Privacy Policy

1. Controller

The controller within the meaning of the GDPR and other national data protection laws of EU member states is:

Noyes Robotics GmbH
Leopoldstraße 37a
80802 München
Germany

E-Mail: info@noyes-tech.com
Web: https://www.noyes-tech.com

2. Data Protection Officer

For questions regarding data protection, please contact our external data protection officer:

E-Mail: datenschutz@confidentdata.de

3. Your Rights as a Data Subject

You have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

With regard to the right of access and the right to erasure, the restrictions pursuant to §§ 34 and 35 BDSG apply.

You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). As Noyes Robotics GmbH is based in Bavaria, the competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Tel.: +49 981 180093-0
E-Mail: poststelle@lda.bayern.de
Web: https://www.lda.bayern.de

4. Information on the Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. f GDPR (legitimate interest); this also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

The objection can be made informally with the subject line "Objection", stating your name and address, to info@noyes-tech.com.

5. Hosting (IONOS)

This website is hosted by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). When our website is accessed, the server automatically collects technical access data and stores it in server log files. This includes:

• IP address of the requesting device in anonymized form
• Date and time of access
• Page accessed and data transferred
• Browser type and operating system
• Referring URL (referrer)

This data is used exclusively to ensure the technical operation of the website and to detect and prevent attacks. It is not merged with other data sources. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and error-free provision of the website).

According to IONOS, visitor data is stored for 8 weeks. IONOS states that visitor data is not transferred to third countries outside the EU. Further information on data processing by IONOS Web Hosting: https://www.ionos.com/help/data-protection/data-processing-of-website-visitors-of-your-ionos-product/data-processing-by-web-hosting-products/

6. Contact Form and HubSpot CRM

Provider: HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland (subsidiary of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA).

Purpose: Provision of the website contact form, handling enquiries, initiating contracts, customer communication, customer management and, only with corresponding consent, newsletter distribution and marketing-related lead attribution.

Type of data processing: When you use our contact form, the data you enter (e.g. name, email address, company, message) is transmitted to HubSpot and processed there in the CRM. We use the EU region of HubSpot (eu1), so your data is stored on servers within the European Union. If you consent to marketing cookies, the HubSpot tracking code may also be loaded to associate website visits with campaigns and later form enquiries.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to enquiries and efficient customer management) and Art. 6 para. 1 lit. b GDPR (pre-contractual measures). For newsletters and marketing cookies, the legal basis is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (consent, withdrawable at any time).

Retention period: The data transmitted to HubSpot will be deleted once it is no longer required for the respective purpose or you request deletion, provided no statutory retention obligations apply. In the case of a contractual relationship, statutory retention periods apply.

Order processing: A DPA pursuant to Art. 28 GDPR has been concluded with HubSpot: https://legal.hubspot.com/dpa

Transfer to third countries: As HubSpot is a US company, data may in exceptional cases be transferred to the USA. Standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are in place.

Privacy policy of the provider: https://legal.hubspot.com/privacy-policy

7. Newsletter and Job Applications

8. Cookie Settings, Analytics and Marketing

When you first visit our website, a cookie banner appears allowing you to manage your consents for optional data processing (analytics, marketing). Your consent or refusal is stored in your browser's local storage (localStorage) under the key noyes_consent_v1.

The stored record contains only your consent decisions (necessary, analytics, marketing) and a timestamp. No personal data is stored. The record is not transmitted to third parties and remains exclusively in your browser.

You can withdraw or adjust your consent at any time via the "Cookie Settings" link in the footer of this website. Upon withdrawal, no further optional data will be processed; the storage of the consent decision itself (technically necessary) remains unaffected.

Legal basis for storing the consent decision: Art. 6 para. 1 lit. c GDPR (legal obligation to demonstrate consent) and Art. 7 para. 1 GDPR.

Optional analytics and marketing services are loaded only after your consent. We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Google Analytics 4 and, with marketing consent, HubSpot tracking. Google Tag Manager is used to manage analytics and marketing tags; Google Analytics 4 helps us evaluate website usage and improve our offering. HubSpot tracking supports the attribution of campaigns, form enquiries and website visits in the CRM.

If analytics or marketing consent is enabled, information such as visited pages, technical browser data, referrer, campaign parameters and pseudonymous identifiers may be processed. The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You can withdraw your consent at any time via "Cookie Settings" in the footer.

With marketing consent, campaign parameters such as utm_source, utm_medium, utm_campaign and comparable click IDs may be stored in localStorage under the key noyes_attribution_v1 so that later form enquiries can be attributed to a campaign. If marketing consent is withdrawn, this record is deleted.

Categories

9. Data Security

We use technical and organisational security measures to protect your personal data from misuse, loss, destruction or access by unauthorised persons. The measures taken correspond to the current state of the art and are continuously updated. The website is transmitted exclusively in encrypted form via HTTPS (TLS).

Nevertheless, we point out that there is always a certain residual risk in internet communication that we cannot completely exclude.

10. Data Deletion and Retention Periods

We store personal data only for as long as necessary for the respective processing purpose or as required by statutory retention obligations.

The following statutory retention periods apply in Germany:

• 10 years for books, records, accounting documents and tax-relevant documents (§ 147 para. 1 AO)
• 6 years for commercial and business letters and other documents (§ 257 para. 1 HGB)

After expiry of the respective period or once the processing purpose ceases to apply, the data will be routinely deleted.

11. Social Media Presence

Purpose: Ensuring the broadest possible online presence.

We operate profiles on various social media platforms. Visiting our profiles triggers numerous data protection-relevant processing operations. Social networks can analyse user behaviour extensively, even when you are not logged in (e.g. via cookies or IP addresses).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a comprehensive online presence).

Please note: The social media links on our website are pure references (no embedded content). Data is only transferred to the platforms when you click the respective link and visit the external platform.

12. Validity and Changes to this Policy

This privacy policy is valid and dated May 2026.

Due to the further development of our website or the implementation of new technologies, it may be necessary to update this privacy policy. We recommend checking this page regularly to stay informed about the current version.