Privacy Policy
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website in accordance with Article 13 of the General Data Protection Regulation (GDPR).
1. Responsible Data Controller
The controller responsible for data processing on this website is:
Comet Rocks GmbH
Cuvrystrasse 1
10997 Berlin
Germany
Email: privacy@comet.rocks
Data Protection Officer:
heyData GmbH
Schuetzenstrasse 5
10117 Berlin
Germany
Email: datenschutz@heydata.eu
2. Personal Data Processing
2.1 Cookie Usage
Our website uses cookies. Cookies are small text files that are stored on your device by your browser. They serve to make our website more user-friendly and effective.
Some cookies are "session cookies" and are automatically deleted after the end of your browser session. Other cookies are "persistent cookies" and remain stored on your device until they expire or you delete them.
We use a consent management platform provided by Osano to obtain and manage your cookie preferences. When you first visit our website, you will be asked to provide your consent for the use of non-essential cookies. You can change your preferences at any time.
2.2 Server Log Files
When you access our website, your browser automatically transmits certain data for technical reasons. The following data is recorded in server log files:
- IP address of the requesting device
- Date and time of access
- Name and URL of the retrieved file
- Website from which access was made (referrer URL)
- Browser used and, if applicable, the operating system
- Name of your access provider
The processing of this data is based on our legitimate interest in ensuring the smooth operation and security of our website (Art. 6(1)(f) GDPR).
2.3 User Surveys
We may occasionally conduct voluntary user surveys to improve our services. Participation is voluntary, and the legal basis for processing is our legitimate interest in improving our products and services (Art. 6(1)(f) GDPR).
2.4 Newsletter
If you subscribe to our newsletter, we use a double opt-in procedure. This means that after your registration, we send an email to the specified email address asking you to confirm your subscription. Only after your confirmation will you receive the newsletter.
The legal basis for processing your data for newsletter purposes is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter.
2.5 Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website.
Data retention is set to 2 months. We have activated IP anonymization so that your IP address is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area.
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
2.6 LinkedIn Analytics
We use the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Insight Tag enables the collection of data regarding visits to our website, including URL, referrer, IP address, device and browser characteristics, and timestamp.
IP addresses are truncated, and direct member identifiers are removed within 7 days. The remaining pseudonymized data is deleted within 180 days.
2.7 Contact Forms
When you contact us via a contact form on our website, the data you provide (e.g., name, email address, message) will be processed for the purpose of handling your inquiry. The legal basis is our legitimate interest in responding to your requests (Art. 6(1)(f) GDPR).
2.8 User Accounts and Comet Platform
When you register for the Comet Platform, we collect and process the data you provide during registration (e.g., name, email address, company information). You may also register using Google Single Sign-On (SSO), in which case we receive your name and email address from Google.
The legal basis for this processing is the performance of the contract between you and Comet (Art. 6(1)(b) GDPR).
3. No Obligation to Provide Data
You are not legally or contractually required to provide personal data. However, certain features of our website and services may not be available if you do not provide the necessary data.
4. Data Recipients
We share personal data with the following service providers who process data on our behalf:
| Service Provider | Purpose | Location |
|---|---|---|
| Attio | CRM | London, UK |
| Google Ireland Limited | Analytics, SSO | Dublin, Ireland |
| Webflow, Inc. | Website hosting | San Francisco, USA |
| Forms App OU | Form processing | Tallinn, Estonia |
| Osano, Inc. | Consent management | Austin, USA |
| LinkedIn Ireland Unlimited Company | Analytics | Dublin, Ireland |
| Datadog, Inc. | Security monitoring | New York, USA |
| Microsoft Ireland Operations Limited | Clarity analytics | Dublin, Ireland |
| HubSpot, Inc. | CRM | Cambridge, USA |
| Intercom, Inc. | Customer support | San Francisco, USA |
| Mintlify, Inc. | Documentation hosting | Ithaca, USA |
5. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). Where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place:
| Country | Transfer Mechanism |
|---|---|
| United Kingdom | EU Adequacy Decision |
| United States | EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) |
| Estonia | EU/EEA member state (no transfer mechanism required) |
| Ireland | EU/EEA member state (no transfer mechanism required) |
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Statutory retention periods may require us to retain certain data for up to 10 years (e.g., for tax and accounting purposes). The regular limitation period under German law is 3 years.
When the retention period expires, personal data is securely deleted or anonymized.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and to access that data.
- Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data.
- Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing under certain conditions.
- Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
- Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests at any time.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
To exercise any of these rights, please contact us at privacy@comet.rocks.
Document status: September 2023