Global Insight Group

Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about the types of personal data we process (hereinafter also referred to simply as “data”), the purposes for which we process them, and the extent of such processing. This Privacy Policy applies to all processing of personal data carried out by us, both in the course of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online services”).

The terms used are gender-neutral.

Effective date: December 29, 2025

Table of Contents

Controller

Global Insight Group LLC
1209 Mountain Road PL NE #10154
Albuquerque, NM, 87110, USA

Authorized Representative: Management

Email Address: contact@global-insight-group.com

Legal Notice: Global Insight Group Imprint

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the categories of data subjects concerned.

Types of Data Processed

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of Data Subjects

  • Communication partners
  • Users

Purposes of Processing

  • Communication
  • Security measures
  • Direct marketing
  • Analytics
  • Tracking
  • Audience building
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Provision of our online offering and user experience
  • Information technology infrastructure
  • Public relations

Legal Bases for Processing

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or in our country of establishment. Should more specific legal bases be relevant in individual cases, we will inform you of these in this Privacy Policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Applicability of Data Protection Laws
The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR), as our online offering is also directed at individuals within the European Economic Area (EEA).

As the controller is established in the United States, personal data may be transferred to the USA. Such transfers are carried out on the basis of the EU-US Data Privacy Framework (DPF) and – where necessary – on the basis of the European Commission’s Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, disclosure, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security incidents. We also take data protection into account during the development or selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

To protect the data of users transmitted via our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the foundations of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or application and the user’s browser (or between two servers), thereby protecting the data from unauthorized access.

TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by “HTTPS” in the URL, signaling to users that their data is transmitted securely and in encrypted form.

In addition, we use the security plugin Solid Security (formerly iThemes Security) to protect against attacks and to ensure the security of this website. In this context, security-relevant data such as IP addresses, timestamps, types of access attempts, and, where applicable, usernames are stored in order to detect and automatically block unauthorized access attempts.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in maintaining a secure and functional website). The collected data is used exclusively for security purposes and is automatically deleted after a maximum of 60 days.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that such data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of such data may include, for example, service providers entrusted with IT-related tasks or providers of services and content that are integrated into our website.

In such cases, we comply with the applicable legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your personal data.

International Data Transfers

If we transfer personal data to a third country (i.e., a country outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or through the disclosure or transfer of data to other persons, entities, or companies (which may be indicated, for example, by the provider’s registered address or explicit references in this Privacy Policy), such transfers are always carried out in compliance with applicable legal requirements.

For data transfers to the United States, we primarily rely on the EU-US Data Privacy Framework (DPF), which has been recognized as providing an adequate level of data protection by the European Commission’s adequacy decision of July 10, 2023. In addition, we have concluded Standard Contractual Clauses (SCCs) with the respective service providers, in accordance with the requirements of the European Commission, which establish contractual obligations to protect your personal data.

This dual safeguard mechanism ensures comprehensive protection of your data:
The DPF serves as the primary layer of protection, while the Standard Contractual Clauses provide an additional safeguard. Should changes occur within the DPF framework, the Standard Contractual Clauses serve as a reliable fallback mechanism. This ensures that your data remains adequately protected even in the event of political or legal changes.

For each service provider, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information about the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce: https://www.dataprivacyframework.gov/ .

For data transfers to other third countries, appropriate safeguards are applied, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Further information on international data transfers and applicable adequacy decisions can be found on the website of the European Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with the applicable legal requirements as soon as the underlying consents are withdrawn or no further legal basis for processing exists. This applies in particular where the original purpose of processing no longer applies or the data is no longer required.

Exceptions apply where legal obligations or legitimate interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal claims or for the protection of the rights of other natural or legal persons, will be stored accordingly.

Our Privacy Policy contains additional information on the retention and deletion of data that applies specifically to certain processing activities.

Where multiple retention periods or deletion deadlines are specified, the longest period shall always apply. Data that is no longer required for the original purpose but is retained due to legal requirements or other reasons will only be processed for the purposes justifying its retention.

Personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected and no statutory retention obligations prevent its deletion.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular pursuant to Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
  • Right of Access: You have the right to request confirmation as to whether personal data concerning you is being processed, and, if so, to obtain access to such data, including further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right to request the correction of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.
  • Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion of personal data concerning you or, alternatively, to request restriction of processing in accordance with applicable legal requirements.
  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Provision of the Online Offering and Web Hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of Data Processed: Usage data (e.g., page views and time spent on pages, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties); Log data (e.g., log files relating to logins, data retrieval, or access times). Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or time of creation).
  • Categories of Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user experience; Information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers). Security measures.
  • Storage and Deletion: Data is deleted in accordance with the provisions outlined in the section “General Information on Data Storage and Deletion”.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Specific Processing Activities, Procedures, and Services:

  • Hosting of the Online Offering: To provide our online services, we use storage space, computing capacity, and software that we obtain from a corresponding server provider (also referred to as a “web hoster”); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called “server log files.” These server log files may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, confirmation of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, for example, to prevent server overload (particularly in the case of abusive attacks such as DDoS attacks), and to ensure the stability and reliability of the servers; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data Retention and Deletion: Log file information is stored for a maximum period of 30 days and is then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
  • Email Transmission and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as additional information related to email transmission (e.g., the providers involved), and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails sent over the internet are generally not fully encrypted. While emails are typically encrypted during transmission, they are usually not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). Therefore, we cannot assume responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Audience Measurement / Web Analytics (Koko Analytics): We use Koko Analytics, a self-hosted analytics plugin for WordPress, to measure the use of our website and to improve our content and website performance. Koko Analytics is configured in “None” mode. In this configuration, no cookies are set for analytics purposes, no returning visitors are identified, and no unique pageviews are generated. Only the total number of pageviews per page is counted.
    The analytics processing takes place locally on our own server. No data is transferred to external analytics providers or other third parties for this purpose. According to the provider, Koko Analytics stores aggregated counts only.
    Where and insofar as data protection law requires a legal basis, the relevant legal basis is explained in the section “Legal Bases for Processing.”
  • Payment Processing (Lemon Squeezy): Payments on this website are processed via Lemon Squeezy, LLC, which acts as the merchant of record. When purchasing products or services, personal data such as name, email address, billing information, and payment details may be processed by Lemon Squeezy. Lemon Squeezy is responsible for payment processing, including applicable taxes and compliance requirements. The processing of this data is necessary for the performance of the contract (Art. 6(1)(b) GDPR) and in our legitimate interest in using a secure and efficient payment provider (Art. 6(1)(f) GDPR). Lemon Squeezy may transfer personal data to third countries, in particular the United States. Such transfers are carried out in accordance with applicable data protection laws, including the EU-US Data Privacy Framework (DPF) and, where applicable, Standard Contractual Clauses (SCCs). For more information, please refer to Lemon Squeezy’s Privacy Policy: https://www.lemonsqueezy.com/privacy
  • Payment Processing (Stripe): Payments on this website may also be processed via Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. When purchasing products or services, personal data such as name, email address, billing information, and payment details may be processed by Stripe. Stripe is responsible for payment processing, including applicable taxes and compliance requirements.
    The processing of this data is necessary for the performance of the contract (Art. 6(1)(b) GDPR) and in our legitimate interest in using a secure and efficient payment provider (Art. 6(1)(f) GDPR).
    Stripe may transfer personal data to third countries, in particular the United States. Such transfers are carried out in accordance with applicable data protection laws, including the EU-US Data Privacy Framework (DPF) and, where applicable, Standard Contractual Clauses (SCCs). For more information, please refer to Stripe’s Privacy Policy: https://stripe.com/privacy

Web Hosting
Our website is hosted by an external service provider (hosting provider). Personal data collected on this website is stored on the provider’s servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access data, and other data generated via the website.

The hosting provider is used for the purpose of fulfilling contractual obligations towards our prospective and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing a secure, fast, and efficient online service through a professional provider (Art. 6(1)(f) GDPR).

Hosting provider:
World4You Internet Services GmbH
Hafenstraße 35, 4020 Linz, Austria
Website: https://www.world4you.com

A data processing agreement (Data Processing Agreement – DPA) has been concluded with the hosting provider.

Search Engine Optimization and Technical Tools

This website uses Google Search Console, a service provided by Google Ireland Limited, to monitor and improve visibility in search results. No personal data of website visitors is directly collected or processed through this tool. The data is used solely for technical analysis and optimization of search performance.

This website is regularly reviewed for technical and legal compliance with the GDPR.
Last GDPR check: December 28, 2025 – Status: OK