Privacy Policy
Update Date:
1. Who we are
This website is operated by:
Heyrise Group GmbH
Bahnhofplatz 1
Austria
Email: hello@heyrise.com
Heyrise Group GmbH is responsible for the processing of personal data in connection with this website.
2. What this Privacy Policy covers
This Privacy Policy explains how we process personal data when you visit our website, contact us, interact with our content, register for updates, download materials, or take part in marketing-related activities such as webinars or online events.
It also covers the use of Heyrise AI on this website or in connection with website-related inquiries, as described in the section “Heyrise AI” below.
The productive use of Heyrise AI or other Heyrise services by our customers is not covered by this Privacy Policy, unless expressly stated in the “Heyrise AI” section below. In customer-specific productive environments, the respective customer company is generally responsible for the use of the service and the related processing of personal data.
3. Website
3.1 Website hosting and usage data
Our website is hosted on Microsoft Azure. Hosting services are used to provide the website, ensure availability, protect the systems and operate the website securely and reliably.
When you visit our website, certain technical data is processed automatically. This may include your IP address, browser and device information, operating system, referrer URL, access time, interaction data, server log data and cookie or consent information.
We use this data to operate the website, protect our systems, detect errors, improve performance and maintain system stability.
The legal basis is our legitimate interest in operating a secure, stable and user-friendly website under Art. 6(1)(f) GDPR. Where legally required, we process data based on your consent under Art. 6(1)(a) GDPR.
Technical access data is deleted or anonymized within 60 days unless a longer retention period is required for security, troubleshooting or legal reasons.
3.2 Contact, content and marketing communication
If you contact us, subscribe to updates, register for a webinar, download content or request information, we process the data you provide to us.
This may include your name, email address, phone number, company, role, message content, interests, preferences and interaction data related to our communication.
We use this data to respond to your request, provide the requested content, organize events, send relevant information, follow up on business interest and improve our communication.
The legal basis is your consent under Art. 6(1)(a) GDPR, the performance of pre-contractual steps under Art. 6(1)(b) GDPR where applicable, or our legitimate interest in B2B communication under Art. 6(1)(f) GDPR.
You can withdraw your consent at any time with effect for the future.
We keep this data only for as long as it is needed for the respective purpose, for as long as there is an active business or communication interest, or as long as legal retention obligations apply.
3.3 Cookies and similar technologies
We use cookies and similar technologies to provide essential website functions, remember your preferences, analyze website usage, support marketing activities and measure campaign performance.
Technically necessary cookies are used to operate the website and manage consent settings. Analytics, advertising and marketing cookies are only used if you have given your consent.
You can change or withdraw your cookie consent at any time through the cookie settings on our website.
Details about the individual tools, cookies, providers, purposes, storage periods and possible third-country transfers are available in our cookie banner.
3.4 Personal Data processed for the following purposes and using the following services
Hosting and backend infrastructure
Microsoft Azure
Microsoft Azure is used for website hosting, infrastructure and selected backend services.
Personal Data processed may include: IP address, server log data, device information, usage data and technical metadata.
Analytics
Google Analytics 4
Google Analytics 4 is used to understand how visitors use our website and to improve content, user experience and marketing activities.
Personal Data processed may include: cookies, usage data, device information, browser information, approximate location data and online identifiers.
The legal basis for the use of Google Analytics 4 is your consent under Art. 6(1)(a) GDPR.
Advertising
LinkedIn conversion tracking / LinkedIn Insight Tag
LinkedIn conversion tracking and the LinkedIn Insight Tag are used to measure the effectiveness of LinkedIn advertising campaigns and understand how users interact with our website after clicking on LinkedIn ads.
Personal Data processed may include: device information, trackers, usage data and interaction data.
The legal basis is your consent under Art. 6(1)(a) GDPR.
Remarketing and behavioral targeting
LinkedIn Website Retargeting
LinkedIn Website Retargeting is used to show relevant advertising to users who have previously visited our website.
Personal Data processed may include: trackers, usage data, device information and interaction data.
The legal basis is your consent under Art. 6(1)(a) GDPR.
Traffic optimization and distribution
Cloudflare
Cloudflare is used to improve website performance, security and traffic distribution.
Personal Data processed may include: trackers, IP address, technical metadata and usage data.
The legal basis is our legitimate interest in providing a secure, stable and high-performing website under Art. 6(1)(f) GDPR. Where legally required, processing is based on consent.
User database management
HubSpot CRM
HubSpot CRM is used to manage business contacts, inquiries, leads and communication with prospects and customers.
Personal Data processed may include: company name, first name, last name, email address, phone number, role, communication history and interaction data.
The legal basis is consent under Art. 6(1)(a) GDPR, pre-contractual steps under Art. 6(1)(b) GDPR where applicable, or our legitimate interest in managing B2B communication under Art. 6(1)(f) GDPR.
4. Heyrise AI
We use Heyrise AI as an AI-supported messaging and voice agent to handle incoming inquiries. Heyrise AI can process written or spoken content in order to understand the requester’s intent, provide support, or route the inquiry to the appropriate internal team.
Depending on the inquiry and the information provided by the requester, the following personal data may be processed:
name, email address, phone number, company information, and the written or spoken content of the conversation.
Certain inquiries, for example from customers, prospects or business contacts, may be forwarded to the responsible internal departments for further handling.
The legal basis for processing inquiry data is our legitimate interest in efficiently handling incoming requests under Art. 6(1)(f) GDPR. Where the inquiry relates to a potential contract or business relationship, processing may also be based on pre-contractual steps under Art. 6(1)(b) GDPR. Where we ask for specific consent, the legal basis is Art. 6(1)(a) GDPR.
The technical operation of Heyrise AI is carried out by Heyrise with the support of selected service providers. Where these providers process personal data on our behalf, they are contractually bound by data processing agreements in accordance with Art. 28 GDPR.
4.1 AI-supported messaging and voice processing
Heyrise AI processes spoken and written content to capture the requester’s intent and route the inquiry accordingly. This may include incoming messages, voice requests, answers to questions, and related context provided during the conversation.
Personal Data processed may include: name, email address, phone number, company information, written or spoken conversation content, and interaction data.
4.2 Microsoft Azure OpenAI Service
Microsoft Azure OpenAI Service is used to support AI-based language processing, intent recognition and response generation.
Personal Data processed, if provided, may include name, email address, phone number and written or spoken conversation content.
Place of processing: Europe.
4.3 ElevenLabs Inc.
ElevenLabs Inc. is used to provide AI-generated voice capabilities in connection with our voice agents.
Personal Data processed, if provided, may include name, email address, phone number and written or spoken conversation content.
Place of processing: USA.
Where personal data is transferred outside the European Economic Area, appropriate safeguards are applied in accordance with Art. 45 et seq. GDPR.
4.4 Conversation data and improvement of Heyrise AI
Conversation data is used to process and respond to the respective inquiry. It is deleted as soon as it is no longer required for this purpose, unless legal retention obligations or legitimate security and documentation interests require longer storage.
If the requester has agreed, conversations may also be stored in anonymized form and used to improve processes, response quality and Heyrise AI functionality. In this case, the conversation is processed so that it can no longer be attributed to an identifiable person.
4.5 AI transparency and automated decision-making
Heyrise AI is used to understand, support and route inquiries. It does not make automated decisions within the meaning of Art. 22 GDPR that produce legal effects or similarly significantly affect individuals.
Where users interact with an AI-supported messaging or voice agent, the AI nature of the system is made clear. In accordance with the transparency principles of Art. 50 of the EU AI Act, the requester is informed at the start of the call or message that they are interacting with an AI-supported system.
5. Service providers, international data transfers and data security
5.1 Service providers
We work with selected service providers to operate and improve our website, communication, marketing activities, analytics and AI-supported inquiry handling.
This includes providers for hosting, infrastructure, analytics, advertising, retargeting, traffic optimization, CRM, monitoring, error tracking, email communication, consent management, communication tools, speech processing and AI-supported services.
This includes in particular:
Microsoft Azure for website hosting, infrastructure and selected AI-related services.
Google Analytics 4 for website analytics, subject to user consent.
LinkedIn Insight Tag and LinkedIn Website Retargeting for advertising, conversion tracking and retargeting, subject to user consent.
Cloudflare for traffic optimization, performance and security.
HubSpot CRM for user database management, business contact management and lead handling.
ElevenLabs Inc. for AI-generated voice capabilities.
Where these providers process personal data on our behalf, we use appropriate data processing agreements in accordance with Art. 28 GDPR.
5.2 International data transfers
Some providers process personal data outside the European Economic Area. Where this happens, we ensure that appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses.
5.3 Data security
We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure. We review and improve these measures regularly.
6. Contact and your rights
6.1 Your rights
Under the GDPR, you have the right to access your personal data, request correction or deletion, restrict processing, receive your data in a portable format, object to certain processing activities and withdraw consent at any time.
To exercise your rights, contact us at:
You also have the right to lodge a complaint with a competent data protection authority.
6.2 Contact
For questions about this Privacy Policy or the processing of personal data, please contact:
