Last edited: 15-01-2026
Who we are
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
yasp.ai GmbH
Auf der Linge 37
79112 Freiburg
Germany
+49 1512 3508924
contact@yasp.ai
https://yasp.ai/
Contacting the Data Protection Officer
The Data Protection Officer of the controller is:
DataCo GmbH
Sandstraße 33
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de
On this page, we inform you about the processing of your personal data on the website.
How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data when we have a legitimate purpose and a legal basis for doing so.
What do we mean by legal basis?
Consent (Art. 6(1) sentence 1 lit. a GDPR)
You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. Further information on how to withdraw your consent can be found in the subsection “Exercise of your rights” in the following sections of this privacy policy.
Contract (Art. 6(1) sentence 1 lit. b GDPR)
We need to use your data to perform a contract you have entered into with us. Alternatively, it may be necessary to use your data because we have asked you to do so or because you have taken certain steps yourself before entering into this contract.
Legal obligation (Art. 6(1) sentence 1 lit. c GDPR)
We must use your data to comply with the law.
Vital interests (Art. 6(1) sentence 1 lit. d GDPR)
Processing of your data is necessary to protect your vital interests or those of another person, for example to protect you from serious physical harm.
Public task (Art. 6(1) sentence 1 lit. e GDPR)
Processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for example a statutory function.
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR)
Processing of your data is necessary for the purposes of the legitimate interests pursued by us or a third party, provided that your interests do not override those interests.
Please note that we may not be able to provide you with our website services if your data is processed to fulfill a contract or a legal obligation and you do not provide the requested data.
Data sharing and international transfers
As explained in this privacy policy, we use various service providers who support us in providing our services and ensuring the security of your data. When we use these service providers, it is necessary to share your personal data with them.
We have concluded agreements with all service providers to whom we transfer your data, obligating them to protect your data.
If your personal data is transferred outside the EU, we ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an “adequate” level of data protection as determined by the European Commission, or by applying another safeguard, such as the Standard Contractual Clauses (SCCs) adopted by the European Commission.
If, for example, we use U.S. service providers, we rely—depending on the provider—either on the SCCs or the EU–U.S. Data Privacy Framework. You may request a copy of the SCCs we have concluded with our service providers by sending an email to the email address provided in this privacy policy.
Your rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access such personal data and to the following information:
purposes of processing
categories of personal data
recipients or categories of recipients
planned duration of storage or criteria used to determine that period
existence of the rights to rectification, erasure, restriction of processing, or objection
right to lodge a complaint with the competent supervisory authority
where applicable, the source of the data (if collected from a third party)
where applicable, automated decision-making, including profiling, with meaningful information about the logic involved, the significance, and the envisaged consequences
where applicable, transfer of personal data to a third country or an international organization
2. Right to rectification (Art. 16 GDPR)
If your personal data is inaccurate or incomplete, you have the right to request the immediate correction or completion of the personal data.
3. Right to restriction of processing (Art. 18 GDPR)
You have the right to request restriction of processing if one of the following conditions is met:
you contest the accuracy of the personal data, for a period enabling us to verify the accuracy
processing is unlawful and you oppose erasure and request restriction of use instead
we no longer need the data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims, or
you have objected to processing, pending the verification of whether our legitimate grounds override yours
4. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
You have the right to request the immediate erasure of your personal data if one of the following applies:
the data is no longer necessary for the purposes for which it was collected
you withdraw your consent and there is no other legal basis
you object to the processing and there are no overriding legitimate grounds, or you object pursuant to Art. 21(2) GDPR
your personal data has been processed unlawfully
erasure is required for compliance with a legal obligation under Union law or the law of a Member State to which we are subject
the personal data was collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR
Please note that the above grounds do not apply insofar as processing is necessary:
for exercising the right of freedom of expression and information
for compliance with a legal obligation or for the performance of a task carried out in the public interest to which we are subject
for reasons of public interest in the area of public health
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes
for the establishment, exercise, or defense of legal claims
5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer of those data to another controller.
6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1) sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions.
Where personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
7. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
information about the browser type and version used
the user’s operating system
the user’s internet service provider
date and time of access
websites from which the user’s system accesses our website
websites accessed by the user’s system via our website
This data is stored in the log files of our system.
This does not include the user’s IP address or other data that would allow the data to be assigned to a specific user. The data is not stored together with other personal data of the user.
2. Purpose of the data processing
The storage in log files serves to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context.
3. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 6(1) sentence 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
Where the data is collected for the provision of the website, this is the case when the respective session has ended.
Where the data is stored in log files, this occurs after no later than seven days. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized so that it is no longer possible to identify the accessing client.
5. Exercise of your rights
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. The user may object to this. Whether the objection is successful shall be determined by way of a balancing of interests.
Use of cookies
1. Description and scope of data processing
When you visit our website, we use technical tools for various functions, in particular cookies, which may be stored on your end device. When you first access our website and at any time thereafter, you have the choice of whether to generally allow the use of cookies or to select individual additional functions. You can make changes in your browser settings or via our consent manager.
Cookies are text files or information in a database stored on your hard drive and assigned to the browser you use, allowing the entity that sets the cookie to receive certain information. Below we describe the types of cookies we use:
We use technically necessary cookies that are required for the technical operation of the website. Without these cookies, our website cannot be displayed correctly in full or support functions cannot be provided.
The following data are stored and transmitted by technically necessary cookies:
frequency of page views
language settings
login information
search terms entered
use of website functions
We also use cookies that are not technically necessary. Technically non-necessary cookies are text files that do not solely serve the functionality of the website but also collect other data.
When technically non-necessary cookies are set, the following data are processed:
IP address
location of the internet user
date and time of website access
tracking of browsing behavior
linking of website visits with other social media platforms
2. Purpose of the data processing
Technically necessary cookies are used to ensure the functionality of our website. Some functions cannot be offered without cookies. For these functions, it is necessary that the browser is recognized again after a page change.
We require technically necessary cookies for the following applications:
functionality of the website
adoption of language settings
storage of search terms
Technically non-necessary cookies are used to improve the user experience, personalize content and advertisements, analyze the use of our website, and, where applicable, support marketing measures.
Typical purposes include:
Analytics: collecting and evaluating usage statistics to improve website functionality and content
Marketing: displaying personalized content or advertising based on user interests
Personalization: storing preferences to enable an individualized user experience
The use of such cookies takes place only with your consent, which you can withdraw at any time via the cookie settings (cookie banner).
3. Legal basis for the data processing
The provisions of the German Telecommunications-Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG) apply to the storage of information on the end user’s device and/or access to information already stored there.
Where the setting and reading of cookies is technically necessary, this is carried out to ensure the functionality of our website. In this case, the storage of and access to cookies on your end device is based on § 25(2) no. 2 TDDDG.
Cookies are generally deleted after the end of the session (e.g., logout or closing the browser) or after a specified period has expired. Information on different storage periods can be found in the following sections of this privacy policy.
Where cookies that are not technically necessary are used, this is done on the basis of your explicit consent via the cookie banner. The legal basis for storage/access in this case is § 25(1) TDDDG in conjunction with Art. 6(1)(a) and Art. 7 GDPR.
You may withdraw your consent at any time with effect for the future or grant it again by adjusting your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by configuring the relevant settings in your browser software. Please note that these settings apply only to the browser used in each case.
If personal data is processed following the storage of or access to information on your device, the provisions of the GDPR apply.
Email contact
1. Description and scope of data processing
You can contact us via the email address provided on our website. In this case, the personal data transmitted with the email will be stored. The data is used exclusively for processing the correspondence.
2. Purpose of the data processing
In the event of contact by email, the processing is based on the necessary legitimate interest in handling the request.
3. Legal basis for the data processing
The legal basis for processing the data transmitted by email is Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your inquiry in the best possible way.
If the email contact is aimed at concluding a contract, an additional legal basis is Art. 6(1)(b) GDPR.
4. Duration of storage
Personal data is deleted as soon as it is no longer necessary for the purpose for which it was collected. Data transmitted via email or contact form is deleted after the request has been fully processed, provided that no statutory retention obligations prevent deletion.
Additional technical data collected during the submission process is stored only for as long as necessary to ensure the security and functionality of the systems.
5. Exercise of your rights
If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
Withdrawal of consent and objection can be exercised as follows:
By email: simply send us an email to contact@yasp.ai stating your withdrawal or objection.
All personal data stored in the course of the contact will be deleted in this case.
Contact form
1. Description and scope of data processing
Our website provides a contact form for electronic communication. If a user uses this option, the data entered in the input fields will be transmitted to us and stored.
At the time the message is sent, the following data is stored:
email address
first name
company name
role
industry
date and time
2. Purpose of the data processing
The processing of personal data from the contact form input fields or via the provided email address serves solely to handle the contact request.
Other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Legal basis for the data processing
The legal basis for processing is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your inquiry submitted via the contact form in the best possible way.
If the contact is aimed at concluding a contract, an additional legal basis is Art. 6(1) sentence 1 lit. b GDPR.
4. Duration of storage
Personal data is deleted as soon as it is no longer necessary to achieve the purpose. Data transmitted via email or contact form is deleted after the request has been fully processed, provided that no statutory retention obligations prevent deletion.
Additional technical data collected during the submission process is stored only for as long as necessary to ensure the security and functionality of the systems.
5. Exercise of your rights
If you contact us via the contact form, you may object to the storage of your personal data at any time.
Withdrawal of consent and objection can be exercised as follows:
By email: simply send us an email to contact@yasp.ai stating your withdrawal or objection.
All personal data stored in the course of the contact will be deleted in this case.
Application by email
1. Description and scope of data processing
You may submit your application to us by email. In this process, we collect your email address and the data you provide in the email.
2. Purpose of the data processing
The processing of personal data from your application email is carried out solely for the purpose of processing your application.
3. Legal basis for the data processing
The legal basis is the initiation of a contract at the request of the data subject pursuant to Art. 6(1) sentence 1 lit. b GDPR (first alternative) and § 26(1) sentence 1 BDSG.
4. Duration of storage
Applicants’ personal data is stored for the duration of the application process. After completion of the application process, the data is deleted as soon as it is no longer required for the execution and documentation of the process, provided that no statutory retention obligations or legitimate interests prevent deletion.
Use of corporate profiles on professionally oriented social networks
1. Scope of data processing
Our corporate presence is used for applications, information/PR, and active sourcing. We do not have information on the processing of your personal data by the companies jointly responsible for operating the corporate profiles. Further information can be found in the privacy policies of the respective providers.
On our pages, we provide information and offer users the opportunity to communicate with us.
Further information can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy
If you perform an action on our corporate profile (e.g., comments, posts, likes, etc.), you may thereby make personal data (e.g., your real name or your profile picture) publicly available.
2. Legal basis for the data processing
The legal basis for processing personal data for the purpose of communication with customers and interested parties is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your inquiry in the best possible way or providing requested information.
If the contact is aimed at concluding a contract, an additional legal basis is Art. 6(1) lit. b GDPR.
3. Purpose of the data processing
Our corporate presence serves to inform users about our services. Each user is free to publish personal data through their activities.
4. Duration of storage
We store activities and personal data published via our corporate presence until consent is withdrawn. In addition, we comply with statutory retention periods.
5. Exercise of your rights
You may object at any time to the processing of your personal data that we collect in connection with your use of our corporate presence and assert your rights as set out in the section “Your rights” of this privacy policy.
Please send us an informal email to the email address specified in this privacy policy.
Further information on exercising your rights can be found here:
https://www.linkedin.com/legal/privacy-policy
Hosting
The website is hosted on servers operated by a service provider commissioned by us.
Our service provider is:
Framer B.V.
Rozengracht 207
1016 LZ Amsterdam
Netherlands
Further information on the processing of personal data by the respective provider can be found on the provider’s website.
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes:
information about the browser type and version used
This data is not merged with other data sources. The collection of this data is based on Art. 6(1) lit. f GDPR. Our legitimate interest lies in ensuring that our website is displayed correctly and that its functions are optimized.
The location of the servers on which the website is operated is determined by the data processing agreements concluded with the respective provider.
Integrated third-party services
We use various service providers to deliver the services offered on our website.
In general, we have a legitimate interest in sharing your data with the relevant service providers where these services are essential for the provision of the core services offered on the website.
Where such services are required for additional services, extended functionalities, or additional purposes, your personal data will only be shared with service providers if you have given your consent.
Use of Google Analytics 4 (GA4)
1. Scope of the processing of personal data
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics analyzes how visitors use our website. Google uses cookies on your end device for this purpose. During your visit, user behavior is recorded in the form of “events.” This may result in the storage and evaluation of personal data, including:
first visit to the website
interaction with the website, usage paths
clicks on external links
video usage
file downloads
advertising impressions and clicks
scroll behavior (when scrolling to the end of the page)
searches performed on the website
language selection
page visits
location (region)
your IP address (in shortened form)
technical information about your browser and end devices (e.g., language settings, screen resolution)
your internet service provider
referrer URL
IP anonymization is enabled by default in GA4. This means your IP address is truncated by Google within EU/EEA member states. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there.
According to Google, the IP address transmitted by your browser within Google Analytics is not merged with other Google data.
Further information:
https://policies.google.com/privacy
2. Purpose of the data processing
GA4 is used to evaluate the use of our online presence and to generate reports about website activity. These reports serve to analyze website performance and to deliver targeted advertising to individuals who have already shown initial interest through their website visit.
3. Legal basis for the data processing
The legal basis is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.
4. Duration of storage
After two months, your personal data will be deleted. This deletion takes place automatically once per month.
5. Exercise of your rights
You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. You can withdraw your consent via our cookie consent tool.
You can prevent Google from collecting and processing your data by blocking third-party cookies, using “Do Not Track,” disabling script execution, or installing script blockers such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com).
Further information on objection/removal options:
https://policies.google.com/technologies/partner-sites
You can also prevent the collection and processing of data generated by the cookie (including your IP address) by downloading and installing the browser plugin:
https://tools.google.com/dlpage/gaoptout?hl=de
You can disable the use of your personal data by Google here:
https://adssettings.google.de
Use of Google Web Fonts
1. Scope of the processing of personal data
We use Google Web Fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its EU representative Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (“Google”).
When a page is accessed, the web fonts are transferred to the browser cache for improved visual display. If the browser does not support Google Web Fonts or blocks access, the text will be displayed in a standard font.
No cookies are stored on the visitor’s device when the page is accessed. Data transmitted in connection with the page request is sent to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com.
This may result in the storage and evaluation of personal data, especially user activity (e.g., pages visited and elements clicked) and device/browser information, in particular the IP address and operating system.
The data is not linked with data collected/used in connection with the parallel use of authenticated Google services such as Gmail.
Further information:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of the data processing
Google Web Fonts are used to ensure an appealing presentation of our texts. If your browser does not support this function, a standard font from your computer will be used.
3. Legal basis for the data processing
The legal basis is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information is stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law (e.g., tax and accounting purposes).
5. Exercise of your rights
You can prevent Google from collecting and processing your data by blocking third-party cookies, using “Do Not Track,” disabling script execution, or installing script blockers such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).
You can disable Google’s use of your personal data here:
https://adssettings.google.de
Further information on objection/removal options:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Tag Manager
1. Scope of the processing of personal data
We use Google Tag Manager, a tag management service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is used solely to manage and deploy website tags (e.g., analytics or marketing tags). Google Tag Manager itself does not process personal data of website visitors; it merely enables the technical integration of other services.
2. Purpose of the data processing
Google Tag Manager is used to integrate and manage external tools and services efficiently, centrally, and in a technically reliable way. This enables optimized maintenance and flexible control of the tracking and analytics services used.
3. Legal basis for the processing of personal data
The legal basis is generally your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.
4. Duration of storage
Google Tag Manager itself does not store any personal data.
Any data processed by integrated third-party tags is stored solely within the scope of the respective services and in accordance with their own privacy policies.
5. Exercise of your rights
You can prevent Google from collecting and processing your data by blocking third-party cookies, using “Do Not Track,” disabling script execution, or installing script blockers such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).
You can disable Google’s use of your personal data here:
https://adssettings.google.de
Further information on objection/removal options:
https://policies.google.com/privacy?gl=DE&hl=de
This privacy policy was created with the support of DataGuard.