or Network Advertising Initiative) to control cookies placed by participating ad networks.

Please remember that cookie preferences are often stored on a per-browser, per-device basis. If you use multiple devices or browsers, you should set your preferences on each. Also, if you clear your cookies, that action may remove the cookies that store your preferences (including opt-out cookies), so you would need to set them again. c) Types of Cookies and Their Purposes

Our website uses various types of cookies for different purposes:

Necessary Cookies: These cookies are essential for you to browse our website and use its features. Without these cookies, services you have asked for (such as navigating between pages or using a shopping cart) cannot be provided. We use necessary cookies without requiring consent, as they are needed for the site to function.

Analytics and Performance Cookies: These cookies collect information about how visitors use our website (for example, which pages are visited most often, or if visitors get error messages from certain pages). We use this information to improve how our website works and understand user interests. We will only set these cookies with your consent.

Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. For example, they might be used to remember your login details or personalize the content for you. These may be set by us or third-party providers whose services we’ve added to our pages. They will be enabled only with your consent where required.

Advertising and Targeting Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They may also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. They remember that you have visited a website and may track your browsing habits across different sites. We (and our advertising partners) will only use these cookies if you have given consent. If enabled, partners may combine information from these cookies with other information they hold about you to build a profile of your interests for targeted advertising.

d) Your Right to Object to Data Analysis

You can opt out of the use of certain cookies and tracking technologies that analyze your behavior on our website, even after you have initially consented. To object to analytics or performance tracking on our site, you can:

Change your cookie settings to disable analytics cookies (as described above).

Use specific opt-out mechanisms provided by the tools (see details in Section 5 for Google Analytics and others).

Click on our provided opt-out link (if available) that will disable analytics tracking on our site by setting an “opt-out” cookie.

For example, to opt out of Google Analytics specifically, you can install the Google Analytics Opt-out Browser Add-on provided by Google. To opt out of certain other trackers like Mouseflow (if we were to use it) or others, we will provide relevant links or options in the sections below or within our cookie management tool. Keep in mind, if you clear your cookies, any opt-out cookies may also be removed, so you would need to opt out again. We strive to honor your preferences and will not analyze your website usage if you have chosen to opt out or not given consent for such analysis.

5. Use of Specific Tools and Services

We use several third-party tools and services on our website to enhance functionality, analyze usage, protect our platform, and advertise our services. These tools may collect personal data and use cookies or similar technologies. Below, we describe each tool/service, what it does, what data is collected, and how it’s used. Each of these tools will only be activated in compliance with applicable laws (for example, obtaining your consent for analytics/advertising tools). Where these tools transfer data outside the UK, we ensure appropriate safeguards are in place (see Section 6 on data recipients and transfers). a) Google Analytics (including Universal Analytics)

Our website uses Google Analytics, a web analytics service provided by Google LLC (Google), to understand how visitors use our site. Google Analytics uses cookies and pixels (as explained in Section 4) to collect information about your use of the website (such as your IP address, pages visited, time spent on pages, and interactions with our site). This information is usually transmitted to Google servers in the United States and stored there.

Consent Basis: We only use Google Analytics with your consent. This means the Analytics cookies/pixels are not deployed unless you have allowed them via our cookie consent banner. Your consent is the legal basis for using Google Analytics (Article 6(1)(a) UK GDPR).

Purpose of Processing: The data collected via Google Analytics helps us analyze website traffic and user behavior. We use it to compile reports and improve our website’s content and functionality. It also helps us identify which marketing channels are effective. In some cases, we may use Analytics data for advertising/remarketing purposes, but only if you have consented to advertising cookies as well (Google may use the data to help serve our ads on other sites you visit, via its advertising network).

IP Anonymization: We have activated IP anonymization for Google Analytics on our website. This means Google will truncate/anonymize the last octet of your IP address within the UK or European Economic Area (EEA) before transferring it to the US. Only in exceptional cases will the full IP address be sent to Google in the US and shortened there. Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Universal Analytics and User ID: We also utilize Google’s Universal Analytics features, which can track user interactions across multiple devices using a unique user ID (pseudonymous identifier). This helps us understand cross-device behavior (for example, if you use a phone and a laptop) in a unified way, without directly identifying you personally. The user ID is not an obvious piece of personal data on its own (it doesn’t include your name or email), and we do not combine it with identifiable information.

Conversion Tracking via Google Analytics: If you click a link on our site that leads to one of our partner providers and later complete a contract or purchase with them, we might be able to know this through Google Analytics. To enable this, when you click an outbound partner link on our site, we assign a unique user ID to that click and send it to the provider’s site via the URL. If you finalize a contract on the provider’s site, we receive a notification in Google Analytics tied to that user ID, indicating a successful referral (a conversion). Legitimate Interest: We have a legitimate interest (Article 6(1)(f) UK GDPR) in tracking these conversions, because it allows us to receive proper compensation from partners for successful referrals. Importantly, beyond the user ID and conversion event, we do not receive any personal details about you or your contract from the partner through this mechanism. We cannot identify you from the user ID, and the partner does not share your personal data with us as part of this conversion tracking.

Data Transfers & Safeguards: Google LLC is based in the United States, which means your data may be transferred outside the UK/EEA. To protect your privacy, we have entered into the appropriate data protection agreements with Google, including the use of Standard Contractual Clauses (SCCs) as approved by the European Commission (and recognized under UK law), along with additional safeguards as needed. These measures are in place to ensure an adequate level of protection for your personal data, equivalent to UK/EU standards, when it is processed in the US.

Opt-Out Options: Even if you have initially consented to Google Analytics, you have the option to withdraw your consent or object to the processing at any time. You can do so by adjusting your cookie settings on our site to disable analytics cookies. Additionally, Google provides a browser plugin to prevent data from being used by Google Analytics on any website. You can download and install this plugin here: Google Analytics Opt-out Browser Add-on. Please note this must be installed on each browser you use if you want to fully opt out.

More Information: For further details on how Google handles user data in Google Analytics, you can review Google’s Privacy Policy: Google Privacy Policy. Google also provides information specifically about Google Analytics and privacy: Google Analytics Data Privacy and Security.

b) Meta Pixel (Facebook Conversion Tracking)

We use the Meta Pixel on our website for analytics and advertising purposes. The Meta Pixel is a service provided by Meta Platforms Ireland Ltd. (formerly Facebook Ireland Ltd.), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This tool helps us track conversions (actions people take on our website after interacting with our Facebook/Instagram ads) and build audiences for future ads (such as Custom Audiences).

Consent Basis: We only activate the Meta Pixel with your prior consent (Article 6(1)(a) UK GDPR). If you do not consent to marketing cookies, the Meta Pixel will not be loaded.

What Data is Collected: When enabled, the Meta Pixel may collect the following types of data from your visit to our site:

HTTP Headers & Technical Data: Information available in HTTP headers such as your IP address, web browser details, page location URL, referrer (the page you came from), and the date/time of your visit.

Pixel-specific Data: This includes a Pixel ID (identifies our Pixel) and Facebook cookies (which may contain your Facebook user ID if you are logged in to Facebook).

Button Click Data: Information about buttons or links you click on our website, the labels of those buttons, and the pages that were visited as a result of those clicks.

Form Field Names: If our website has forms, it can capture the names of form fields (e.g. a field named "email" or "address" was filled out). Important: We do not capture the actual text you enter into those form fields via the Pixel, unless you have explicitly allowed such data as part of an extended matching feature. By default, we do not send personal form content through the Pixel.

Custom Conversions Data: If we set up custom conversion events, the Pixel will track when those events occur (for example, visiting a specific “Thank You” page after a purchase). We might also send additional info for conversions (like a conversion value or type) if we configure it, but we ensure not to send personal identifiers without consent.

How the Data is Used by Us and Meta: The data collected via the Meta Pixel allows us to see when you take actions on our site after viewing or clicking one of our ads on Facebook/Instagram. This helps us measure ad effectiveness (analytics). We see aggregated reports in the Facebook Ads Manager and Facebook Events Manager about how our ads are performing. For example, we might see that X number of people visited a certain page or completed a form after seeing an ad. This information helps us refine our advertising. We can also use Pixel data to build Custom Audiences – groups of Facebook users who have taken certain actions (like visited our site), so that we can show them relevant ads or exclude them from certain ad campaigns. Additionally, using Pixel data, Meta’s systems can identify Lookalike Audiences, meaning they find other Facebook users who have similar characteristics to our site visitors, so we can reach new people who might be interested in our services. Meta may also use Pixel data to improve their advertising system overall.

Joint Controllership with Meta: For certain data processing activities through the Meta Pixel, we and Meta Platforms may be considered joint controllers under Article 26 UK GDPR. This joint responsibility specifically covers the collection and transmission of Pixel data and its matching to Facebook user accounts for ad targeting or analytics. We have entered into a Controller Addendum with Meta (sometimes called the “Facebook Business Tools Joint Controller Addendum”), which outlines each party’s responsibilities. Under this arrangement:

We are responsible for providing you with this notice about the data collection (which we are doing now).

Meta is primarily responsible for handling data subject rights requests regarding the personal data it holds after Pixel data is transmitted (for example, if you want to access or delete data Facebook holds, you would contact Facebook directly). However, you can also contact us with any questions or requests, and we will coordinate with Meta as needed.

Meta remains responsible for the security of its systems that store Pixel data and for compliance with all applicable laws for the data in its custody.

Data Transfer Outside UK: Meta Platforms Ireland may transfer the Pixel data to Meta Platforms, Inc. in the United States or other countries for processing. Meta is part of a global organization and has committed to processing data in compliance with European and UK data protection standards. Meta ensures that appropriate safeguards are in place for data transfers, such as relying on the European Commission’s Standard Contractual Clauses (as of the latest update in June 2021) or other legally recognized transfer mechanisms to ensure an adequate level of protection.

Your Choices: If you consented to the Meta Pixel but later wish to opt out, you can adjust your cookie settings on our website to disable the Pixel. Additionally, you can control how Facebook and Instagram show you ads by adjusting your ad preferences in your Facebook user account. Facebook provides a Privacy Center where you can review and manage your data usage: see Facebook Privacy Center for more information, including how to opt out of targeted ads or exercise your rights with respect to data held by Meta. You can also use browser content blockers or plugins to block Facebook scripts and cookies, though this may affect the functionality of our site if you choose to log in via Facebook or use other Facebook features on our site.

c) LinkedIn Insight Tag (LinkedIn Conversion Tracking)

Our website uses the LinkedIn Insight Tag, a tracking technology provided by LinkedIn Corporation (for users in the EU and UK, the service is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). We utilize this service for conversion tracking and to gather insights about our website visitors who may have interacted with our LinkedIn content or advertisements.

Consent Basis: The LinkedIn Insight Tag is only activated on our site if you have given consent to analytics/marketing cookies (Article 6(1)(a) UK GDPR). Without your consent, the tag will not collect or transmit data.

How It Works: The LinkedIn Insight Tag is a small piece of JavaScript code embedded in our website. When enabled, it places a cookie on your browser that allows LinkedIn to collect certain information about your visit for analytics purposes. The types of data collected include:

Website Metadata: URL of the page you visited, timestamp of the visit, and other standard web meta information (referrer URL, etc.).

IP Address: Your IP address is collected, but LinkedIn either truncates or hashes it within a short time (typically within seven days) to pseudonymize the data. The hashed or shortened IP helps determine approximate location but is not used to identify you directly.

Device and Browser Info: Information such as your device type, operating system, browser version (user agent), and possibly device identifiers if available.

LinkedIn User Status: Whether you are a LinkedIn member. (If you are logged into LinkedIn, LinkedIn can associate your visit with your LinkedIn profile. However, we do not see any personal information from your LinkedIn profile; we only see aggregated reports.)

Data Uses: LinkedIn uses the Insight Tag data to provide us with analytics reports about our website audience and the performance of our LinkedIn ads. For example, we receive reports on website demographics (in aggregate form) such as job title, industry, seniority, company size, and location of our site visitors if those visitors are LinkedIn members. These reports help us understand the professional characteristics of those interested in our content, so we can tailor our marketing efforts. We also receive notification of conversions – for instance, if someone who saw or clicked a LinkedIn ad later performs a key action on our site (like filling a form), LinkedIn can report that to us (without identifying the person).

No Direct Personal Data to Us: Importantly, we do not receive personal data like names or email addresses from LinkedIn through this integration. We only see aggregated and anonymized data. LinkedIn members’ personal identities remain anonymous to us. We can simply discern patterns (e.g., “X% of converters were in the Financial Services industry” or “We got Y form fills from our LinkedIn Ad Campaign”).

Retargeting and Ad Optimization: The LinkedIn Insight Tag also allows us to retarget visitors with LinkedIn ads. Using the tag, we can create Matched Audiences on LinkedIn – for example, we might target an ad to people who visited our site within the last 90 days. We can also use it to exclude our site visitors from seeing certain ads (if, say, they’ve already signed up for our service). Additionally, LinkedIn may use Insight Tag data to improve their ad targeting algorithms. If you’re a LinkedIn member, you might see our advertisements when you visit LinkedIn if the Insight Tag indicates you visited our site. These ads might be personalized to you based on your site visit combined with LinkedIn’s own data. If you use multiple devices and you’re logged into LinkedIn on those, the Insight Tag can help provide a seamless experience (ads or tracking across your devices).

Data Sharing and Transfers: The data collected via the Insight Tag is transmitted to LinkedIn. LinkedIn might process this data in the US or other countries outside the UK. LinkedIn assures that all such transfers comply with applicable data protection laws. They have standard contractual clauses in place and other measures to guarantee that your data is protected to a standard equivalent to UK/EU law. LinkedIn will delete or anonymize (pseudonymize) the personal data (like direct identifiers) within 7 days, and will delete the remaining pseudonymized data within 180 days.

Your Choices: If you want to opt out of LinkedIn Insight Tag data collection on our site, you can withdraw your consent for marketing cookies at any time (through our cookie settings). Additionally, LinkedIn members can control the use of their personal data for advertising purposes through their LinkedIn account settings. LinkedIn’s privacy policy and settings (see LinkedIn Privacy Policy) explain how you can manage ad preferences, including opting out of LinkedIn’s tracking or targeted ads. Non-members can opt out of cookies from LinkedIn and other companies via browser settings or tools like the WebChoices opt-out platform. Because we rely on your consent, disabling the cookies will stop the data transfer via the Insight Tag.

d) Google reCAPTCHA v3

To protect our website from spam and abuse (particularly from automated bots), we implement Google reCAPTCHA v3 on certain forms and pages. reCAPTCHA v3 is a service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) for users in Europe, and by Google LLC in the USA. This tool helps us verify that input (such as form submissions) is made by a human and not an automated program.

Why We Use reCAPTCHA: It is in our legitimate interest (Article 6(1)(f) UK GDPR) – and indeed our duty to protect our service – to ensure our website is not overwhelmed by bots or abusive activities. Some data protection authorities (like in certain EU jurisdictions) even consider it an obligation to use anti-bot measures to maintain service security and availability. Without a tool like reCAPTCHA, our forms could be misused, impacting service for real users. However, because reCAPTCHA v3 potentially collects personal data and interacts with Google’s systems, we will obtain your consent if required (for example, if reCAPTCHA is considered more than strictly necessary, we might treat it as requiring consent via our cookie banner). We run reCAPTCHA primarily under legitimate interest for security, but we want to be transparent about its operation.

How reCAPTCHA v3 Works: Unlike earlier versions of CAPTCHA, reCAPTCHA v3 runs mostly in the background. You typically will not see challenge questions or image selections. Instead, it quietly analyzes your behavior on our site to determine if you appear to be a human user. reCAPTCHA v3 assigns a “score” to interactions – a low score means the activity looks suspicious (like a bot), and a high score means it appears legitimate. We set a threshold for these scores to decide when to prompt further verification. Only if the system is unsure (score below our threshold) might you later receive an additional challenge (like a traditional CAPTCHA) to prove you’re not a bot.

Data Collected by reCAPTCHA: To make its determination, reCAPTCHA v3 may collect hardware and software information, such as device and application data, and send it to Google for analysis. This includes:

User behavior data: Movements of your mouse on the page, keystroke patterns (e.g., how you type), and any touch events if on a mobile device.

Technical information: Browser and device information (like browser plugins installed, browser language, device OS and model, screen resolution, etc.), the presence of any Google cookies on your browser (to see if the browser has a Google account cookie that indicates a human user), and possibly a snapshot of the browser window at that moment.

IP Address: Your IP address is also sent as part of the request. If you are logged into your Google account at the time of visiting our site, Google may detect that and take it into account (Google’s privacy policy would apply to any such Google account data usage).

Use of Data: Google uses this information to deliver to us an assessment of whether the interaction was likely from a human. We get from Google a score or result (and possibly some diagnostic information) but we do not see the specific data points like your keystrokes or device details – those are used by Google’s algorithm behind the scenes. We simply act on the result (for example, allowing submission if it’s likely human, or blocking/challenging if suspected bot). The data collected through reCAPTCHA is also used by Google to further train and improve their CAPTCHA and general security systems. According to Google, information collected in the context of reCAPTCHA will be used for providing, maintaining, and improving reCAPTCHA and for general security purposes. It will not be used by Google for personalized advertising.

Data Transfers & Safeguards: Using reCAPTCHA involves data transfer to Google. Google may process the reCAPTCHA data on servers located outside the UK (for example, in the EU or in the USA). Google has assured that it will handle any such data transfers in compliance with data protection requirements. Google, as noted earlier, relies on Standard Contractual Clauses and other measures as needed to lawfully transfer data internationally and safeguard it.

Your Choices: reCAPTCHA is considered a security measure. Thus, there is no direct opt-out mechanism for reCAPTCHA, because it must run to block bots. However, it typically runs only when you attempt to submit a form or perform some action that needs verification. By using our site, you acknowledge that this security check is in place. If you do not want any data to be collected by reCAPTCHA, your option would be not to use those parts of our site (e.g., avoid submitting the form). We only use reCAPTCHA when truly necessary for protection. If you have concerns about reCAPTCHA, please contact us through an alternative method (for example, via email or telephone) so we can assist you.

More Information: For more details, you can visit Google’s privacy policy here: Google Privacy Policy. Google’s terms of service for reCAPTCHA can be found here: Google reCAPTCHA Terms. These will give additional insight into how Google handles data within reCAPTCHA.

e) Other Tools and Technologies

We continuously improve our website and may introduce new tools or services. If we implement any other technology that processes personal data (for example, a new analytics service, chat support tool, or marketing platform), we will update this Privacy Policy accordingly and, if necessary, seek your consent. Below are some additional tools/technologies we currently use or may use, along with relevant privacy information:

SalesViewer® Technology: We use SalesViewer® (a tool provided by SalesViewer® GmbH) for B2B marketing and market research purposes. This technology is used based on our legitimate interests (Article 6(1)(f) UK GDPR) in understanding and optimizing how companies interact with our website. SalesViewer® employs a JavaScript-based code on our site that collects business-related data about visitors. This means it aims to identify the company (not individual person) of a website visitor, which can help us know which organizations are interested in our services. The data collected through SalesViewer® is first hashed using a one-way encryption function (meaning it’s converted into an irreversible code). Immediately after collection, the data is pseudonymized, and it is not used to personally identify individual visitors. We cannot, through SalesViewer®, determine an individual’s identity; we might only see that someone from XYZ Corporation visited our site, for example. Data collected via SalesViewer® is deleted as soon as it’s no longer needed for its purpose, and it won’t be kept if there’s a legal requirement to delete it. Opt-Out: You can object to the collection and storage of your data by SalesViewer® at any time with effect for the future. To do so, please click on the following opt-out link: Deactivate SalesViewer® Tracking. By clicking this link, an opt-out cookie will be placed on your device, preventing SalesViewer® from collecting your data on this website going forward. If you clear your cookies, you will need to click the opt-out link again to re-establish the opt-out.

[Any other specific tool]: (If applicable, include a brief description of any other relevant service or plugin, e.g., a live chat service provider, social media widgets, etc., and their privacy implications. For example: We embed YouTube videos on our site. YouTube is operated by Google, and when you play a video, YouTube may set tracking cookies and register your view. This is done under YouTube’s privacy policy. We endeavor to use privacy-enhanced mode for YouTube embeds to limit tracking.)

We ensure that all third-party tools we use are assessed for privacy impact and that appropriate data protection agreements (such as Data Processing Addendums or Standard Contractual Clauses) are in place when those providers handle personal data on our behalf or receive personal data from us.

6. Categories of Data Recipients & International Data Transfers

We treat your personal data with care and confidentiality. In general, we will not disclose your personal data to third parties unless it is necessary to fulfill a contract with you, you have given consent, we have a legitimate interest that is not overridden by your rights, or we are legally required to do so. This section outlines who may receive your data and under what circumstances, especially highlighting our service providers (processors) and any international data transfers. a) Service Providers (Data Processors)

We employ various trusted service providers to perform functions and provide services to us (and to you on our behalf). These third parties process your data only under our instructions and are contractually bound to protect it (as required by Article 28 UK GDPR). Examples of tasks we rely on service providers for include: hosting our website, maintaining our IT systems, sending out newsletters or emails, analytics, advertising, and customer relationship management. We carefully select these providers and ensure they have appropriate technical and organizational measures to safeguard your data. Some key service providers who may process personal data collected through our website include:

Unbounce Marketing Solutions Inc. (Canada): Provides landing page and marketing tools which we use for creating web forms or promotional pages. (Canada is recognized for providing an adequate level of data protection by the UK, and any data transfers to Unbounce in Canada are thus permitted.)

Typeform S.L. (Spain): Supplies online form and survey services. If you fill out a Typeform form embedded on our site, your responses are processed by Typeform on our behalf. (Spain is within the EEA, and we have EU-approved terms with Typeform to protect data.)

Pipedrive OÜ (Estonia): A customer relationship management (CRM) system we use to manage leads and inquiries. When you submit a form or request, your contact information may be stored in Pipedrive so we can follow up. (Estonia is within the EEA, covered by GDPR.)

ActiveCampaign, Inc. (USA): An email marketing and automation platform. We might use ActiveCampaign to send newsletters or automated emails (for example, confirmation emails when you sign up). If you subscribe to our communications, your email address and relevant data may be stored in ActiveCampaign. (Data may be transferred to the USA; we have Standard Contractual Clauses and a Data Processing Agreement in place with ActiveCampaign.)

Google LLC (USA): We use various Google services (Google Analytics, Google Ads, Google reCAPTCHA, etc., as detailed in Section 5). Google may process data (like Analytics or ad cookies) on servers outside the UK. (We rely on appropriate safeguards like SCCs for these transfers.)

Microsoft Corporation (USA): We may use Microsoft services (e.g., Microsoft Azure cloud hosting, or Microsoft’s Clarity analytics, etc.). If any personal data is processed by Microsoft for us, similar safeguards via standard clauses are used.

Slack Technologies, LLC (USA): Internal communication tool where team discussions (possibly including client names or contact info) might occur. Slack data may be stored in the US, but Slack is under strict contractual commitments for privacy.

Zapier Inc. (USA): An integration tool that helps connect different applications. For example, if you fill out a form, Zapier might transfer that data from our website to our CRM or email system. Zapier will process data temporarily to relay it, under a Data Processing Agreement with us.

Amazon Web Services, Inc. (USA): We use AWS for some hosting and storage needs. AWS data centers may be worldwide; we typically use EU/UK regions, but backups or redundancy might involve other regions. AWS is a certified provider with strong security, and we have agreements including SCCs for any cross-border data flows.

SlideVision GmbH (Germany): A German-based service provider (the specifics of SlideVision’s service might include data visualization or analytics tools). As a company in Germany, SlideVision is within the EU/EEA and bound by GDPR in its processing.

Each of these providers will only receive the data necessary for their specific function. They are prohibited from using your data for their own purposes and must delete or return the data once the service is completed or upon our instruction. b) Other Third-Party Recipients

Apart from our processors, there are scenarios where we might share data with other third parties:

Partner Companies for Requested Services: As noted in Section 3(a) and 3(b), if you request a quote or service that involves our partners, we will forward your inquiry and contact details to those partners. These partners then independently handle your data as separate controllers under their own privacy policies. We will only do this with partners relevant to your request and only to the extent necessary to fulfill your request.

Legal and Regulatory Requirements: If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, an official request (e.g., from law enforcement or regulatory authority), or to enforce/apply our terms of use or other agreements, we may do so. This could include exchanging information with public authorities or regulators (including courts and law enforcement) when required by law.

Business Transfers: If BetterBusiness undergoes a business transaction such as a merger, acquisition by another company, or sale of all or part of its assets, your personal data may be transferred to the new owner or successor entity as part of that transaction. In such cases, we will ensure the confidentiality of your personal data is maintained and you are informed before your personal data becomes subject to a different privacy policy.

Joint Controllers: In cases of joint data processing (like our relationship with Meta for the Meta Pixel under a joint controllership – see Section 5(b)), the other party (Meta, in that case) will also be a recipient of some data. We have agreements in place defining responsibilities in those scenarios.

We do not sell your personal data to third-party companies for their independent marketing purposes. c) International Data Transfers

BetterBusiness is based in Germany and our primary operations are in the EU. However, as shown above, we use services and have partners located in various countries. If we transfer personal data outside of the United Kingdom (or the European Economic Area) – for example, to the United States or other countries – we will ensure that adequate safeguards are in place to protect your information as required by the UK GDPR. Some of the safeguards we rely on include:

Adequacy Decisions: Some countries have been officially recognized by the UK government as providing adequate data protection (for example, countries in the European Economic Area, Canada for certain types of data, Japan, etc.). When we send data to such countries, we rely on these adequacy regulations.

Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States currently), we use standard data protection clauses approved by the European Commission and adopted by the UK, or the UK’s International Data Transfer Agreement (IDTA) where appropriate. These contracts impose data protection obligations on the recipient, ensuring your data remains protected.

Additional Technical Measures: In some cases, we may implement extra protections like encryption and strict access controls when data is stored or processed in a third country, reducing the likelihood of any unauthorized access.

Binding Corporate Rules and Certifications: If any of our service providers have Binding Corporate Rules (BCRs) or certifications under approved schemes (like the EU-US Privacy Shield framework in the past, or its successor arrangements, if applicable under UK law), we may rely on those. (Note: Privacy Shield was invalidated for EU-U.S. transfers and the UK doesn’t use it either; we mention it for completeness in case a new framework is in place.)

You can request more information about the specific safeguards applied to your personal data when it is exported outside the UK/EEA (for example, a copy of the relevant contractual commitments). To do this, please contact us using the contact details provided in Section 1. We will refuse any requests for data by foreign authorities that are not legally binding. All our service providers are required to notify us if they receive any government request for data that conflicts with our terms or could compromise user privacy, so we can take appropriate action.

7. Data Security and Encryption

We take the security of your personal data very seriously. We employ a range of technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

SSL/TLS Encryption: Any time you submit personal information through our website (for example, through contact forms or account login pages), that transmission is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. You can usually see a padlock icon in your browser’s address bar and “https://” at the beginning of the URL, indicating an encrypted connection. Encryption ensures that data is scrambled during transit so that even if it were intercepted, it would be unreadable to unauthorized parties.

Access Controls: Our systems and databases that store personal data are protected by access controls. Only authorized personnel with a legitimate need to access your information (for example, to perform their job duties) are allowed to do so. Employees are trained on data protection and are bound by confidentiality obligations.

Secure Hosting: We host our website and data with reputable providers that employ state-of-the-art security measures (firewalls, intrusion detection systems, etc.). Regular backups are performed to prevent data loss, and strong physical security measures protect data centers.

Data Minimization: We follow the principle of data minimization – we only collect and retain the personal data that is necessary for the purposes stated. If we don’t need certain information, we don’t collect it. And if we only need summary information, we anonymize or pseudonymize personal data where feasible.

Technical Measures: We keep our software and systems up to date with the latest security patches. We use antivirus solutions and monitor for unusual activity. In areas of the site where you enter information, we may use additional security measures (like reCAPTCHA mentioned above) to prevent malicious exploitation.

Organizational Measures: We have internal policies and procedures for handling personal data safely. We limit printing or local downloading of personal data. We require our service providers to demonstrate strong security practices as well. In the event of a suspected data breach, we have a response plan to contain and investigate the incident, and we will notify you and authorities as required by law.

Despite all measures, please note that no website or Internet transmission is completely secure. However, we strive to protect your data to the best of our ability. You also play a role in security: remember that any login credentials (if applicable) should be kept confidential. Do not share your account password and be cautious when using public computers or networks. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel your account has been compromised or there is a vulnerability on our site), please contact us immediately so we can take appropriate action.

8. Your Rights as a Data Subject

Under UK data protection law, you have specific rights regarding your personal data. We want to make sure you are fully aware of all your options and rights in relation to the data we hold about you. You can exercise these rights at any time by contacting us (see Section 1 for contact details). These rights include: a) Right of Access (Subject Access Request) – You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If we are, you can request a copy of that data, along with supplementary information such as the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom data has been or will be disclosed, the expected retention period, and the safeguards for data transferred outside the UK. We will provide you with a copy of your personal data undergoing processing free of charge. For any further copies requested, we may charge a reasonable fee based on administrative costs. (This right is in line with Article 15 UK GDPR.) b) Right to Rectification – If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. (Article 16 UK GDPR.) c) Right to Erasure (Right to be Forgotten) – You have the right to request that we delete your personal data. We will comply without undue delay in certain circumstances, for example if the data is no longer necessary for the purposes it was collected, you withdraw consent (and no other legal basis applies), you object to processing and we have no overriding legitimate grounds, or if the data was unlawfully processed. Note that this right is not absolute – sometimes we must retain certain information to comply with legal obligations or to establish, exercise, or defend legal claims. (Article 17 UK GDPR.) d) Right to Restriction of Processing – You can ask us to restrict (i.e., suspend) the processing of your personal data in certain cases: if you contest the accuracy of the data (until we verify it), if the processing is unlawful but you prefer restriction to deletion, if we no longer need the data but you need it for a legal claim, or if you have objected to our processing (pending verification of overriding grounds). When processing is restricted, we will store your data but not use it, except potentially to establish or defend legal claims, or as needed to protect the rights of others, etc. (Article 18 UK GDPR.) e) Right to Data Portability – Where we process your personal data based on your consent or a contract, and the processing is carried out by automated means, you have the right to obtain the personal data you provided to us in a structured, commonly used, machine-readable format (for example, CSV or JSON file). You also have the right to request that we transmit that data to another controller, if technically feasible. This right allows you to move, copy, or transfer your data easily between our IT environment and anothers securely. (Article 20 UK GDPR.) f) Right to Object – You have the right to object to our processing of your personal data in certain circumstances:

Objection on Grounds of Your Situation: When we process data based on legitimate interests (Article 6(1)(f) UK GDPR) or public interest/official authority (Article 6(1)(e)), you can object at any time if you have reasons relating to your particular situation. If you object, we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is for the establishment, exercise, or defense of legal claims. For example, if we process your data for our legitimate interest in direct communication, and you have a special reason to object, we would review that and likely cease processing unless we have a very strong justification.

Objection to Direct Marketing: Importantly, if your personal data are processed for direct marketing purposes, you have the absolute right to object at any time to processing of your data for such marketing. This includes any profiling related to direct marketing. If you object, we will immediately cease using your data for direct marketing purposes. This is a specific, unconditional right provided by Article 21(2) UK GDPR. For example, if you no longer wish to receive our newsletter or marketing emails, you can opt out at any time and we will stop sending them. Every marketing email we send will include an unsubscribe link for your convenience.

g) Right to Withdraw Consent – If we rely on your consent for any processing of your personal data (see particularly Sections 4 and 5 where certain cookies or tools require consent), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent, we will stop the specific processing that was based on consent (for example, stop using a marketing cookie or stop sending a newsletter), unless we have another lawful basis to continue (which we would inform you about). It’s as easy to withdraw consent as it is to give it – for instance, you can adjust cookie settings on our site to revoke consent, or click “unsubscribe” in an email, or contact us directly. h) Right to Lodge a Complaint – If you believe we have not complied with your data protection rights or applicable privacy laws, you have the right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO at any time about our data processing activities:

Website: https://ico.org.uk/make-a-complaint/

Telephone: +44 303 123 1113

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

If you are located in another country (for example, in the EU or EEA), you may alternatively contact your local data protection authority. However, as we mainly handle data under UK law for UK users in this context, the ICO is likely the appropriate authority. We kindly ask that you attempt to resolve any issues with us first by contacting us. We take your rights seriously and will do our best to address your concerns. We will respond to any legitimate request relating to your rights as soon as possible, and at least within one month of receipt (we can extend this by two further months if necessary, considering the complexity and number of requests, but we will inform you if an extension is needed).

9. Data Retention and Deletion

We will not keep your personal data for longer than is necessary for the purposes for which it is processed, unless we are required by law to retain it for a longer period. How long we keep data varies depending on the type of information and the purpose of processing. In general:

Operational and Inquiry Data: If you contact us or submit a form but do not enter into a contract with us, we will retain your data for as long as is necessary to respond to you and possibly re-contact you regarding your inquiry. If there is no further interaction, we typically delete or anonymize inquiry data after a reasonable period (for example, 24 months after our last interaction with you) to ensure we don’t keep outdated information, provided there are no legal requirements to retain it longer.

Contractual Data: If you become a customer or client and engage our services, we will retain your personal data for the duration of the contract and thereafter as long as required by law or as necessary for legitimate business purposes. For instance, UK law may require us to keep certain transactional records for six years for tax and accounting purposes. We will keep essential information for that period. Data that is no longer needed for any legitimate purpose will be deleted or anonymized.

Marketing Data: If you have consented to receive marketing communications, we will retain your contact details and preferences until you opt out or withdraw consent. If you unsubscribe or object to marketing, we may keep your contact information on a suppression list indefinitely to ensure we honor your no-contact request.

Web Analytics Data: Analytics data collected via cookies is typically retained as long as necessary for analysis. For example, Google Analytics data is retained for a certain period (often 14, 26, or 38 months, depending on our settings) before being automatically deleted. We configure such tools to not retain data indefinitely. Aggregated data (that cannot identify you) may be kept longer for statistical purposes.

Log Files: Our web server logs (see Section 4 on automatic data collection) are generally kept for a short period (a few weeks to a few months) for security, troubleshooting, and analysis, and then routinely deleted or anonymized. We might keep security-related logs longer if investigating suspicious activity.

CRM Data: If we have stored your data in our CRM (customer relationship management) system following an inquiry or service, and you do not become or remain an active customer, we will periodically review and purge data. As noted, we might remove contact data that has been inactive for over 2 years, unless we have a reason to keep it (such as ongoing sales discussions or you requested to be kept on a mailing list).

Cookies: Cookie lifetimes vary. Some cookies (like session cookies) are erased when you close your browser. Others (like persistent cookies for preferences or tracking) remain on your device until they expire or you delete them. We set cookies to expire according to what is necessary for their function – for example, an opt-out cookie might be set to remain for several years. You can also clear cookies at any time manually (which will remove those stored on your browser).

After the applicable retention period has ended, we will either delete your personal data or anonymize it (so that it can no longer be associated with you) in a secure manner. For example, we might aggregate data so it’s no longer tied to personal identifiers and use that for business analytics without further notice. If there are any specific retention periods mandated by law (such as retaining contract information for warranty or statutory limitation periods, or retaining invoicing data for the required financial record-keeping duration), we adhere to those laws and securely archive the data for the required time. Deletion Process: When data is due for deletion, we ensure it is securely and completely removed from our active systems. We may also request our processors (service providers) to delete data they hold on our behalf once it’s no longer needed. Note that backup copies might exist for a short time until they are also rotated out, but we have measures to ensure that even in backups, data is not easily accessible and is deleted as soon as reasonably possible.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make significant changes, we will notify you by appropriate means – for example, by posting a prominent notice on our website or, if the changes are material and we have your contact information, by contacting you directly (e.g., via email) to inform you. The “Effective Date” at the top of this policy indicates when the current version came into force. Previous versions of our Privacy Policy may be obtained by contacting us. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our services or website after any modification to this Privacy Policy will constitute your acceptance of such change, to the extent permitted by law.