Book a demo

Privacy Policy

This privacy policy applies to the use of personal data when using the website ygo.ai

The basis of effective data protection is comprehensive information about the collection, processing and use of your data ("data processing").

Therefore, we would like to inform you:

  • When and for which actions we process data
  • Which data we process for which reasons
  • Who receives data
  • What rights you have regarding data processing by us.

1. Contact Information

The Data Protection Officer and controller within the meaning of the General Data Protection Regulation (GDPR) is:

YGO GmbH
Managing Director: Julian Kögel
Möbelhof 5
14478 Potsdam
Germany

Email: privacy@ygo.ai

2. General Information on Data Processing

2.1 Scope of Processing Personal Data

There is no obligation to provide data, but using the YGO platform requires the processing of various information. As a user of our digital services, you are not subject to automated decision-making within the meaning of Art. 22 GDPR. We do not conduct profiling activities.

The following personal data may be processed through the digital services:

  • Contact details like: first name, last name, company name and size, phone number, email address
  • Connection data and device information:
    • IP address, date, time of request
    • Time zone difference to GMT, content of the request (specific page), amount of data transferred
    • Operating system and its interface
    • Access status / http status code, browser, language and version of browser software
    • Requesting website
    • Device identification
    • Unique device number (IMEI)
    • Unique network subscriber number (IMSI), mobile phone number
    • MAC address
    • Name of the mobile device

2.2 Purposes of Processing

Personal data is processed for the following purposes with their respective legal bases:

  • Contract fulfillment (Art. 6 Para. 1 lit. b GDPR): To fulfill obligations and services to the user from the user agreement concluded with them. This particularly includes the ability to find travel offers from third-party providers via the ygo.ai website.
  • Contract fulfillment (Art. 6 Para. 1 lit. b GDPR): To inform users about product adjustments and new features essential to the service.
  • Contract fulfillment (Art. 6 Para. 1 lit. b GDPR): Provision of customer services, such as processing questions and comments.
  • Legitimate interest (Art. 6 Para. 1 lit. f GDPR): Provision of information via email or other forms of electronic notification regarding product usage, requests, technical and other notices about security, privacy and administrative issues related to the use of the services. Our legitimate interest lies in maintaining service quality and security.
  • Legitimate interest (Art. 6 Para. 1 lit. f GDPR): To optimally adapt the product to customer needs. Our legitimate interest is improving our services.
  • Legitimate interest (Art. 6 Para. 1 lit. f GDPR): Creation of anonymized datasets from personal data to improve services.
  • Legal obligation and legitimate interest (Art. 6 Para. 1 lit. c and f GDPR): For protection against fraudulent, unauthorized, unlawful actions, and for the detection and prevention of fraud.

2.3 Recipients of Data

We only pass on your data to third parties if this is legally permissible and necessary for the processing of contractual relationships with you. Categories of recipients may include:

  • Hosting and infrastructure providers (servers located in Germany/EU)
  • IT service providers for maintenance and support
  • Travel service providers (when you request specific travel services)
  • Payment service providers (when processing transactions)
  • Legal, tax and business consultants (in case of legal obligations)
  • Government authorities (in case of legal obligations)

2.4 Data Retention and Deletion Periods

We delete personal data as soon as the legal basis for its processing no longer applies, unless there is an obligation to continue storing the data to fulfill a legal retention obligation. Specifically:

  • Account data: Deleted upon account deletion or 3 years after last activity
  • Contract data: 6 years after contract termination (according to § 257 HGB)
  • Tax-relevant data: 10 years (according to § 147 AO)
  • Server log files: Automatically deleted after 30 days
  • Contact form inquiries: Deleted after 6 months if no contract is concluded

You can delete or change the data in your account yourself at any time.

3. Website Usage and Cookies

3.1 SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

3.2 Server Log Files

The provider of the pages automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address (anonymized after 7 days)

This data is processed on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the technically error-free presentation and optimization of our website.

3.3 Cookies

Our website uses only technically necessary cookies that are essential for the basic functionality of the website. We do not use marketing or tracking cookies. The cookies we use include:

  • Session cookies: Deleted automatically when you close your browser. These enable basic website navigation.
  • Functional cookies: Store your preferences (e.g., language settings) for up to 12 months.

The legal basis for using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in providing a functional website. You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases. Disabling cookies may limit the functionality of this website.

3.4 Contact Forms and Email Contact

If you contact us via contact form or email (including demo booking), the data you provide will be stored for processing your inquiry and in case of follow-up questions. The legal basis is Art. 6 Para. 1 lit. b GDPR (contract initiation) or Art. 6 Para. 1 lit. f GDPR (legitimate interest in customer communication).

4. Technical and Organizational Measures

We implement appropriate technical and organizational measures according to Art. 32 GDPR to ensure a level of protection appropriate to the risk. These include:

  • Encryption of data transmission (SSL/TLS)
  • Regular security updates and patches
  • Access controls and authentication systems
  • Regular data backups
  • Employee training on data protection
  • Confidentiality agreements with employees and service providers
  • Physical security measures for servers
  • Logging and monitoring of data access

5. Processing of Minors' Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as soon as possible.

6. Right to Object and Revocation

To the extent that data processing is based on your consent or our legitimate interest, you have the right to object to the processing or revoke your given consent at any time. Your objection or revocation only has effect for the future. You can contact privacy@ygo.ai at any time to exercise your right of objection or revocation. If you object to processing based on our legitimate interest, we may still continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.

7. Rights of Data Subjects

To the extent that data relating to you is processed, you have the following rights as a data subject regarding this data. To exercise these rights, you can contact us using the contact details provided above.

Right to Information according to Art. 15 GDPR

You have a right to information about your personal data processed by us. This includes the mandatory information presented in Art. 15 GDPR.

Right to Rectification according to Art. 16 GDPR

You have the right to immediate correction of incorrect and completion of incomplete personal data.

Right to Erasure according to Art. 17 GDPR

You have the right to request the deletion of your personal data if one of the reasons listed in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to Restriction of Processing according to Art. 18 GDPR

You have the right to request the restriction of processing of your personal data if one of the reasons listed in Art. 18 GDPR applies, in particular at your request instead of deletion of the data.

Right to Data Portability according to Art. 20 GDPR

You have the right to request all personal data stored about you with us in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided.

Right to Lodge a Complaint with the Competent Supervisory Authority, Art. 77 GDPR

According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you. The competent supervisory authority for YGO GmbH is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
Telephone: +49 (0)33203 356-0
Email: poststelle@lda.brandenburg.de

8. Data Transfer to Third Countries

Data transfer to third countries only takes place if you have given your express consent (Art. 6 Para. 1 lit. a GDPR), to fulfill contractual obligations (Art. 6 Para. 1 lit. b GDPR), due to a legal obligation (Art. 6 Para. 1 lit. c GDPR) or based on our legitimate interests (Art. 6 Para. 1 lit. f GDPR).

In addition, we only have your data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. We use the Standard Contractual Clauses (SCC) of the European Commission as adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

Currently, we primarily process data within the EU/EEA. If data is transferred to a third country, this occurs only with appropriate safeguards in place and you will be informed accordingly.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Art. 34 GDPR, unless an exception applies.

10. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.

Status: 13.08.2025