The protection of your personal data has the highest priority. This Privacy Policy explains the type, scope, and purpose of processing personal data (hereinafter referred to as "data") in connection with our online services. This includes the associated website, features and content, as well as external online presences such as social media profiles (hereinafter collectively referred to as "online services"). [cite_start]Your personal data will be treated confidentially and in strict accordance with statutory data protection regulations and the provisions of this Privacy Policy[cite: 484, 485, 486, 487, 488].
This Privacy Policy provides you with a comprehensive overview of what happens to your personal data when you visit this website or use our services. Personal data is any information that can be used to personally identify you. [cite_start]Detailed information on data protection can be found in this complete Privacy Policy[cite: 489, 490, 491, 492].
The data processing on this website and within the scope of our services is carried out by the website operator or service provider (Gohighlevel). [cite_start]The contact details of the controller can be found in the "Controller" section of this Privacy Policy[cite: 494, 495].
Personal data is collected in part by you actively providing it, for example by filling out a contact form, booking a consultation, or entering into a service contract. Other data is automatically collected or collected with your consent when you visit the website by the controller's IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). [cite_start]This data collection occurs automatically as soon as you enter the website[cite: 496, 497, 498, 499, 500].
Some of the data is collected to ensure the error-free provision of the website and our services. Other data may be used to analyze your user behavior to optimize the offer and adapt it to your needs. [cite_start]In the context of our AI consulting and automation services, we process data exclusively for the fulfillment of the respective contractual purpose[cite: 501, 502, 503, 504].
In the course of the controller's business activities, it may be necessary to transfer personal data to third parties. This transfer only takes place under certain conditions: when the transfer is necessary for the fulfillment of a contract, when there is a legal obligation, such as to tax authorities, when there is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, or when another legal basis permits the data transfer. When using external service providers for data processing, the transfer of personal data only takes place on the basis of a valid data processing agreement in accordance with Art. [cite_start]28 GDPR[cite: 505, 506, 507, 508, 509, 510].
Certain data processing operations can only be carried out with your express consent. This consent can be withdrawn at any time. [cite_start]The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by the withdrawal[cite: 511, 512, 513].
If the processing of your personal data is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for data processing can be found in this Privacy Policy. [cite_start]In the event of an objection, the controller will no longer process your personal data unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (objection pursuant to Art. 21 para. 1 GDPR)[cite: 514, 515, 516, 517, 518].
If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is related to direct marketing. [cite_start]After your objection, the controller will no longer use your personal data for these advertising purposes (objection pursuant to Art. 21 para. 2 GDPR)[cite: 519, 520, 521].
You have the right to lodge a complaint with a competent supervisory authority in the event of violations of the GDPR. This right can be exercised in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement. [cite_start]Other administrative or judicial remedies remain unaffected[cite: 522, 523, 524, 525].
Personal data that is automatically processed on the basis of consent or for the fulfillment of a contract can be requested in a structured, commonly used, and machine-readable format. [cite_start]Upon request, this data can also be directly transmitted to another controller, provided this is technically feasible[cite: 526, 527].
Every data subject has the right to obtain information free of charge about their stored personal data, its origin, recipients, and the purpose of data processing. In addition, there is a right to correction or deletion of this data, provided legal provisions permit this. [cite_start]For further questions or concerns regarding personal data, contact can be made with the controller at any time[cite: 528, 529, 530].
There is a right to request the restriction of processing of personal data if the accuracy of the data is disputed and verification is pending. Even in the case of unlawful processing, restriction of data processing can be requested instead of deletion. Furthermore, restriction can be requested if the data is no longer needed but is required for the assertion, exercise, or defense of legal claims. In the event of an objection to processing pursuant to Art. 21 para. [cite_start]1 GDPR, until it is clarified whose interests prevail, there is also a right to restriction[cite: 531, 532, 533, 534, 535].
[cite_start]If personal data is restricted in processing, such data may only be processed, apart from storage, with the consent of the data subject or for the assertion, exercise, or defense of legal claims, for the protection of the rights of other natural or legal persons, or for reasons of important public interest of the EU or a member state[cite: 536].
If you believe that the processing of your personal data violates the General Data Protection Regulation, you have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. [cite_start]You can contact the data protection supervisory authority responsible for you[cite: 537, 538, 539, 540].
The controller responsible for data processing on this website and in the context of services within the meaning of the General Data Protection Regulation (GDPR) is:
Malek Kilani - Elevate Wisely
Hafenstraße 25 - 27, 68159 Mannheim, Germany
Contact for Privacy Matters: Email: malek.kilani@elevatewisely.com
We work with various data processors who process data on our behalf. These service providers are contractually obligated to treat the data confidentially and use it exclusively within the scope of the respective service. Data processing agreements (DPA) in accordance with Art. 28 GDPR have been concluded with all data processors. A complete list of the data processors used can be found in Section 6 of this Privacy Policy. In addition, there are cases in which responsibility for data processing is shared with other parties. [cite_start]In such cases, the responsibilities are transparently regulated and documented to ensure compliance with data protection requirements[cite: 550, 551, 552, 553, 554, 555, 556].
To ensure the transparency of this Privacy Policy under European law and make it understandable to everyone, this statement primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The complete legal definitions can be found in Art. 4 GDPR. [cite_start]The most important terms in connection with this Privacy Policy are explained below[cite: 557, 558, 559, 560]:
This website is hosted on servers provided by external service providers to ensure reliable, secure, and high-performance delivery of this online offering.
The main website (elevatewisely.com) is hosted by:
Hostinger International Ltd.
61 Lordou Vironos Street, 6023 Larnaca, Cyprus
Server Location: European Union (EU)
Processed Data: When you visit our website, the following data is automatically collected and stored in server log files:
Purpose of Data Processing: The hosting service processes the above data for the following purposes:
Legal Basis: The processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the reliable and secure provision of our website.
Data Processing Agreement: We have concluded a data processing agreement (DPA) with Hostinger in accordance with Art. 28 GDPR.
Storage Duration: Server log files are typically stored for up to 30 days and then automatically deleted. Data that is required for evidence purposes may be stored longer until the respective incident is finally clarified.
Privacy Policy: For more information on data processing by Hostinger, please refer to their privacy policy: https://www.hostinger.com/privacy-policy
For certain landing pages, forms, and marketing automation features, we also use services from:
HighLevel Inc.
Corporate HQ, 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA
Data Transfer to USA: Personal data may be transferred to and processed in the USA. The data transfer is based on Standard Contractual Clauses (SCCs) approved by the European Commission in accordance with Art. 46 GDPR.
[cite_start]Details on data processing and data protection can be found in the hosting provider's privacy policy: https://www.gohighlevel.com/privacy-policy[cite: 572, 573, 574, 575, 576].
The processing of your personal data is based on the General Data Protection Regulation (GDPR) and other relevant legal provisions. Different legal bases apply depending on the purpose of data processing:
For certain processing operations, national regulations such as § 25 TTDSG may also apply when storing cookies or accessing information on your end device. [cite_start]The applicable legal bases are explained in detail in the specific sections of this Privacy Policy[cite: 589, 590].
If tools from companies based in countries with inadequate data protection levels are used on this website, or if US tools are used whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. It should be noted that in countries with inadequate data protection levels, a level of data protection equivalent to that of the EU cannot be guaranteed. For the USA as a third country with inadequate protection, no data protection level comparable to the EU is generally guaranteed. [cite_start]A data transfer to the USA is therefore only permissible if the recipient either has certification under the "EU-US Data Privacy Framework" (DPF) or has appropriate additional safeguards[cite: 593, 594, 595, 596].
When transferring personal data to third countries, we implement the following protection measures[cite: 598]:
Unless a more specific storage period is stated within this Privacy Policy, personal data will remain with the controller until the purpose for data processing no longer applies. If a legitimate request for deletion is asserted or consent to data processing is revoked, the relevant data will be deleted, provided there are no other legally permissible reasons for storing the personal data (e.g., tax or commercial retention periods). [cite_start]In these cases, deletion will occur after these reasons no longer apply[cite: 605, 606, 607, 608].
The controller stores personal data only for as long as is necessary to fulfill the respective purposes for which the data was collected. [cite_start]This includes in particular the fulfillment of contractual obligations, compliance with legal retention periods, and the protection of legitimate interests of the controller, such as IT security and protection against abuse[cite: 609, 610].
Specific Storage Periods:
If the processing of personal data is based on consent, storage will continue until this consent is revoked by the data subject. Such revocation is possible at any time with effect for the future. [cite_start]The data will then be deleted immediately, unless there are legal retention obligations or other overriding legal reasons that require further storage[cite: 615, 616, 617].
Comprehensive technical and organizational measures are taken to effectively protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access[cite: 619].
The security measures are continuously adapted to the state of the art to permanently ensure the protection of your data at a high level[cite: 628].
To protect the security of your data during transmission, encryption methods (e.g., SSL or TLS) via HTTPS are used in accordance with the current state of the art. SSL (Secure Socket Layer) or TLS (Transport Layer Security) are protocols for encrypting data transmissions on the internet. This ensures that the data exchanged between your browser and the server is protected from unauthorized access. [cite_start]You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line[cite: 629, 630, 631, 632, 633].
With each access to the website, information of a general nature is automatically collected that your browser transmits to the server. [cite_start]This information is stored in so-called log files and typically includes: IP address of the requesting computer, Date and time of access, Name and URL of the retrieved file, Website from which access was made (referrer URL), Browser used and user agent string, Operating system, Name of your access provider, HTTP status code[cite: 634, 635, 636, 637, 638, 639, 640, 641, 642, 643].
The storage of this data is carried out for security reasons, to ensure smooth connection establishment to the website, for comfortable use of the website, for evaluation of system security and stability, and for other administrative purposes. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. [cite_start]The legitimate interest arises from the stated purposes for data collection[cite: 644, 645, 646].
This website uses cookies. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause damage to your end device, do not contain viruses, Trojans, or other malware. Information is stored in the cookie that arises in connection with the specifically used end device. [cite_start]However, this does not mean that the controller thereby becomes directly aware of your identity[cite: 647, 648, 649, 650, 651].
The use of cookies serves on the one hand to make the use of the offer more pleasant for you (e.g., session cookies, temporary cookies for user-friendliness). [cite_start]On the other hand, the controller uses cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing the offer for you[cite: 652, 653, 655, 657].
The data processed by cookies are necessary for the stated purposes to protect the legitimate interests of the controller and third parties in accordance with Art. 6 para. [cite_start]1 sentence 1 lit. f GDPR[cite: 660, 661].
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. [cite_start]However, the complete deactivation of cookies may result in you not being able to use all functions of the website[cite: 662, 663].
This website uses a cookie consent banner to manage your consents for the use of cookies and comply with GDPR requirements.
The cookie banner appears on your first visit to collect your consent before any non-essential cookies are placed on your device. You can choose to:
When you make a choice in the cookie banner, a consent cookie is stored on your device that remembers your preferences. This cookie contains:
1. Essential Cookies (Always Active):
2. Analytics Cookies (Require Consent):
3. Marketing Cookies (Require Consent):
You can change your cookie preferences at any time by:
The cookie consent banner operates in accordance with:
[cite_start]You can withdraw your cookie consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal[cite: 679, 680, 681].
Analysis and tracking tools are used to ensure needs-based design and continuous optimization of this website. The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest) or Art. 6 para. 1 lit. a GDPR / § 25 TTDSG (consent). [cite_start]Consent can be revoked at any time[cite: 802, 803, 804, 805, 806, 807, 808, 809].
This website uses Google Analytics 4, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies and similar technologies to analyze how users interact with our website.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for EU users)
Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google Analytics collects the following information:
We use Google Analytics to:
We have activated IP anonymization (anonymizeIP) for Google Analytics. This means your IP address is shortened by Google within member states of the European Union or other countries party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Google Analytics may transfer personal data to the USA. The legal basis for this transfer is:
Google Analytics uses the following types of cookies:
Google Analytics data is retained as follows:
We have disabled Google Signals and do not allow Google to use our Analytics data for advertising purposes or to share it with other Google products.
The use of Google Analytics is based on:
You can control Google Analytics tracking by:
We have concluded a Data Processing Agreement with Google in accordance with Art. 28 GDPR, which obligates Google to protect the data of our website visitors and not to disclose it to third parties.
For more information about how Google Analytics handles user data, please refer to Google's privacy policy:
This website uses features of the social network LinkedIn. When you visit a page with a LinkedIn plugin, your browser establishes a direct connection to LinkedIn's servers. Information (including IP address) is transmitted to LinkedIn in the USA. The use is based on your consent (Art. 6 para. 1 lit. a GDPR). Data transfer to the USA is based on SCCs. [cite_start]LinkedIn is certified under the EU-US DPF[cite: 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, 826].
[Optional, if YouTube videos are embedded] This website uses YouTube videos in extended data protection mode. Cookies are only set when you play the video. Embedding is based on Art. 6 para. [cite_start]1 lit. f GDPR[cite: 830, 831, 833, 834].
This website and our landing pages use comprehensive tools and services from GoHighLevel (HighLevel Inc., Dallas, USA) for various purposes including contact forms, chatbots, appointment booking, email marketing, SMS communication, and customer relationship management (CRM).
Provider: HighLevel Inc.
Address: Corporate HQ, 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA
Website: https://www.gohighlevel.com
Privacy Policy: https://www.gohighlevel.com/privacy-policy
We utilize the following GoHighLevel features:
When you interact with our GoHighLevel-powered forms, landing pages, or communication tools, the following data may be collected and processed[cite: 843, 844]:
Your data is processed for the following purposes[cite: 845, 846]:
The processing of your data through GoHighLevel is based on the following legal grounds:
GoHighLevel processes data on servers located in the United States. The transfer of personal data to the USA is secured through:
GoHighLevel may set cookies on our landing pages and website to:
These cookies are only placed after you have given consent via our cookie banner.
Data collected through GoHighLevel is stored as follows:
Regarding your data processed through GoHighLevel, you have the following rights[cite: 856, 857]:
GoHighLevel may use automated processes for:
These automated processes do not result in legal consequences or significant effects without human review for important decisions.
Through GoHighLevel, we may integrate with additional services such as:
Each integration is configured to minimize data sharing and maintain GDPR compliance. Specific information about active integrations can be requested at any time.
GoHighLevel implements comprehensive security measures including:
For questions specifically about GoHighLevel's data processing practices, you can contact:
This website uses AI-powered chatbots. Data processed includes user input, technical data, and interaction data. Processing is based on legitimate interest (Art. 6 para. 1 lit. f GDPR) or consent. [cite_start]Chatbots can access AI services like OpenAI, Claude, Gemini[cite: 858, 859, 861, 862, 863, 864, 868].
For questions of any kind, it is possible to contact the controller via a form provided on this website. [cite_start]To know from whom the inquiry comes and to be able to answer it, the following information is required: First name, last name, Email address, Phone number, Company (optional), Message[cite: 682, 683, 684, 685, 686, 687, 688].
Data processing for the purpose of contacting the controller is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of voluntarily given consent or in accordance with Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures. [cite_start]The personal data collected for the use of the contact form will be deleted after the inquiry has been processed and any legal retention periods have expired[cite: 689, 690, 691, 692].
It is possible to address inquiries to the controller via email or by telephone. The personal data transmitted will be processed and stored by the controller exclusively for the purpose of processing the inquiry and any follow-up questions. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR or Art. 6 para. [cite_start]1 lit. f GDPR[cite: 694, 695, 696, 697, 698, 699].
Personal customer and contract data are collected, processed, and used for the establishment, content design, and modification of contractual relationships. [cite_start]This may include: Name, Company, Address, Email, Phone, VAT ID, Bank details, Contract data, Communication data[cite: 700, 701, 702, 703].
This information is necessary to provide services and communicate. [cite_start]Depending on the selected payment method, payment information is also recorded[cite: 704].
Legal Bases: Art. 6 para. 1 lit. b GDPR (Contract), Art. 6 para. 1 lit. c GDPR (Legal obligations), Art. 6 para. [cite_start]1 lit. f GDPR (Legitimate interests)[cite: 705, 706, 707, 708, 709].
[cite_start]Storage Duration: The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of legal retention periods (e.g., 10 years for booking documents, 6 years for business letters)[cite: 710, 711, 712].
As part of our AI consulting and automation services, we process personal data in a special way. [cite_start]This section explains the specific protection measures and processing principles for these activities[cite: 713, 714, 715].
Data Minimization as Supreme Principle: In the development and implementation of automation solutions, we follow a strict approach of data minimization. [cite_start]We generally only process: Non-identifying data wherever possible, Pseudonymized data for testing purposes, Personal data only when absolutely necessary for functionality[cite: 717, 718, 719].
[cite_start]Separation of Development and Production Environment: We clearly distinguish between Proof-of-Concept (PoC) Phase (Development in our n8n Cloud instance, Frankfurt), Test Phase (Customer instance with test data), and Production Phase (Independent customer instance with full data control by the customer)[cite: 720, 721, 722, 723, 724].
For the use of the n8n Cloud platform, we have concluded a data processing agreement (DPA) in accordance with Art. [cite_start]28 GDPR with n8n[cite: 733, 734].
n8n GmbH: Location: Berlin, Germany; Privacy Policy: https://n8n.io/legal/privacy; Server Location: Frankfurt am Main, Germany (EU); [cite_start]GDPR compliant[cite: 736, 737].
After a successful PoC phase, we support the customer in setting up their own n8n instance:
Important Principle: After project completion, the customer has complete data sovereignty. The customer is the controller within the meaning of the GDPR for all data processed in their instance. [cite_start]Malek Kilani - Elevate Wisely no longer has access (except within agreed support services)[cite: 744, 745, 746, 747].
Various AI services may be used in the development of automation solutions. [cite_start]We use exclusively GDPR-compliant providers with appropriate data protection agreements[cite: 748, 749, 750].
We might also request API keys from your other applications to ensure we can build the automation correctly taking in consideration your environment[cite: 767].
When our automation solutions process personal data of end customers of our clients, the following regulations apply[cite: 776, 777]:
For the development and hosting of AI chatbots, we use different platforms depending on customer requirements[cite: 788, 789]:
Important Note: For all chatbot solutions, the customer is the controller for data. [cite_start]Recommendation: Display privacy notices and opt-out mechanisms[cite: 796, 797].
If you are a customer of Malek Kilani - Elevate Wisely, you have the right at any time to obtain information about processed data, request deletion from PoC environments, receive a list of sub-processors, view impact assessments, and object to processing[cite: 798, 799, 800]. [cite_start]Contact us at: malek.kilani@elevatewisely.com[cite: 801].
CDN Service: A Content Delivery Network (CDN) is used to optimize loading times. The use is based on Art. 6 para. [cite_start]1 lit. f GDPR[cite: 874, 875, 878].
Security Tool: A security tool is used to ensure data integrity and protection against cyber attacks. Processing is based on Art. 6 para. [cite_start]1 lit. f GDPR[cite: 881, 882, 884, 885].
[cite_start]Provider for both: HighLevel Inc.[cite: 880, 886].
If you wish to receive the newsletter, we need an email address and consent. We use the Double Opt-In procedure. [cite_start]Processing is based on consent (Art. 6 para. 1 lit. a GDPR), which can be revoked at any time[cite: 888, 889, 892, 893, 898, 899, 900].
[cite_start]Sending to Existing Customers: Newsletters may be sent to existing customers without express consent under specific conditions (Art. 6 para. 1 lit. f GDPR) regarding similar services and no objection[cite: 905, 906, 907, 908, 909].
[cite_start]Prohibition of Sending Advertising Emails: The use of contact data published in the imprint for unsolicited advertising is prohibited[cite: 910, 911].
As a data subject, you have the following rights[cite: 914, 915]:
To exercise any of your rights, please contact us at:
Malek Kilani - Elevate Wisely
Hafenstraße 25 - 27, 68159 Mannheim, Germany
Email: malek.kilani@elevatewisely.com
We will process your request within 30 days. [cite_start]In complex cases, we may extend this period by an additional 60 days, of which we will inform you[cite: 941, 942, 943, 944, 945, 946].
Changes to This Privacy Policy: We reserve the right to adjust this Privacy Policy. The new policy applies to your next visit. [cite_start]Significant changes will be notified by email[cite: 948, 949, 950, 951, 952].
[cite_start]Severability Clause: Should individual provisions be invalid, the validity of remaining provisions remains unaffected[cite: 953, 954].