Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (“GDPR”) is:

we4 Solutions GmbH
Gistlstr. 103
82049 Pullach i. Isartal
Germany

Represented by the managing directors:
Dr. Laila Neuthor
Johannes Thomas Philipp Humbert

E-mail: contact@we4solutions.ai
Website: https://we4solutions.ai

2. General information

We take the protection of personal data seriously. Personal data means any information relating to an identified or identifiable natural person, for example name, e-mail address, IP address, communication data or usage data.

We process personal data only to the extent permitted by applicable data protection laws, in particular on the basis of the GDPR, the German Federal Data Protection Act (“BDSG”) and relevant sector-specific legal provisions.

This Privacy Policy explains which personal data we process when our website is used and when you communicate with us, for what purposes such processing takes place and which rights data subjects have.

3. Purposes and legal bases of processing

We process personal data in particular for the following purposes:

• provision, operation, security and technical stability of our website
• handling of contact requests and other communication
• preparation, performance and administration of business relationships
• provision of information about our services
• compliance with legal obligations
• safeguarding legitimate interests, in particular IT security, prevention of misuse, documentation and enforcement of legal claims

Depending on the specific case, processing is carried out on one or more of the following legal bases:

• Art. 6 para. 1 lit. a GDPR, where consent has been given
• Art. 6 para. 1 lit. b GDPR, where processing is necessary for pre-contractual measures or the performance of a contract
• Art. 6 para. 1 lit. c GDPR, where a legal obligation applies
• Art. 6 para. 1 lit. f GDPR, where processing is necessary to safeguard legitimate interests and no overriding interests or fundamental rights of the data subject prevail

4. Website visits and server log files

Each time our website is accessed, the browser on the end device automatically transmits information to our website server. This information may in particular include:

• IP address
• date and time of the request
• page or file accessed
• amount of data transferred
• referrer URL
• browser type and browser version
• operating system and its interface
• language settings
• access status and HTTP status code

These data are technically required to display the website, ensure the stability and security of the website and analyse errors. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in providing a secure, functional and user-friendly website.

Server log files are stored only for as long as necessary for the purposes stated above and are then deleted or anonymised, unless a statutory retention obligation or a legitimate interest in longer storage applies.

5. Contacting us

If you contact us by e-mail, contact form, telephone or other communication channels, we process the data you provide. This may in particular include:

• name
• e-mail address
• telephone number
• company and role
• content of the enquiry
• communication and metadata

Processing takes place in order to handle your enquiry, communicate with you and, where applicable, prepare or perform a contractual relationship. The legal basis is Art. 6 para. 1 lit. b GDPR where the enquiry relates to a contract or pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the appropriate handling of incoming enquiries.

6. Business contacts and B2B communication

In the context of business relationships, we process personal data of contact persons at customers, prospects, partners, service providers and other organisations. This may in particular include names, business contact details, role, company, communication content, contract data and project-related information.

Processing is carried out for the initiation, performance and administration of business relationships, project communication, service provision and compliance with legal obligations. The legal basis is Art. 6 para. 1 lit. b GDPR where the data subject is themselves a contractual party, and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the performance and organisation of our business activities.

7. Newsletters, invitations and professional information

Where we offer newsletters, event invitations or comparable professional information, we process the contact details and communication preferences required for this purpose.

Such communication is generally sent on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw consent at any time with effect for the future, for example via an unsubscribe link or by notifying us.

Where we send existing business contacts information about our own similar services, processing may be based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in direct communication with existing business contacts. You may object to this processing at any time.

8. Cookies and similar technologies

Our website may use cookies and similar technologies. Cookies are small text files stored on the end device that contain certain information.

We distinguish in particular between:

• technically necessary cookies required for the operation, security and basic functions of the website
• functional cookies enabling certain convenience functions
• analytics or marketing cookies that may be used for reach measurement, optimisation or interest-based communication

Technically necessary cookies are used on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in providing a functional and secure website.

Non-essential cookies and similar technologies are used only where consent has been given. The legal basis is then Art. 6 para. 1 lit. a GDPR. Consent that has been given may be withdrawn at any time with effect for the future.

9. Web analytics and reach measurement

Where we use services for web analytics or reach measurement, this is done only in accordance with the applicable data protection requirements and, where required, on the basis of consent.

Such services can help us understand how our website is used, which content is relevant and how we can improve our offering. In this context, usage data, technical data, truncated or full IP addresses, device information and interaction data may in particular be processed.

If specific analytics or marketing services such as Google Analytics, Matomo, LinkedIn Insight Tag or comparable services are used on the website, the respective providers, purposes, legal bases, retention periods and objection or withdrawal options will be identified separately in this Privacy Policy or in a consent banner.

10. External links and online profiles

Our website may contain links to external websites and online profiles, for example LinkedIn or partner websites. If you follow such a link, the privacy provisions of the respective provider apply. We have no influence over which data these providers process.

If you interact with our profiles on external platforms, personal data may be processed by the respective platform provider and by us. The platform provider’s own privacy information applies to processing by that provider.

11. Recipients of personal data

Within we4 Solutions GmbH, only those persons who require access to personal data in order to perform their tasks receive such access.

We may disclose personal data to external service providers who support us in particular in the following areas:

• hosting and operation of the website
• IT administration and security
• e-mail and communication services
• CRM, project management and document management
• tax advice, legal advice and accounting
• analytics, consent or marketing services, where used

Where service providers process personal data on our behalf, we conclude data processing agreements with them pursuant to Art. 28 GDPR.

Disclosure to other third parties takes place only where this is permitted or required by law, where it is necessary for contract performance, where consent has been given or where legitimate interests justify such disclosure.

12. Transfers to third countries

Personal data may be processed outside the European Union or the European Economic Area where service providers or platform providers use corresponding systems.

Where personal data are transferred to a third country, we ensure that the legal requirements for such transfer are met. This may in particular be based on an adequacy decision of the European Commission, EU Standard Contractual Clauses or other suitable safeguards.

13. Processing in connection with our services

we4 Solutions GmbH develops and operates AI-supported software solutions and provides operational services for the insurance industry. Where we process personal data on behalf of our customers in connection with such services, this is carried out on the basis of a separate data processing agreement pursuant to Art. 28 GDPR or another appropriate data protection agreement.

In these cases, the respective customer is generally the controller under data protection law. we4 Solutions GmbH then processes personal data only on the customer’s documented instructions and within the contractually agreed scope.

Where special categories of personal data within the meaning of Art. 9 GDPR are processed, in particular health data, this is done exclusively on the basis of an appropriate legal basis and corresponding contractual, technical and organisational safeguards.

14. Retention period

We store personal data only for as long as necessary for the respective purposes. Thereafter, the data are deleted or anonymised unless statutory retention obligations, evidentiary interests or other legitimate reasons for further storage apply.

Business and contract-related documents may in particular have to be retained for several years due to commercial and tax law obligations.

15. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration or disclosure. Such measures may in particular include access restrictions, encryption, logging, authorisation concepts, backup measures and contractual obligations of service providers.

16. Rights of data subjects

Subject to the statutory requirements, data subjects have in particular the following rights:

• right of access pursuant to Art. 15 GDPR
• right to rectification pursuant to Art. 16 GDPR
• right to erasure pursuant to Art. 17 GDPR
• right to restriction of processing pursuant to Art. 18 GDPR
• right to data portability pursuant to Art. 20 GDPR
• right to object pursuant to Art. 21 GDPR
• right to withdraw consent with effect for the future pursuant to Art. 7 para. 3 GDPR
• right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR

To exercise your rights, you may contact us at contact@we4solutions.ai.

17. Right to object

Where we process personal data on the basis of Art. 6 para. 1 lit. f GDPR, data subjects have the right to object to such processing at any time on grounds relating to their particular situation.

Where personal data are processed for direct marketing purposes, there is an unconditional right to object to such processing at any time. In the event of an objection, we will no longer process the personal data for this purpose.

18. No automated decision-making on the website

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place when this website is used that produces legal effects concerning website visitors or similarly significantly affects them.

19. Changes to this Privacy Policy

We may amend this Privacy Policy if our website, our processes, the services used or legal requirements change. The version published on this website at the relevant time shall apply.

20. Language note

This English version is provided for convenience. In case of doubt or conflict, the German version shall prevail.

21. Last updated

Last updated: 07.05.2026