Archibo | Privacy Policy: Protecting Your Data & Personal Information
top of page
  • Whatsapp
  • Facebook
  • Instagram
  • LinkedIn
  • TikTok
  • Youtube
  • Xing

Privacy Policy

 

Last updated: 17 June 2025

​

​​

​

​Privacy, Responsibility and Scope of Application

​

We respect the privacy of our customers and other interested individuals and comply with applicable privacy laws. These laws include, in particular, the General Data Protection Regulation of the European Union ("GDPR") and the UK Data Protection Act.

This privacy notice covers:

  • Website(s):

    • archibo.de

  • Service(s):

    • ​​B2B archibo.de web application – configuring and managing an AI-based telephony assistant

​

The following categories of data subjects are covered by this privacy notice:

  • Website visitors

  • Employees of customers

The controller responsible for processing your personal data under this privacy notice is:

​

Archibo GmbH

Ohmstr. 12

63225 Langen

Germany

info@archibo.de

​

This notice explains

  • the purpose for which personal data is collected and processed.

  • which categories of personal data are subject to collection and processing.

  • on which legal basis we process personal data.

  • which third parties are involved as processors in the processing of personal data.

  • to which third parties personal data is transmitted.

  • further information such as storage duration, data subject rights and other information to help you understand the data processing described.

 

Purposes for which personal data is processed:
 
Website archibo.de

​

Website Hosting Our website is provided by the hosting service Hostinger. Hostinger is a product of HOSTINGER operations, UAB, based in the Republic of Lithuania.

Hostinger uses content delivery network (CDN) providers such as Cloudflare to deliver website content quickly and securely to website visitors.

​

Collected and processed data:

  • Technical information such as IP address

  • Device information

  • User behavior relevant for error analysis.

  • Website visit data

  • Browser information

  • Log data

  • Cookies

 

Legal basis

  • Legitimate interest pursuant to Art. 6 (1) lit. f GDPR

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

​

Processors involved

  • HOSTINGER operations, UAB, Švitrigailos str. 34, LT-03230 Vilnius, the Republic of Lithuania

​

Further information

  • Legitimate interest as a legal basis: Provision and use of the offered service.

  • The legal basis for consent relates to the use of CDN services.

  • Further information can be found in the Hostinger Privacy Policy

 

Testing the AI Telephony Assistant

We offer a function to test an AI telephony assistant on our website. After providing the necessary data, you will receive a call from our AI telephony assistant. The test conversation is recorded for quality improvement purposes. Use of the service may also result in data transfers to third countries.

​

Collected and processed data:

  • Identification data

  • Company

  • Contact data

  • Information you transmit via speech to the AI assistant

 

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) lit. f GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

 

Processors involved

  • LiveKit Inc., 4285 Payne Avenue, Suite 9154, San Jose, CA 95157, United States

  • Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland

  • Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, United States

  • Deepgram, Inc., 548 Market St, Suite 25104, San Francisco, CA 94104-5401, United States

  • OpenAI, L.L.C., 3180 18th St San Francisco, CA 94110, United States

  • New Relic, Inc, 188 Spear Street, Suite 1000, San Francisco, CA 94105, United States

  • PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States

  • VAPI Inc. (vapi.ai), 95 Third Street, 2nd Floor, San Francisco, CA, United States

  • Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin, Ireland

 

Further information:

  • Legitimate interest as a legal basis: Provision and testing of the offered service.

  • We kindly ask you not to transmit any special categories of personal data when using the AI telephony assistant. These include, among others:

    • Ethnic origin.

    • Political opinions.

    • Religious or philosophical beliefs.

    • Trade union membership.

    • Genetic data.

    • Biometric data.

    • Health data.

    • Data concerning sexual life or sexual orientation.

  • You can avoid collection of your data by not using the test service.

 

Contact via Email

We publish a contact email address on our website through which you can reach out to us for further information about our services or to provide feedback.

​

Collected and processed data:

  • Email address

  • Information you transmit to us via email

​

Legal basis:

  • Legitimate interest pursuant to Art. 6 (1) lit. f GDPR

​

Further information:

  • Legitimate interest as a legal basis: Responding to inquiries and questions about products, services, and other offerings.

  • We kindly ask you not to transmit any special categories of personal data when contacting us. These include, among others:

    • Ethnic origin.

    • Political opinions.

    • Religious or philosophical beliefs.

    • Trade union membership.

    • Genetic data.

    • Biometric data.

    • Health data.

  • Data concerning sexual life or sexual orientation.

 

Newsletter Distribution

You may sign up for our newsletter via our website in order to receive regular updates about us and our services.

 

Collected and processed data:

  • Identification data

  • Contact details

  • Data regarding interactions with newsletters

  • Cookies

 

Legal basis:

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

 

Processors involved:

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

  • Twilio Inc. (SendGrid), 101 Spear Street, 1st Floor, San Francisco, CA 94105, USA

 

Further information:

​

​

Online Appointment Booking

You can schedule an appointment with us via our website. For this purpose, we use the services of Microsoft Bookings. The use of this appointment booking feature may involve the transfer of data to third countries.

 

Collected and processed data:

  • Identification data

  • Contact details

  • Company data

  • Details regarding monthly telephone usage

  • Additional information you provide in free text form

  • Technical information

  • Cookies

 

Legal basis:

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

 

Processors involved:

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

​

Further information:

  • Further information can be found in the Microsoft Privacy Policy.

  • We kindly ask you not to transmit any special categories of personal data when scheduling an appointment. These include, among others:

    • Ethnic origin.

    • Political opinions.

    • Religious or philosophical beliefs.

    • Trade union membership.

    • Genetic data.

    • Biometric data.

    • Health data.

    • Data concerning sexual life or sexual orientation.

  • You can avoid the collection of such data by not using the online booking service.

​

​

User Behavior Analysis

We use technologies in the form of code snippets to analyze and improve user behavior on our website, monitor and optimize advertising campaigns, and attract new customers. This may involve the transfer of data to third countries. This also includes the use of Microsoft Advertising to measure and optimize campaign performance on Bing and other Microsoft services.

​

Technologies in use:

  • Google Analytics

  • Google Tag Manager

  • TikTok Pixel

  • Meta Pixel

  • LinkedIn Pixel

  • Microsoft Advertising (Bing Ads UET)

​

Collected and processed data:

  • Technical information such as IP address

  • Browser data

  • User behavior and interaction data

  • Device information

  • Event data

  • Conversion data

  • Cookies

​

Legal basis:

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

​

Processors involved:

  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

  • Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland

  • LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

​

Further information:

​

 

Displaying Third-Party Content via Social Media Plug-ins and Widgets

We have integrated social media plug-ins and widgets into our site to display content that may be of interest to you, improve your user experience, and optimize our advertisements. This may result in the transfer of data to a third country.

We use Facebook plug-ins on our website. These are marked with a Facebook logo or the “Facebook Social Plug-in” label.

We use YouTube embeds to display YouTube videos directly on our website. When visiting a webpage containing an embedded video, your browser automatically connects to YouTube's servers, a Google subsidiary. Depending on your settings, various personal data may be transferred to the Google servers. If you are logged into YouTube at the time of your visit, data you have already provided to YouTube may also be transferred.

​

Collected and processed data:

  • Technical information such as IP address

  • Browser information

  • Data on website access

  • Data on interaction with plug-ins and widgets

  • Location data

  • Cookies

​

Legal basis:

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

​

Processors involved

  • Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 

Further information

  • Visit https://developers.facebook.com/docs/plugins for more information about the Facebook plug-ins and their usage.

  • We are not responsible for the collection, use, disclosure, or data security practices of these third parties. We cannot control the content of the transmitted data or how it is used by such providers.

  • When visiting a page on our website that includes such a plug-in, your browser establishes a direct connection with Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the website.

  • If you are logged into Facebook, Facebook may associate your visit with your Facebook account. To prevent this, log out of Facebook before visiting our website.

  • More information about Facebook and data protection can be found in the Facebook Privacy Policy.

  • You can learn more about data processing using Google services via the Google Privacy Policy.

​

​

Google Fonts

To display fonts on our website, we use the "Google Fonts" service, a free font directory.

​

Collected and processed data:

  • Technical information such as IP address

  • Browser information

  • Usage statistics of fonts

  • Data on website visits

  • Cookies

​

Legal basis:

  • Consent of the data subject pursuant to Art. 6 (1) lit. a GDPR

  • Data Privacy Framework

​

Processor involved:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

​

Further information

​

Purposes for which personal data is processed: B2B archibo.de Web App – Configuration and Management of an AI Telephony Assistant

​

​

App Hosting

Collected and processed data:

  • Technical information such as IP address

  • Device information

  • User behavior relevant to error analysis

​

Legal basis

  • (Pre-)contractual obligations pursuant to Art. 6 (1) lit. b GDPR

​

Processors involved

  • WIX.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel

  • HOSTINGER operations, UAB, Švitrigailos str. 34, LT-03230 Vilnius, Republic of Lithuania

  • Exoscale, Akenes SA, Rue de la Synagogue 31, 1204 Geneva, Switzerland

  • Microsoft Corporation (Azure), One Microsoft Way, Redmond, WA 98052-6399, USA

​

Further information

  • The data centers are located, depending on the provider, in the EU, Switzerland, Israel, or the USA.

  • Data transfers to third countries are based on adequacy decisions (e.g., Switzerland, Israel) or suitable safeguards such as standard contractual clauses and the Data Privacy Framework (e.g., USA).

​

​

Provision of the offered service

By using our application, we provide the following service:

  • Configuration and management of an AI phone assistant

​

Collected and processed data:

  • AI prompts and other AI-related information

  • Configurations

  • Technical access data (e.g., API keys)

  • Phone numbers

​

Legal basis

(Pre-)contractual obligations pursuant to Art. 6 (1) lit. b GDPR

​

Processors involved

  • HOSTINGER operations, UAB, Švitrigailos str. 34, LT-03230 Vilnius, Republic of Lithuania

  • Microsoft Corporation (Azure), One Microsoft Way, Redmond, WA 98052-6399, USA

​

Further information

The data centers are located, depending on the provider, in the EU, Switzerland, Israel, or the USA.

​

Maintaining a Customer Database (CRM)

Collected and Processed Data:

  • Identification data

  • Contact data

  • Email conversation data

​

Legal Basis:

  • Legitimate interest based on Article 6(1)(f) GDPR

  • Adequacy decision pursuant to Article 45(3) GDPR

​

Involved Data Processors:

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

​

Additional Information:

  • Interest based on the legal basis: maintaining customer relationship data.

  • Further information about Microsoft’s data protection practices can be found in the Microsoft Privacy Statement.

​

Customer Registration

Collected and Processed Data:

  • Identification data

  • Contact data

  • Authentication data

​

Legal Basis:

  • (Pre-)contractual obligations based on Article 6(1)(b) GDPR

​

Involved Data Processors:

  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

​

Additional Information:

  • Data center location where the service is hosted: Germany

​​

​

Processing Payments and Invoicing

We use the U.S.-based service provider “Stripe”, handling payments through its European subsidiary.

Collected and Processed Data:

  • Payment data

  • Invoice data

  • Cookies

  • Technical information

​

Legal Basis:

  • Fulfillment of a legal obligation based on Article 6(1)(c) GDPR

  • (Pre-)contractual obligations based on Article 6(1)(b) GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

​

Involved Data Processors:

  • Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland

​

Additional Information:

  • For more details about data protection practices of our payment provider “Stripe”, see the Stripe Privacy Policy.

Let me know if you'd like this formatted for inclusion in a privacy policy or terms of service.

​

​​

Error Detection and Correction

Collected and Processed Data:

  • Error-related technical data

  • User behavior and interaction data

  • Application logs

  • Availability and system monitoring data

​

Legal Basis:

  • Legitimate interest based on Article 6(1)(f) GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

Involved Data Processors:

  • New Relic, Inc.
    188 Spear Street, Suite 1200, San Francisco, CA 94105, USA

  • PostHog Inc.
    2261 Market Street #4008, San Francisco, CA 94114, United States

  • Microsoft Corporation
    One Microsoft Way, Redmond, WA 98052-6399, USA

  • Uptime Robot
    WebMonitoring Ltd., Republic of Seychelles / operated by HetrixTools SRL, Romania

Additional Information:

​

Analysis of User Behavior in the App

Collected and Processed Data:

  • Data on user behavior and interactions

​

Legal Basis

  • Legitimate interest based on Article 6(1)(f) GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

​

Involved Data Processors

  • PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States

  • Microsoft Corporation (Clarity), One Microsoft Way, Redmond, WA 98052-6399, USA

​

Additional Information

  • Interest based on the legal basis: improving the user experience when using the app.

  • Further information on data protection at PostHog can be found in the PostHog Privacy Policy.

  • Further information on data protection at Microsoft Clarity can be found in the Microsoft Clarity Privacy Statement.

​​

​

Sending Product Updates

Collected and Processed Data:

  • Identification data

  • Contact data

​

Legal Basis

  • Legitimate interest based on Article 6(1)(f) GDPR

  • Data Privacy Framework

  • Standard Contractual Clauses

​

Involved Data Processors

  • Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland

​

Additional Information

  • Interest based on the legal basis: communicating new features that improve the use of the service or expand its functionality.

  • Further information on data protection at Twilio can be found in the Twilio Privacy Notice.

​

​

​

Additional Information

Transfer of Data to the USA and the Data Privacy Framework


We point out that as of July 10, 2023, the EU Commission adopted an adequacy decision under Article 45(1) GDPR regarding the EU-U.S. Data Privacy Framework. Accordingly, organizations or companies (as data importers) in the USA that are registered on a public list through self-certification under the Data Privacy Framework provide an adequate level of protection for data transfers. This therefore constitutes a valid legal basis for the use of certified U.S. services. For all purposes mentioned in this privacy notice that utilize services from U.S. providers with an adequate level of protection, the legal basis "Data Privacy Framework" is indicated.
Whether a provider is certified under the Data Privacy Framework can be verified directly on the Data Privacy Framework's official website.

If a provider is not certified under the Data Privacy Framework, this is explicitly mentioned under the relevant purpose, and a valid alternative legal basis is provided.

​

Standard Contractual Clauses

To enable the transfer of data to countries without an adequacy decision, the EU Commission has established contract templates (Standard Contractual Clauses). These Standard Contractual Clauses obligate the contracting parties to maintain a level of data protection that is comparable to that within the EU. These contractual texts are made available through the website of the European Union.
In English, Standard Contractual Clauses are referred to as "Standard Contractual Clauses" and abbreviated as "SCC."

​

Cookies and Local Storage

This website stores personal data and information in cookies, session storage, and local storage. Processing is carried out based on the legal basis specified for each respective service.
How your web browser handles cookies and local storage, which types of storage are allowed or rejected, and for how long data is processed, can be configured in your browser settings.
Some services, such as Stripe, may set security-relevant cookies to detect fraud and secure transactions.

​

Storage Duration

We store your personal data only as long as necessary to fulfill the purposes mentioned above or as long as contractual or legal retention periods exist.

​

Data Disclosure

We only disclose your personal data to third parties if required by law, if necessary to provide our services, or if you have consented to the disclosure. We will never sell your data to third parties without your explicit consent.

Data may be disclosed, as necessary, to the following categories of recipients:

  • Data processors mentioned in this privacy policy

  • Banks and payment service providers (payment processing)

  • Shipping service providers (delivery of goods and invoices)

  • Tax consultants (accounting and annual financial statements)

  • Collection agencies (debt collection)

  • Lawyers (assertion of legal claims)

​

​

Protection of Personal Data

We protect personal data through appropriate technical and organizational measures that comply with current industry standards. This includes, where possible, in particular the pseudonymization and encryption of personal data during transmission and storage.

​

Withdrawal of Consent

If you have given consent for the processing of your personal data for a specific purpose based on Article 6(1)(a) GDPR, you may withdraw this consent at any time. The lawfulness of the processing carried out based on the consent up to the point of withdrawal remains unaffected by the withdrawal.

​

Mandatory Provision of Data and Consequences of Non-Provision When Visiting the Website

The provision of personal data for visiting our website is neither legally nor contractually required. You may withhold your personal data by choosing not to visit this website. However, for certain functions on our website, failure to provide data may result in those functions not being available for use.

​

Mandatory Provision of Data and Consequences of Non-Provision When Using Services

There is no legal or contractual obligation to provide personal data. Failure to provide such data will result in no offer being made or no contract being concluded, and the services offered therefore cannot be provided.

For the use of our services, the provision of personal data is in part legally required (e.g., tax regulations) or may result from contractual requirements (e.g., details of the contracting party).

In the case of consent to the processing of personal data, there is no legal or contractual obligation to provide such data. However, failure to give consent may, depending on the nature of the consent, result in a contract not being concluded or the service not being fully usable.

​

Data Subject Rights

Right of Access
You have the right to request information at any time about your personal data stored by us and to receive a copy of this information. Furthermore, you have the right to request confirmation as to whether relevant personal data is being processed.

​

Right to Rectification
If your data is incorrect or incomplete, we will correct it upon request.

​

Right to Data Portability
If we process your personal data automatically with your consent or based on a corresponding agreement, you have the right to request a copy of your data in a structured, commonly used, and machine-readable format, which can be sent to you or another party. This only applies to personal data that you have provided to us.

​

Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data under certain circumstances.

​

Right to Erasure
You have the right to have personal data processed by us deleted — provided this is legally permissible.

​

Right to Object
You can object to the processing of your personal data, for example, by not using certain services. If you object to the processing of your personal data for specific purposes, this may result in the associated services not being available.

​

Right to Lodge a Complaint
If you believe that we are not processing your personal data correctly, you may contact us. You also have the right to lodge a complaint with a supervisory authority. Further information about supervisory authorities in the European Union can be found here.

​

All rights can be exercised by contacting us via the email address provided at the beginning of this privacy policy.

​

Changes to This Privacy Notice

We will update this privacy notice from time to time. All changes will be published on this page with an updated revision date.

​

​

​

​

Texting
bottom of page