Privacy Policy
Last updated: 27 February 2026
General Information and Responsibility
This notice explains what personal data we collect in this web application, why we collect it and how we process it.
Responsible Authority
This application is used in the context of your employer (or the client). The following roles apply:
- Controller (as defined in Art. 4 No. 7 GDPR) for the collection and processing of your data is your employer.
- Processor (as defined in Art. 28 GDPR) and technical operator of the platform is: intrinsify GmbH Leisewitzstr. 41, 30175 Hannover, Germany Email: team@intrinsify.de
We process your personal data only on behalf of your employer, under their instructions, and based on a data processing agreement.
Legal Basis for Processing
Processing personal data requires a legal basis. The following legal bases apply:
- Where we obtain the data subject’s consent for processing personal data, Art. 6(1)(a) GDPR is the legal basis.
- Where processing personal data is necessary to perform a contract (here: use of the app in the employment relationship), Art. 6(1)(b) GDPR is the legal basis.
- Where processing is necessary to safeguard a legitimate interest of our company or a third party (e.g., infrastructure security), Art. 6(1)(f) GDPR is the legal basis.
Log Files and Hosting (Technical Provision)
For analysis and security purposes, we automatically store the data your browser transmits to us (so-called "log files").
This includes:
- Operating system and browser type used
- Hostname of the accessing computer (IP address, anonymised if applicable)
- Date and time of the server request
- Status information (e.g., HTTP status codes)
We generally cannot link this data to specific individuals. We do not combine it with other data sources. We delete it after statistical evaluation or once security-related retention periods expire (usually 30 days).
Hosting Services & Cloud Infrastructure
We use hosting services to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance to operate this online service.
For this purpose, we or our hosting provider process inventory data, content data, usage data, and users’ metadata and communication data. The legal basis is our legitimate interest in providing this online service efficiently and securely (Art. 6(1)(f) GDPR) in conjunction with Art. 28 GDPR (data processing agreement).
Type and Purpose of Data Processing (App Functions)
When you use the web application, we process the following categories of data:
1. Content Data and Survey Results
We process the answers, ratings and free-text entries you submit. If you optionally provide your name ("voluntary information"), we store that too. We process this data to carry out and evaluate the employee survey on behalf of the controller.
2. Use of AI Technologies (Natural Language Processing)
We use natural language processing technologies (artificial intelligence) to evaluate free-text entries. We analyse the text semantically to generate topic clusters and sentiment patterns. There is no automated decision-making within the meaning of Art. 22 GDPR (no profiling).
3. Types of Personal Data
The following personal data is processed when using the application:
- Usage and metadata: IP address, session data, timestamps, server logs (retention period: 90 days)
- Device information: Browser type, operating system, device type (processed separately from IP addresses for error logs)
- Content data: Semantic dialogue data from the conversation
- Master data:
- "Diagnosis" module: First name (optional, only if actively shared by the user)
- "Login" module: First name, last name, email address, self-chosen password, phone number
4. Categories of Data Subjects
Employees and staff of the customer, as well as other persons who use the application on behalf of the controller.
Disclosure of Data to Third Parties & Infrastructure
We share data with third parties when this is necessary to fulfil the contract and/or when we are legally obliged to do so in individual cases. To provide the application, we use specialised technical service providers (sub-processors). We have concluded appropriate data processing agreements with all service providers.
| Category | Purpose | Location & Security |
|---|---|---|
| Hosting & Content Delivery | Provision of the web interface. | EU (Frankfurt, Paris, Stockholm). |
| Database Services | Encrypted data storage. | EU (Frankfurt). |
| Process Automation | Internal data logic. | EU (Frankfurt). |
| Monitoring | Error analysis (only in case of technical faults). | EU (Frankfurt). |
| AI Services | Semantic text analysis. | EU (various locations). Via Google Vertex AI. |
| CRM System | Customer management and communication. | EU. Via ActiveCampaign (account on EU servers). |
Data Storage Outside the EU/EEA
If we use tools from third-party providers that process data in so-called third countries (outside the EU/EEA, particularly the USA), we ensure that an adequate level of data protection is guaranteed.
Transfers are based on the EU-U.S. Data Privacy Framework (DPF) (where providers are certified) or on EU Standard Contractual Clauses (SCC). We have concluded appropriate data processing agreements with all sub-service providers.
Security Information
We take appropriate technical and organisational measures to comply with data protection laws and to protect your personal data. Our website and communication via our website with us is encrypted via HTTPS (transport encryption).
Rights of the Data Subject
Since data processing is carried out on behalf of your employer, please contact your employer first to exercise these rights. Under the legal provisions, you generally have the right to:
- Access to the stored data (Art. 15 GDPR)
- Rectification of incorrect data (Art. 16 GDPR)
- Erasure of your personal data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates legal provisions.