Data Privacy

Last updated: 01.11.2023.  


We at Bavest Technologies GmbH (hereinafter “Bavest” or “We”) offer you an API to our infrastructure for using our data & analytics and offer our Bavest terminal and other tools that are developed in cooperation with respective companies. To perform this task, we process your personal and company-related data.

Thank you for visiting our website and for your interest in Bavest. It is particularly important to us to respect your privacy and to ensure the protection of your personal and company-related data by processing your personal & company-related data in accordance with the content of these data protection regulations and the applicable data protection laws.

Entity in charge

As the operator of the Bavest API as well as our website and platform (including the web app, iOS app, Android app and other apps for corporate customers), we at as well as other subdomains to this domain (hereinafter also referred to as “website” or “platform”), are responsible for the collection and use of users' personal data (hereinafter “users” or “you”) on our platform and when using our services in accordance with applicable data protection law, in particular the General Data Protection Regulation (“GDPR”).

As part of our information obligations (Art. 13 et seq. DSGVO), we will inform you below which data is processed when you visit our website and on which legal basis this is done.

Information about the responsible entity

Bavest Technologies GmbH
Ludwig-Erhard-Allee 10
76131 KarlsruheEmail:

If you have any questions about the collection and use of data, you can contact us at any time.

Processing of personal data


Cookies are very small text files used by websites, which your browser stores on your computer and certain information flows through the location that sets the cookie (here by us). Cookies cannot run programs or transfer viruses to your computer.

Transient cookies are automatically deleted when you close your browser. In particular, this includes session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.  
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings.  

This information is used to optimize our offer and to offer you more comfort and protection when surfing on our pages. The legal basis for this data processing is Article 6 (1) (f) GDPR.  

You can set your Internet browser so that you are informed as soon as a web server wants to send you a cookie. You can then agree to accept the cookie or reject it. You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website. You can find out more about this in the help system of your Internet browser.

General storage period of personal data

Subject to different or more specific information within this privacy policy, the personal data collected by the website will be stored until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. If there is a legal obligation to store the data or another legally recognized reason to store the data (e.g. legitimate interest), the relevant personal data will not be deleted before the respective reason for storage ceases to apply.

Legal basis for storing personal data

The processing of personal data is only permitted if there is an effective legal basis for processing this data. If we process your data, this is regularly done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR (e.g. when voluntarily providing your data in the registration form or as part of the contact form), for the purpose of contract fulfilment in accordance with Art. 6 para. 1 lit. b GDPR (e.g. when using in-app purchases or the use of other paid functions on the platform) or due to legitimate interests in accordance with Art. 6 para. 1 lit. b GDPR (e.g. when using in-app purchases or using other paid functions on the platform). f GDPR, which are always balanced with your interests (e.g. as part of advertising measures). The relevant legal bases may be specified separately within the framework of this privacy policy.

Links to social media platforms

Our website links to our pages on various social media platforms. We would like to point out that by clicking on these links, you are leaving our website and also the scope of this privacy policy. On social media platforms, only the respective privacy policies and terms of use of the operator of the social media platform apply.

Log Files

Each time you access our website, we collect the following personal data, which is automatically processed in the log files:

- Access status/HTTP status code
- Amount of data transferred
- Website accessed
- IP address of the requesting computer
- Type of Internet used
-Browsers language of the Internet used
-Browser- version of the Internet used
-Browser operating system and its version
- date and time of visit
- Time zone difference to Greenwich Mean Time (GMT)
- Referrer websites that are accessed by the visitor's system via our website
- Users' Internet service providers

The remaining data is stored for a limited period of time. We use this data to operate our website, in particular to identify and correct website errors, to determine the load on the website and to make adjustments or improvements, so it is technically necessary (legal basis: Art. 6 para. 1 lit. f GDPR).

Opening a user account with Bavest via the website or apps

You can open a user account (account) on our website or in our apps. As part of the registration process, we request and process the following data:

- First and last name
- email address
- Username

The purpose of data processing is to initiate a customer relationship between the user and Bavest, but also to comply with legal regulations.
We base the processing of this personal data when opening an account on the legal basis of Art. 6 (1) lit. b DSGVO (contract initiation) and Art. 6 (1) lit. c DSGVO in conjunction with the respective relevant legal obligation.
Bavest only stores this data as long as we need it. As soon as you are a user with us, your data will be stored for the duration of the customer relationship. In addition, due to legal obligations, it may be necessary for us to store your data beyond the contractual relationship, i.e. beyond the time of termination of the customer relationship.

Amazon Web Services (website host)

Our website (including the apps and the Bavest API) is hosted by AWS (Amazon Web Services), an external service provider (hereinafter “Hoster”). The personal data collected on this website is stored on the host's servers. In particular, this may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our services by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. AWS stores our data exclusively on European servers.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us as the website operator with further services related to website activity and Internet usage.

The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading the browser plug-in available at the following link and install.

Deactivate Google Analytics via opt-out cookie
This website uses Google Analytics with the extension”_anonymizeIp ()”. As a result, IP addresses are further processed in abbreviated form to prevent direct identification of individuals.  
For more information about Google's data processing, please see Google's privacy policy:

Google Firebase

We use Google Analytics Firebase (hereinafter Google Firebase) to analyze user behavior. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Firebase includes various functions that enable us to analyse your in-app behavior. In this way, we can analyze, for example, your screen views, button clicks, in-app purchases or the effectiveness of advertising measures. We can also determine which functions are used frequently or rarely within our platform. Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data for these purposes.

A detailed overview of the data collected by Google Firebase can be found at:

The use of Google Firebase may require the transfer of your personal data to the USA. The storage period for the data collected in this way is regulated as follows: Google Firebase is used to optimize this platform and to improve our offerings. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

For more information about Google Firebase, visit:


We offer the option to process the payment process via the payment service provider Stripe, Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary to fulfill the contract (Art. 6 para. 1 lit b. GDPR):

- Cardholder's name
- Email address
- Customer number
- Order number
- Bank details
- credit card details
- Credit card validity period
- Credit card verification number (CVC)
- date and time of the transaction
- Transaction amount
- Name of provider
- Location

The processing of the data provided under this section is neither required by law nor by contract. We cannot make a payment via Stripe without submitting your personal data. Stripe is required so that you can subscribe to Bavest Plus or Bavest Pro; full use of the Pro versions is not possible without payment via Stripe. This is in line with our legitimate interest in offering an efficient and secure payment method. Stripe plays a dual role as controller and processor in data processing activities. As the controller, Stripe uses your submitted data to comply with regulatory obligations. This corresponds to Stripes's legitimate interest (in accordance with Art. 6 para. 1 lit. f DSGVO) and serves to execute the contract (in accordance with Art. 6 para. 1 lit. b GDPR). We have no influence on this process. Stripe acts as an order processor to complete transactions within payment networks. As part of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations in accordance with Article 28 GDPR. Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information on objection and removal options against Stripe can be found at: 

Your data will be stored by us until payment processing is completed. This includes the time required to process refunds, claims management and fraud prevention. In accordance with [§ 147 AO/§ 257 HGB], we have a statutory retention period of 6 years.


We use Calendly to plan appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and master data (e.g. names, addresses) in the USA. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is carried out on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy. The revocation does not affect the legality of the processing until the revocation.standard contractual clauses are the legal basis for the transfer to a country outside the EEA. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.we delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at

Data processing on social media platforms

We are represented on social media networks in order to present our organization and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. For this purpose, the network operators store information on user behavior in cookies on the user's computer. It is also possible that the operators may combine this information with other data. Users can find further information and information on how users can object to processing by the site operators in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning that they process data there. This may result in risks for users, e.g. because the enforcement of their rights is made more difficult or government agencies gain access to the data. When users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.


We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: You can object to data processing via the settings for advertisements: We are jointly responsible for processing the data of visitors to our profile on the basis of an agreement with Facebook within the meaning of Art. 26 GDPR. Facebook explains exactly which data is processed at Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive faster feedback if they contact Facebook directly.


We maintain a profile on Instagram. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here:


We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland. The privacy policy is available here:


We maintain a profile on Twitter. The operator is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here: You can object to data processing via the settings for advertisements:


We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https:// You can object to data processing via the settings for advertisements:

Other service providers

It is possible that some of the data processing is carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this includes in particular data centers and cloud service providers that store our website and databases, IT service providers who maintain our systems, and consulting firms. If we share data with our service providers, they may only use the data to perform the tasks specified by us. In principle, when using service providers, we only work with companies that process data within the European Economic Area or are located in countries that guarantee an adequate level of data protection in accordance with an adequacy decision by the European Union.

External service providers are used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our services securely, quickly and efficiently, supported by professional providers (Art. 6 para. 1 lit. f GDPR).


We would like to use our newsletters to inform you about Bavest news, technical updates on the platform and our range of services, among other things. We would also like to use our newsletters to inform you about current economic developments and news from the world of finance.

If you have given your express consent in accordance with Article 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.

You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time by e-mail to:

If you confirm your email address, we will save your email address, the time of registration and the IP address used to log in.

The purpose of processing the data is to send you our newsletters and to prove your registration, as well as to understand your interaction with our newsletters.

Your rights  

You have the right to have data that we process automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another person responsible, this will only be done if it is technically feasible. Information, deletion and rectificationYou have the right to obtain free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as the right to correct or delete this data at any time. You can contact us at any time at the address given in the legal notice if you have any further questions about personal data.

Right to restrict processing

You have the following rights vis-à-vis us with regard to personal data concerning you:

- Right to information
- Right to rectification or deletion
- Right to restrict processing
- Right to object to processing
- Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.