Data security & Privacy Policy in DataLion Dashboard Software

Last updated: June 2026

Privacy Policy under the GDPR

In this privacy policy we inform you about the nature, scope and purposes of the collection and use of personal data by DataLion GmbH, Türkenstraße 87, 80799 Munich, Germany, as the controller responsible for this website (hereinafter "the webpage"). Personal data means all data that can be related to you personally, e.g. name, address, e-mail address or usage behaviour.

We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. The webpage can generally be visited without registration. When you register to use the web-based analysis software DataLion, or use our forms, certain personal data are collected (e.g. name and e-mail address). Data are only passed on to third parties within the scope of the data processing described below or with your consent.

Controller

The controller within the meaning of Art. 4(7) GDPR is:

DataLion GmbH
Managing Director: Dr. Benedikt Köhler
Türkenstraße 87
80799 Munich
Germany

Phone: +49 89 / 716 772 008
E-mail: info@datalion.com

Your rights

With regard to the personal data concerning you, you have the following rights:

Right of access (Art. 15 GDPR),
Right to rectification (Art. 16 GDPR),
Right to erasure (Art. 17 GDPR),
Right to restriction of processing (Art. 18 GDPR),
Right to data portability (Art. 20 GDPR),
Right to object to processing (Art. 21 GDPR),
Right to withdraw a consent you have given, with effect for the future (Art. 7(3) GDPR).

You can address questions about these rights and about data protection at DataLion GmbH in general to the address stated above at any time. You also have the right to lodge a complaint with the competent supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Promenade 18, 91522 Ansbach, Germany.

Legal bases for processing

Where we obtain your consent for processing operations, Art. 6(1)(a) GDPR is the legal basis. Where processing is necessary for the performance of a contract or to take pre-contractual steps, Art. 6(1)(b) GDPR is the legal basis. Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR applies. Where processing is necessary for the purposes of a legitimate interest pursued by us or a third party and your interests do not override it, Art. 6(1)(f) GDPR is the legal basis.

Hosting and server log files

In order to provide this webpage, we use hosting services (servers, computing and storage capacity, security services and technical maintenance) of an external provider. For this we use Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The data are processed on servers in Germany. We have concluded a data processing agreement (Art. 28 GDPR) with the provider. You can view Hetzner's privacy policy at this link.

When this website is accessed, the server automatically collects information in so-called server log files that your browser transmits (in particular IP address, date and time of access, the file requested, volume of data transferred, referrer URL and information about your browser and operating system). These data are used for the technical delivery, stability and security of the webpage. The legal basis is Art. 6(1)(f) GDPR.

Cookies and consent management

This webpage uses cookies and comparable technologies (e.g. your browser's local storage). Cookies are small text files stored on your device. Technically necessary cookies that are required to operate the website are used on the basis of Section 25(2) TDDDG and Art. 6(1)(f) GDPR.

All non-essential cookies and services – in particular for analytics and marketing – are only set or loaded after you have given your consent via our cookie banner (Section 25(1) TDDDG, Art. 6(1)(a) GDPR). Via the banner you can choose between the categories "Necessary", "Analytics" and "Marketing". Your choice is stored in your browser; you can withdraw or adjust your consent at any time with effect for the future via the cookie settings. To control the Google services listed below on a consent basis, we use Google Consent Mode v2.

Google Tag Manager

To manage the tags used on this website, we use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect personal data; it is a technical management solution used to trigger other services. Tags that process personal data (e.g. Google Analytics, Google Ads) are only triggered after your consent.

Google Analytics

After your consent, we use Google Analytics (GA4), a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies that enable an analysis of your use of the website. GA4 generally collects IP addresses only in truncated form and does not store them. The information collected is used on our behalf to evaluate your use of the website and to compile reports on website activity. The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). You can withdraw your consent at any time with effect for the future via the cookie settings.

A transfer of data to Google LLC in the USA cannot be ruled out. Google LLC is certified under the EU-US Data Privacy Framework; in addition, the European Commission's Standard Contractual Clauses are in place as appropriate safeguards. For more information, see Google's privacy policy.

Google Ads and conversion tracking

If you consent to marketing cookies, we use services from Google (Google Ireland Limited) to measure the success of our online advertising (conversion tracking) and, where applicable, for remarketing. This evaluates whether users carry out certain actions on our website after clicking one of our ads. The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). Here too, data may be transferred to Google LLC in the USA (EU-US Data Privacy Framework or Standard Contractual Clauses).

Google Maps

On our contact page we embed maps from the Google Maps service provided by Google Ireland Limited in order to show you our location. When the map is loaded, data about your use (including your IP address) are transferred to Google and may be transmitted to Google LLC in the USA (EU-US Data Privacy Framework or Standard Contractual Clauses). The legal basis is our legitimate interest in an appealing presentation of our webpage and in making our location easy to find (Art. 6(1)(f) GDPR), or your consent where this is obtained. For more information, see Google's privacy policy.

Contact and forms

If you contact us via a form on this website, by e-mail or by phone, we process the data you provide (e.g. name, e-mail address, company, phone number and your message) in order to handle your enquiry. The forms are processed via an endpoint we operate ourselves on our servers in the EU, where the submissions are stored. The legal basis is Art. 6(1)(b) GDPR (contract or pre-contractual steps) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). The data are deleted as soon as they are no longer required to achieve the purpose and no statutory retention obligations prevent this.

To send the related notifications and confirmation e-mails and to manage prospect and newsletter contacts, we use the Brevo service (see the "Newsletter and e-mail delivery via Brevo" section).

Newsletter and e-mail delivery via Brevo

With our newsletter we inform registered users and subscribers about innovations in the software as well as new offers from DataLion. We use the double opt-in procedure for sign-up: after you sign up, you receive an e-mail in which you confirm your registration. The legal basis is your consent (Art. 6(1)(a) GDPR). You can unsubscribe from the newsletter at any time, e.g. via the unsubscribe link in every newsletter e-mail. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

To send our newsletters and transactional e-mails and to manage contacts, we use the Brevo service (Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany; parent company Brevo SA, France). The data are processed on servers within the European Union. We have concluded a data processing agreement (Art. 28 GDPR) with Brevo. You can view Brevo's privacy policy at this link.

Support and helpdesk (Atlassian Jira)

For the efficient handling of customer enquiries and support, we use Atlassian Jira Service Management. In doing so we process personal data such as contact information and enquiry details in order to provide you with the support you need. These data are hosted and processed in the EU and used exclusively to handle your enquiries. The legal basis is Art. 6(1)(b) or (f) GDPR. A data processing agreement (Art. 28 GDPR) is in place with the provider. For users who do not agree to the data processing in the external system, we offer contact options by e-mail, phone or post.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser's address bar shows "https://".