Privacy Policy

We, BRYTER GmbH (hereinafter “we” or “BRYTER”) are pleased about your interest in our company.

With this privacy policy, we inform you about our approach to privacy by explaining why and how we process your personal data and

With this privacy policy we inform you about our approach to privacy by explaining why and how we process your personal data and explaining your rights. This privacy policy applies to all situations in which BRYTER processes your personal data. This implies visiting the BRYTER website, using all BRYTER products such as the BRYTER Platform and BRYTER Policy AI, and other situations mentioned in this privacy policy.

If you are in a contractual relationship with BRYTER and a Data Processing Addendum (“DPA”) has been concluded between you and BRYTER, the DPA applies in addition to this privacy policy. The BRYTER DPA can be found here.

1. Name and contact details of the controller as well as operational data protection officer

This data privacy policy shall apply to data processing activities by the following controller:

Biebergasse 2
60313 Frankfurt am Main

Legal representatives: Michael Grupp, Dr. Micha-Manuel Bues, Michael Hübl, to be reached under the above contact details.

The operational data protection officer can be reached as follows:

HeyData GmbH
Kantstraße 99
10627 Berlin

Affiliates of the controller:

33 Irving Place
Suite 5007 
New York, NY 10003, USA

BRYTER Services UK Limited
21-33 Great Eastern St
London EC2A 3EH, UK

2. Subject matter of data protection

The subject matter of data protection is personal data. This means any information relating to an identified or identifiable natural person (‘data subject’). These include e.g. information such as name, postal address, e-mail address or telephone number.

Specific information on the personal data processed by us can be found below in detail in the data processing operations listed.

3. Collection and storage of personal data as well as the nature and purpose of their processing

a. When visiting the website

When visiting and using our website, the browser used on your end device will automatically send information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your end and stored until the purpose or legal basis for storage ceases to apply.

  • internet protocol address of the requesting computer
  • date and time of the access
  • website that is viewed
  • browser used

The data mentioned are processed by us for the following purposes:

  • ensuring smooth establishment of the website’s connection
  • ensuring comfortable use of our website
  • evaluation of system safety and stability, as well as
  • other administrative purposes

The legal basis for data processing activities shall be Article 6 (1)(f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. In no case shall we use any collected data for the purpose of drawing conclusions about you as a person.

Furthermore, we use cookies and further services when you visit our website. More detailed explanations on this can be found in sections 6 and 7 of this privacy policy.

b. Customer Relationship Management

We offer you the option to contact us via email to purchase access to the BRYTER platform. Thereto you need to send a request to In this context we process the following personal data: name and email address. 

If you will enter or have entered a customer relationship with BRYTER we will process general customer personal data. It may be linked to contract conditions, orders, support and service fulfillment (emails, service requests, service reports, invoices), to carry out existing, potential or to conclude contractual relationships.

The legal basis for data processing activities shall be Article 6 (1)(f) GDPR. Our legitimate interests follow from the requirement to manage all our customer relationships and interactions with you (e.g. customer acquisition, retention expansion, and offboarding).

c. Subscribing to our Newsletter

If you have consented pursuant to Article 6(1)(a) GDPR, we will use your email address, name, surname and company affiliation to send you our newsletter at regular intervals.

You can revoke your consent at any time for the future, e.g. by using a link at the end of each newsletter.

d. When using our contact form, email contact or downloading content

You can contact us via our website contact form. We will use your email address, name, surname and company affiliation to answer your request.

Besides, we offer several possibilities to contact us by email addresses provided on our website. Any personal data transmitted via email will be stored in the respective email. We will always try to avoid any unsolicited contact.

The legal basis for data processing activities shall be Article 6 (1)(f) GDPR. Our legitimate interests follow from the fact to reply to your questions and stay incontact with you.

Our website also offers the possibility to download guides and reports. To proceed with the download, you will have to enter your email address, name, surname, company affiliation and job title. You will also get informational updates on our products and services occasionally, when having downloaded the aforementioned.

The legal basis for data processing activities shall be Article 6 (1)(a) GDPR, your consent.

e. Recruitment and Onboarding

We collect application relevant documentation provided by the candidate. In general, it includes name, surname, e-mail address, address, phone number, a cover letter and the CV and a link to the applicant’s LinkedIn profile or website. Moreover, certain information can be provided for self-identification under local US law (gender, race or ethnicity, veteran status, disability). Do disregard this section unless it is required by local law.

Depending on whether your application is successful, we need further information to enter into an agreement/employment relationship with you. This may be: date of birth, bank account details, insurance number, work permits, disabilities if legally required under local law etc. We will also conduct automated checks against applicable sanctions-party lists.

Please do not include in your CV and cover letter information about political opinions, religious beliefs, and similar sensitive data. They are not required for your application.

The legal basis for data processing activities during the recruitment process is the respective national employment law or Article 6(1)(b) GDPR (i.e., the processing is necessary for entering into or the performance of a contract with you).

If you provide any information in relation to e.g. referees, you are responsible for obtaining their consent and ensuring that they are aware that their details can be forwarded.

Where we obtain publicly available information about you from business- and employment- oriented social networks or websites, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interests follow from the fact that we wish to conduct a proper assessment of an applicant.

When we do a video interview with you it might happen that we ask for a recording. We will always ask for your consent whether to record or not, pursuant to Article 6(1)(a) GDPR. Please note – whether you consent is totally up to you. You have the right to revoke your consent at any time without reasons with effect for the future.

BRYTER uses the applicant tracking system & recruiting software Teamtailor for its hiring process. It is used to coordinate the application process, to monitor the status of applications and to communicate with candidates and within the team. Only BRYTER employees who are involved in the application process for the respective position have access to the candidate’s data. We have a specific Cookie policy for Teamtailor which can be found here.

The applicant data will be deleted by us six months after the end of the respective application procedure. This is necessary for the burden of proof in the event of a legal claim based on the German General Equal Treatment Act (AGG). 

f. BRYTER Academy & BRYTER Open

BRYTER’s learning platform for students – BRYTER Academy – enables us to provide online courses and learning material to interested participants. Personal data collected during the onboarding process and course participation is: name, email address, courses, interaction time, login times, progress.

The legal basis for the processing of participants’ data is Article 6(1)(b) GDPR.

BRYTER Open gives non-profits, NGOs and academic institutions the power of our platform for free. If you are using these services, our Customer relationship management section applies to the data collected as well as further privacy information provided on the signed-up service.

g. Additional Purposes for Processing

The data mentioned above are also processed by us for the following purposes:

  • To enable you to take part in events or complete surveys
  • To provide, maintain, improve, and enhance our services 
  • To understand and analyze how you use our services and develop new products, services, features, and functionalities and deliver relevant website content or measure the effectiveness of our advertising activities  
  • To find and prevent fraud, and respond to trust and safety issues that may arise; and 
  • For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency 
  • Procurement of goods and services

The legal basis for data processing activities shall be Article 6 (1)(f) GDPR. Our legitimate interests follow from the purposes listed above for data collection.

4. Categories of recipients

Your personal data will be disclosed to the following parties: 

a. BRYTER internal

We may share your personal data with our affiliates, when supporting us in the processing activity. The legal basis for such transfer is BRYTER’s legitimate interest as we provide services with cross-country teams, to guarantee smooth operations. When personal data is leaving the European Union, necessary contractual safeguards have been put in place.  

b. Third party recipients 

We may engage third parties. These may be:  

  • companies and individuals (e.g. freelancer, consultants) who assist us in providing our services (e.g. payment, credit control, sanctions checks, marketing services, ICT services).  
  • those receiving personal data as required by law (for example if required by a court order) and under similar circumstances.  
  • companies’ personal data is shared with in connection with a merger, sale, or other asset transfer. Thereto we may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this privacy policy in effect at the time the applicable information was collected; and third parties to whom you have consented to the disclosure of personal data. 

5. Transferring your personal data

Your personal data will be e. g. shared with third parties and partly their sub-processors based also outside of the European Economic Area.

Third parties will only use your personal data to the extent necessary to perform their functions and are contractually bound to adhere to an appropriate level of personal data protection.

Those to be mentioned are the following:

  • We use the cloud software services of Amazon Web Services (“AWS”) for the purpose of being able to offer our service – also BRYTER Academy and BRYTER Open. For more information, please see AWS’ privacy policy ( We use AWS-servers that are based in the EU. AWS is based in the USA and legal basis for the transfer to AWS are the new EU Commission’s Standard Contractual Clauses. 
  • Asana, Inc.;
  • Datadog Inc.;
  • DocSend Inc.;
  • DocuSign, Inc.;
  •, Inc.;
  • Google LLC;
  • Heap Inc.;
  • Highspot, Inc.;
  • Intercom, Inc.;
  • LearnWorlds Ltd.;
  • LinkedIn, Inc.;
  • Microsoft Corp.;
  • Notion Labs, Inc.;
  • Slack Technologies, Inc.;
  • Twitter; Inc.; 
  • Zendesk, Inc;
  • Zoom Video Communications, Inc.

The agreements specify who fulfills which data protection obligations, regarding ensuring an appropriate level of security and the implementation of your data subjects’ rights. We will be pleased to provide you with the essential content of the agreements. Please do not hesitate to contact us using the contact details given above.

6. Cookies

We would like to provide you with a pleasant online experience with our website and use cookies for this purpose within the framework of Article 6(1)(a) GDPR or Article 6(1)(f) GDPR.

For this purpose, we use various cookies to ensure the functionality of our website and to make the website as informative and user-friendly as possible for you. It is important to us that you surf comfortably on our website and therefore the constant optimization of our website is of great importance to us.

Here you can find out which cookies we use on our website and for demo purposes, how they work and how you can object to the processing of your personal data in detail or delete the personal data collected here.

You can deactivate some cookies by setting an opt-out cookie or by following the link above. 

In addition, you can delete individual cookies or the entire cookie stock via your browser settings. Information and instructions on how to delete these cookies or block their storage in advance can be found, depending on the provider of your browser, under the following links: 

If you do not allow technically required cookies, performance cookies and/or functional cookies, we would like to inform you that certain functionalities on our website are no longer available or are only available to a limited extent. 

7. Integration of further services

Name of the service Service provider Description of the service Legal basis Link to the privacy policy of the provider 
Vimeo Vimeo, Inc, 555 West 18th Street New York, New York 10011, USA Integration of video content on the website Article 6(1)(1)(f) GDPR  
YouTube Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5, Irland Integration of video content on the website Article 6(1)(1)(f) GDPR 

8. Deleting your personal data

Your personal data will be retained as long as necessary to fulfil the legitimate purpose(s) for the processing and as long as required by law. 

9. Rights of the data subject

You have the right:

  • to demand information in accordance with Article 15 GDPR regarding the processing of your personal data by us. In to demand information in accordance with Article 15 GDPR regarding the processing of your personal data by us. In particular, you may request information on the purposes of the processing, the categories of personal data, the categories of recipient to whom your data have been or are disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data to the extent that these were not collected at our site, and the existence of automated decision-making, including profiling and any meaningful information on its details; 
  • in accordance with Article 16 GDPR, obtain the rectification of any inaccurate personal data stored by us or completion of such data without undue delay; 
  • in accordance with Article 17 GDPR, obtain the erasure of your personal data stored by us, to the extent that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; 
  • in accordance with Article 18 GDPR, obtain the restriction of processing of your personal data, to the extent that the accuracy of the data is contested by you, processing is unlawful, but you oppose erasure and we no longer need the personal data, but you still require them for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21 GDPR; 
  • in accordance with Article 20 GDPR, demand to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller; 
  • in accordance with Article 7(3) GDPR, to withdraw your consent once given to us towards us at any time. This has the consequence that we may no longer continue the data processing activities that were based on this consent in future and 
  • in accordance with Article 77 GDPR, lodge a complaint with a supervisory authority. Usually, you may contact the supervisory authority at your habitual residence or place of work or our registered office for this. 

10. Right to object

As far as your personal data are processed based on legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right to object to processing of your personal data in accordance with Article 21 GDPR, to the extent that there are grounds relating to your particular situation or the objection is targeted against direct marketing. In the latter case, you have a general right to object that will be implemented by us without any indication of a particular situation. 

If you want to exercise your withdrawal right or right to object, simply send us an email to

11. How to exercise your rights

You can also exercise the rights listed above at any time by contacting us at

12. Further information

In accordance with Article 13(2)(e) GDPR we would like to inform you about the following:

The provision of personal data is neither a statutory nor contractual requirement, nor a requirement necessary to enter into a contract. You are not obliged to provide the personal data. There are no consequences resulting from failure to provide such data.

In accordance with Article 13(2)(f) GDPR we would like to inform you about the following:

We do not process your personal data for the purpose of automated decision-making or to develop, improve, or train AI models or machine learning models.

13. Data security

Within the website visit, we use the common SSL procedure (Secure Socket Layer) in conjunction with the respective highest encryption level your browser supports. This usually is 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. Whether an individual website of our internet offer is transmitted encrypted or not is evident by the closed display of the key or lock symbol in the lower status bar of your browser.

Apart from this, we use appropriate technical and organisational security measures in order to protect your data from accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties.  Our security measures are continuously improved in response to technological developments and the ever-changing threat landscape.

14. Third Parties

Our website may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

15. Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our website is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at

16. Topicality and changes of this data privacy statement

This privacy policy is currently valid as of April 2024. 

Further development of our website and offers through it or changed statutory or authority specifications may require changes to this privacy policy. You may call and print the respective current data privacy statement at any time on the website. If we materially change the ways in which we use or share personal data previously collected from you, we will notify you through the website, by email, or other means of communication. 

Book a personalized demo