Learn how we collect, use, and protect your data. Please read carefully to understand our practices.
This Privacy Policy explains how we collect, use, and protect your personal data when you interact with our platform.
We collect information that you provide directly to us, such as when you sign up or interact with our services.
We use your data to provide, personalize, and improve your experience on our platform, including marketing and support.
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any data by which you can be personally identified. Detailed information on data protection can be found further below in our complete privacy policy.
Data collection on this website is carried out by the website operator. For the operator’s contact details, please refer to the section “Notice on the Responsible Party” in this privacy policy.
Data processing on this website is managed by the website operator. The contact details of the operator are provided in the “Notice on the Responsible Party” section of this privacy policy.
Your data is collected in two ways. First, you provide us with your data (for example, when you enter information into a contact form). Other data is acquired automatically or with your consent during your visit by our IT systems. This includes technical data such as your internet browser details, operating system, or the time of your page access.
Some data is collected to ensure the website is provided without technical errors. Other data may be used to analyze your user behavior.
You have the right to free information about the origin, recipient, and purpose of your stored data at any time. Furthermore, you can request correction or deletion of this data and may revoke any consent to processing. In addition, under certain circumstances you can request a restriction of processing and have the right to file a complaint with the competent supervisory authority.
When you visit our website, your surfing behavior may be statistically evaluated using analytics programs. Detailed information on these analytical tools is provided in the remaining section of this privacy policy.
This website is hosted externally. The personal data collected (including IP addresses, contact requests, meta and communication data, contractual data, contact information, names, site access data, etc.) is stored on the servers of the hosting provider. Hosting is provided for the purpose of fulfilling contracts with our potential and existing customers and ensuring a secure, fast, and efficient online service provision.
External hosting is based on Art. 6 para. 1 lit. b (contract fulfillment) and Art. 6 para. 1 lit. f (legitimate interest) of the GDPR. With proper consent, processing is conducted on the basis of Art. 6 para. 1 lit. a and § 25 para. 1 TDDDG.
We have entered into a legally required contract for order processing (AVV) which ensures that the provider processes the personal data of our website visitors strictly according to our instructions and in compliance with the GDPR.
We use Cloudflare (Cloudflare Inc., San Francisco, USA) which provides a globally distributed content delivery network (CDN) and DNS services. Traffic between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyze data traffic and to serve as a filter against potentially malicious external traffic. It may use cookies solely for these purposes.
A contractual agreement is in place with Cloudflare to ensure that they process data only according to our instructions and in compliance with data protection regulations.
We use Amazon CloudFront CDN (provided by Amazon Web Services EMEA SARL, Luxembourg) to distribute our content worldwide, improving the accessibility and performance of our website.
We have concluded a contractual processing (AVV) agreement for Amazon CloudFront CDN, ensuring that data is processed solely on our instructions and in full compliance with the GDPR.
The operators of these pages treat your personal data with the utmost confidentiality and in accordance with statutory data protection regulations and this privacy policy.
The entity responsible for data processing on this website is Dreamlight Labs GmbH (with address, telephone, and email details provided in the full privacy policy). The responsible party is the person or entity that decides on the purposes and means of processing personal data.
Unless a more specific retention period is stated, your personal data is retained until the processing purpose ceases. If you request deletion or revoke your consent, your data will be deleted unless legally required for retention purposes (e.g., for tax or commercial obligations).
Processing is based on various legal grounds such as consent (Art. 6 para. 1 lit. a), contract fulfillment (lit. b), legal obligations (lit. c), or our legitimate interests (lit. f). Further explanations are provided in the subsequent paragraphs of this privacy policy.
We use tools from companies based in third countries and U.S. providers that may not be certified under the EU-US Data Privacy Framework. Transfers may occur to regions where an equivalent level of data protection is not guaranteed.
We share personal data with external parties only when necessary for contract fulfillment, legal obligations, or legitimate interests, and only on the basis of a valid order processing agreement.
You may revoke your consent to data processing at any time. The lawfulness of processing performed prior to revocation is not affected by this decision.
You have the right to object to data processing based on your particular circumstances (including profiling and direct marketing) under Art. 21 GDPR. Details of the legal bases for processing are provided in this privacy policy.
Should you believe that your data protection rights have been violated, you have the right to lodge a complaint with the appropriate supervisory authority.
You have the right to request that data processed based on your consent or contract fulfillment be provided to you or a third party in a common, machine-readable format. Direct transfer is possible if technically feasible.
Under applicable law, you have the right to obtain free information about your stored personal data, including its source and purpose, and to request its correction or deletion.
You have the right to request a restriction in the processing of your personal data under certain conditions, such as when disputing data accuracy or if the data is no longer needed but required for legal claims.
For security and confidentiality during transmission of sensitive information (like orders or inquiries), this website uses SSL/TLS encryption. An encrypted connection can be recognized by the change from 'http://' to 'https://' in the address bar and a lock symbol.
The use of contact data provided under imprint obligations for sending unsolicited advertising is hereby objected to. Legal action may be taken in cases of spam.
Our website uses 'cookies', which are small data packets stored temporarily (session cookies) or permanently (persistent cookies) on your device. They are necessary for technical functions, user behavior analysis, or advertising purposes. Storage is based on legitimate interest or your consent, which can be revoked at any time.
We use Usercentrics technology to obtain and document your consent for storing specific cookies and using certain technologies. Information such as your IP address, browser details, device information, timestamp of visit, and geolocation is transferred to Usercentrics and stored until you request deletion.
Automatically collected server log files include browser type and version, operating system, referrer URL, hostname, time of request, and IP address. This collection is based on our legitimate interest in optimizing site performance.
When you use our contact form, the data you provide (including contact information) is stored for processing your inquiry and potential follow-ups. Processing is justified by contract fulfillment or our legitimate interest.
If you contact us via e-mail, telephone, or fax, the associated inquiry data (including name and message) is stored for processing purposes, based on either contractual requirements or legitimate interests.
For communications via WhatsApp, messages are encrypted end-to-end. Metadata (such as sender, recipient, and time) is collected; WhatsApp may share personal data with its parent company Meta. Processing is based on legitimate interest or, if applicable, on your consent.
Comments posted on this website are stored along with the time of posting and, if applicable, the username chosen by the user.
For comments, the IP addresses of users are stored in order to enable action against potential legal violations such as insults or propaganda.
Comments and associated data are saved until the commented content is deleted or they must be removed for legal reasons.
The storage of comments is based on your consent (Art. 6 para. 1 lit. a GDPR), which can be revoked at any time without affecting the lawfulness of data processing that has already taken place.
Instagram functions are integrated into this website. When active, a direct connection is established between your device and Instagram’s server. If you click the Instagram button while logged into your account, your visit may be linked to your Instagram profile. The usage of this service is based on your consent, and joint responsibility applies between us and Meta Platforms for the collected data.
We utilize the Google Tag Manager to integrate tracking, statistical, and other technological tools into our website. It collects your IP address and is used based on our legitimate interest, or on the basis of your consent if provided.
Google Analytics is used to analyze visitor behavior (page views, session duration, interactions, etc.). Data recorded may include mouse movements and clicks. The data is generally transferred to Google’s US servers, and processing is carried out by your consent or on legitimate interest, supported by standard contractual clauses.
Within Google Analytics, your IP address is anonymized (shortened) within the EU before being transmitted to the USA, with only exceptional circumstances transferring the full address.
You can prevent data collection by Google Analytics through the installation of an opt-out browser plugin.
A data processing agreement with Google has been concluded to ensure that all data is processed strictly in accordance with our instructions and GDPR requirements.
Google Ads Remarketing is employed to assign users to target groups for interest-based advertising throughout the Google network. Its use is based on your consent (or alternatively our legitimate interest), with data transfers to the USA under standard contractual clauses.
We also use customer data matching in Google Ads Remarketing, transmitting customer information (e.g., email addresses) to Google to facilitate cross-device advertising.
The Meta-Pixel is deployed for conversion tracking. Collected data is transferred to Facebook, where it can be further processed for advertising purposes. We share joint responsibility for the collection process, while subsequent processing by Facebook is managed independently.
The TikTok Pixel is integrated to display interest-based advertisements (TikTok Ads) and to measure advertising effectiveness. Collected data include IP addresses, page views, and event timestamps, processed on the basis of your consent.
A contractual processing agreement with TikTok ensures that your data is processed solely according to our instructions and in compliance with the GDPR.
To subscribe to our newsletter, we require your e-mail address and verification information to confirm that you are the owner of that address and have consented to receive the newsletter. No further data is collected, or additional data is collected only on a voluntary basis.
We use Mailchimp for newsletter distribution. The service provider stores the supplied e-mail address on its US-based servers and may also record technical data (access time, IP address, browser type, operating system) for campaign analysis. Processing is based on your consent, and data transfer to the USA is supported by standard contractual clauses.
We have concluded a contractual processing agreement with Mailchimp which ensures that your personal data is processed only on our instructions and in accordance with the GDPR.
We embed YouTube videos in extended privacy mode. In this mode, videos are not used for personalizing your YouTube experience and no cookies are set – instead, local storage elements may be used. Usage is based on legitimate interest or your consent.
Vimeo plugins are integrated without tracking user activities or setting cookies. Data is processed based on a legitimate interest or consent, and transfers to the USA follow standard contractual clauses or are justified by legitimate business interests.
Google Fonts are used for a uniform display of typefaces. When a page is viewed, fonts are loaded from Google’s servers and your IP address is logged. This is done based on legitimate interest or with your consent.
Google Maps is embedded to display location information. For its functionality, your IP address is stored, and web fonts may be loaded. Processing is based on legitimate interest or consent, with data transfers supported by standard contractual clauses.
Google reCAPTCHA is used to verify that data entries (e.g., in contact forms) are made by humans. It collects various data (IP address, session details, user movements) in the background, based on legitimate interest or your consent. Data is transferred to Google’s US servers.
Spotify functions are integrated into our website for music services. If you click the Spotify button while logged in, your visit may be linked to your Spotify profile. Note that cookies from Google Analytics might be used and data processing is based on legitimate interest or your consent.
We offer you the opportunity to apply for a position via e-mail, postal mail, or online application forms. Your personal data is handled confidentially in accordance with applicable data protection laws.
If you submit an application, we process your associated personal data (including contact details, application documents, and interview notes) solely to decide on the initiation of an employment relationship, based on §26 BDSG, Art. 6 para. 1 lit. b GDPR, or with your consent under Art. 6 para. 1 lit. a GDPR.
If no job offer is made, or if you decline or withdraw your application, we may retain your submitted data for up to 6 months from the conclusion of the process for evidentiary purposes. In certain cases (e.g., pending legal disputes), retention may be extended. Longer retention may also occur if you have given explicit consent or if legal retention requirements apply.
If no position is available, you may be included in our applicant pool based solely on your explicit consent. This consent is voluntary and does not bind the ongoing application process. You may revoke your consent at any time, which will result in the irreversible deletion of your data from the applicant pool, typically within two years.
If you have any questions about this Privacy Policy, please contact us at:
contact.de@dreamlight-labs.com
© 2025 Dreamlight Labs | All rights reserved.