Privacy Policy

Last updated: 06.04.2026

1. Controller

The controller responsible for the processing of personal data on this website is:

Funnelt.com
c/o Andreas Dittes
Bautzener Str. 35
10829 Berlin
Email: funnelt_privacy@dittes.info
Website: https://funnelt.com

If applicable:

• Data Protection Officer: [Name / contact details]
• EU representative: [Name / contact details]

2. What this Privacy Policy covers

This Privacy Policy explains how we process personal data:

• when you visit funnelt.com;
• when you contact us, book a demo, request information, or become a customer;
• when our customers use the Funnelt widget / plugin on their own websites to capture and manage leads.

3. Categories of personal data we process

Depending on how you interact with us, we may process the following categories of personal data:

• identification and contact data, such as name, business email address, phone number, company name, role, and website;
• communication data, such as messages sent via forms, email, chat, demo requests, and support requests;
• service and account data, such as account credentials, contract data, billing-related information, and customer settings;
• lead and widget interaction data, such as information entered by end users into a Funnelt widget on a customer's website, including contact details, request content, and chat messages;
• technical data, such as IP address, browser type, device data, timestamps, log data, and referral URL;
• usage and analytics data, if analytics tools are enabled;
• cookie or similar identifier data, where applicable.

4. Processing on Funnelt.com

a) Website operation and security

When you access our website, we process technical data and server log data to provide the site, ensure stability and security, prevent misuse, and troubleshoot errors.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests in secure and reliable website operation). Legitimate interest can only be used where the organisation has checked that the individual's rights are not overridden.

b) Contact requests, demo requests, and sales communication

If you contact us, request a demo, or ask for information about our services, we process the data you provide to respond to your request and handle pre-contractual or contractual communication.

Legal basis:

• Art. 6(1)(b) GDPR, where processing is necessary to take steps at your request before entering into a contract or to perform a contract;
• alternatively or additionally, Art. 6(1)(f) GDPR for handling business inquiries and communication.

c) Customer accounts and service delivery

If you become a customer, we process account, contract, billing, and service-related data to provide the Funnelt service, manage your account, provide support, and administer the business relationship.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and, where required, Art. 6(1)(c) GDPR (legal obligations).

d) Newsletter or marketing emails

If you subscribe to a newsletter or agree to receive marketing communications, we process your contact details for that purpose.

Legal basis: Art. 6(1)(a) GDPR (consent), unless another lawful basis clearly applies under applicable law. You can withdraw consent at any time with future effect.

e) Analytics, cookies, and similar technologies

If we use analytics or non-essential cookies or similar technologies on our website, we will only do so in accordance with applicable law. Where consent is required, such technologies will only be activated after consent has been obtained.

Further details are provided in our [Cookie Notice / Consent Manager].

Legal basis:

• necessary technologies: Art. 6(1)(f) GDPR or other applicable basis;
• non-essential cookies / tracking: consent where required.

5. Funnelt service on customer websites

When a customer embeds the Funnelt widget on its own website, the customer will usually determine why the lead data is collected and how it is used. In that setup, the customer is the controller and Funnelt acts as the processor on the customer's behalf. Processors must act under a contract with the controller.

In this context, Funnelt may process, on behalf of the customer:

• data entered into the widget, such as name, email address, phone number, company, and message content;
• chat or conversational inputs submitted through the widget;
• technical and event data needed to operate the widget and transmit or store leads;
• configuration data and customer-side workflow data.

We process this data only to provide the service, operate the widget, transmit captured leads, host the service, ensure security, and provide support, unless otherwise agreed in writing.

If Funnelt uses data collected through customer widgets for its own independent purposes, such as its own marketing, training unrelated models for its own benefit, or building its own lead database, then this policy and the role allocation must be revised. In that case, Funnelt may become an independent controller or joint controller for those activities. The controller/joint-controller distinction depends on who determines the purposes and means of the processing.

6. Recipients and service providers

We may disclose personal data to recipients where necessary, including:

• hosting and infrastructure providers;
• email, CRM, support, and communication providers;
• analytics or consent-management providers, where used;
• payment, accounting, and legal advisers, where relevant;
• subprocessors used to deliver the Funnelt service;
• public authorities, where we are legally required to do so.

Where Funnelt acts as a processor for customers, any subprocessors are engaged in accordance with the applicable data processing agreement.

Subprocessors / service providers currently used:

• [Hosting provider, country]
• [Cloud/database provider, country]
• [Email provider, country]
• [CRM provider, country]
• [Analytics provider, country]
• [Support/chat provider, country]

7. International data transfers

If personal data is transferred to recipients outside the EEA, we will do so only where permitted by law. This may include transfers to countries for which an adequacy decision exists or transfers subject to appropriate safeguards, including the European Commission's Standard Contractual Clauses.

Information about applicable safeguards can be requested via the contact details above.

8. Retention periods

We store personal data only for as long as necessary for the relevant purpose, unless longer retention is required by law.

Typical retention periods:

• website server logs: [e.g. 7–30 days];
• contact and demo requests: [e.g. 12 months after last contact];
• customer account and contract data: for the term of the contract plus applicable statutory retention periods;
• leads collected for customers through embedded widgets: as instructed by the respective customer or as defined in the applicable data processing agreement;
• marketing consent records: until withdrawal of consent and for as long as needed to demonstrate compliance.

You should replace these examples with your actual retention periods or your actual criteria for determining them. GDPR Article 13 requires that retention periods, or the criteria used to determine them, be disclosed.

9. Data subject rights

Under applicable data protection law, you may have the right to:

• request access to your personal data;
• request rectification of inaccurate data;
• request erasure of your data;
• request restriction of processing;
• object to processing based on legitimate interests;
• receive your data in a portable format, where applicable;
• withdraw consent at any time with future effect, where processing is based on consent;
• lodge a complaint with a supervisory authority.

As a rule, controllers must respond to data subject requests without undue delay and at the latest within one month.

If you want to exercise your rights, contact us at: [privacy@funnelt.com]

If personal data is processed by Funnelt solely on behalf of one of our customers, we may forward the request to the relevant customer where appropriate, because that customer is the controller for that processing.

10. Obligation to provide data

Providing personal data is generally voluntary. However, some data is necessary for us to respond to inquiries, provide a demo, enter into a contract, or deliver the Funnelt service. If you do not provide the required data, we may be unable to process your request or provide the relevant service. GDPR Article 13 requires disclosure of whether providing data is necessary for a contract and the possible consequences of not providing it.

11. Automated decision-making

We do not use personal data for decisions based solely on automated processing that produce legal effects or similarly significant effects on individuals, unless explicitly stated otherwise in a separate notice.

If this changes, we will provide the information required by applicable law. GDPR Article 13 requires disclosure where such automated decision-making, including profiling, exists.

12. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will always be available on this page and will indicate the date of the last update.

14. Contact

If you have questions about this Privacy Policy or our data processing practices, contact:

Funnelt.com
c/o Andreas Dittes
Bautzener Str. 35
10829 Berlin
Email: funnelt_privacy@dittes.info