Legal

Privacy Policy

Last updated: January 7, 2026

This privacy policy explains how layline.io GmbH ("layline.io", "we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services, in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

The controller responsible for the processing of your personal data on this website is:

layline.io GmbH

Flughafenstr. 52a

22335 Hamburg, Germany

Email: hello@layline.io

2. Data Protection Officer

If you have any questions about how we handle your personal data, you can contact our Data Protection Officer:

Andrew Tan

Email: ds@layline.io

3. What Data We Collect

We collect and process the following types of personal data:

3.1 Server Log Data

When you visit our website, our hosting provider automatically collects technical information including your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in ensuring website security and functionality.

3.2 Contact Form Data

When you contact us via our website forms, we collect the information you provide, such as your name, email address, company name, and message content. We use this data solely to respond to your inquiry.

Legal basis: Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

3.3 Analytics Data

With your consent, we collect anonymized usage data through Google Analytics to understand how visitors use our website and to improve our services.

Legal basis: Consent (Art. 6(1)(a) GDPR).

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our website
  • To respond to your inquiries and requests
  • To analyze website usage and improve our services (with consent)
  • To ensure the security of our website
  • To comply with legal obligations

4.1 Legal Bases for Processing

We process personal data under the following legal bases, depending on the purpose:

  • Art. 6(1)(a) GDPR: Consent (e.g., analytics cookies)
  • Art. 6(1)(b) GDPR: Contract performance or pre-contractual measures (e.g., responding to inquiries)
  • Art. 6(1)(c) GDPR: Legal obligation
  • Art. 6(1)(f) GDPR: Legitimate interests (e.g., website security, fraud prevention, service improvement)

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Server logs: Deleted after 30 days
  • Contact form data: Retained for the duration of our business relationship, then deleted after 3 years unless legal retention requirements apply
  • Analytics data: Automatically deleted after 14 months
  • Cookie consent preferences: Stored locally in your browser until you clear your browser data or withdraw consent
  • Transactional emails (e.g., confirmations): Retained as required for service delivery and statutory retention periods

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and to access that data. (Art. 15 GDPR)

Right to Rectification

You have the right to request correction of inaccurate personal data. (Art. 16 GDPR)

Right to Erasure

You have the right to request deletion of your personal data under certain conditions. (Art. 17 GDPR)

Right to Restriction

You have the right to request restriction of processing of your personal data. (Art. 18 GDPR)

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format. (Art. 20 GDPR)

Right to Object

You have the right to object to processing based on legitimate interests. (Art. 21 GDPR)

To exercise any of these rights, please contact our Data Protection Officer at ds@layline.io.

If processing is based on consent, you can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of processing before withdrawal.

6.1 Automated Decision-Making

We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR.

7. Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our website.

Essential Cookies

These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and remembering your cookie preferences. You cannot opt out of these cookies.

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We only set these cookies with your explicit consent.

Cookie Preferences

Manage which cookies you allow us to use on this website

8. Third-Party Services

We use the following third-party services that may process your personal data (as processors where applicable):

Netlify (Hosting)

Our website is hosted by Netlify, Inc., 2325 3rd Street, Suite 296, San Francisco, CA 94107, USA. Netlify processes server log data including your IP address to deliver our website content.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in providing a fast and reliable website.

View Netlify Privacy Policy →

Resend (Email Delivery)

We use Resend, Inc. to send transactional emails, such as contact form confirmations. When you submit a contact form, your email address and message content may be processed by Resend.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

View Resend Privacy Policy →

Google Analytics

With your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to help us analyze how visitors use our website. We have enabled IP anonymization.

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time through our cookie preferences.

View Google Privacy Policy →

OpenStreetMap

We use OpenStreetMap, operated by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, to display maps on our website. When you view a page containing a map, your browser connects to OpenStreetMap servers and may transmit your IP address.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in displaying location information.

View OpenStreetMap Privacy Policy →

Unsplash (Images)

We use images from Unsplash, operated by Unsplash Inc., 500-400 rue McGill, Montreal, QC H2Y 2G1, Canada, to enhance the visual presentation of our website. When you view pages containing Unsplash images, your browser connects to Unsplash servers and may transmit your IP address and browser information.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in providing an engaging visual experience.

View Unsplash Privacy Policy →

8.1 Recipients & Processors

We may share personal data with service providers (processors) that support our website operations (hosting, email delivery, analytics). We have data processing agreements in place where required by Art. 28 GDPR.

9. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA), particularly in the United States. We ensure that appropriate safeguards are in place for any transfer of personal data outside the EEA, including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses SSL/TLS encryption to secure data transmission between your browser and our servers.

11. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str. 22, 7th Floor

20459 Hamburg, Germany

Website: https://datenschutz-hamburg.de

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

layline.io GmbH

Flughafenstr. 52a

22335 Hamburg, Germany

General inquiries: hello@layline.io

Data protection: ds@layline.io