Privacy Policy

Last update: May 2025

General

1. Introduction

The purpose of this privacy policy is to inform you as a user about the collection of personal data on this website. You will also find information on data processing in connection with our MAXQDA Tailwind tool.

The controller is:

VERBI GmbH
Invalidenstr. 74
10557 Berlin
Phone: +49 (0)30 206 33 59 22
E-Mail: cs@maxqda.com

The data protection officer of VERBI GmbH can be contacted at kontakt@datenschutzrechte.de.

2. Retention periods

Unless otherwise stated in this privacy policy, we will store your personal data for as long as is necessary for the purpose for which it was collected. Your personal data will then be deleted unless we are obliged or entitled to retain it for a longer period.

3. Data sharing

Except in the cases mentioned, we only share your personal data with recipients if:

  • you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR,
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c GDPR, or
  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

Data may be passed on to the following recipients, in particular:

  • IT service providers (e.g. hosting providers, maintenance and support of technical systems)
  • Providers of communication services (e.g. e-mail newsletter services)
  • Sales partners and implementation partners, insofar as they are involved in the provision of our services
  • Payment service providers and banks, if required for processing payments
  • External consultants (e.g. tax consultants, lawyers), if necessary to protect our legal interests
  • Authorities and public bodies, insofar as there is a legal obligation to pass them on

All recipients process the data either as data controllers or as part of data processing in accordance with Art. 28 GDPR. In the latter case, they are contractually obliged to process the data only in accordance with our instructions and in compliance with the applicable data protection regulations.

It is possible that some of your personal data may be transferred to recipients in third countries, i.e. countries outside the EU/EEA. Please note that data processed in other countries may be subject to foreign laws and accessible to local governments, courts and law enforcement and supervisory authorities. However, when transferring your personal data to third countries, we will take appropriate measures to adequately secure your data. If there is no adequacy decision by the EU Commission for the recipient country, the transfer of your data to a third country is protected by EU standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard- contractual-clauses-scc_en) with the recipient or binding corporate rules. Otherwise, data will only be transferred if an exception under Art. 49 GDPR is met.

4. Rights of data subjects

In connection with the processing of your personal data, you, as a data subject, have various rights, which we would like to inform you about below. Where the legal requirements are met, you have the right

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time;
  • if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to kontakt@datenschutzrechte.de. You also have a general right of appeal to the data protection supervisory authority.

5. Changes to the privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to the services in the privacy policy.

Additional data protection information for the use of the website

1. Collection and storage of personal data when visiting our website

Below we inform you about the processes relevant to data protection law that take place when you visit our website.

1.1. Cookies

We use cookies on our website. Cookies are small text files that are stored on your device via the Internet browser. They fulfill different purposes:

  • Technically necessary cookies ensure the basic operation of our website. Without them, the website would not work. We do not require consent for this (Section 25 (2) TDDDG). The data processing is based on Art. 6 para. 1 lit. f GDPR.
  • We require your consent for all other cookies – such as functional cookies, marketing cookies and cookies for displaying maps or videos (Section 25 (1) TDDDG). The data processing is based on Art. 6 para. 1 lit. a GDPR.

Detailed information on the cookies and services used can be found in the settings options of the cookie banner or via this Link .

1.2. Log files

Each time you visit our website, we automatically collect data and information from the computer system you use to access the website. The following data is collected:

  • Information about your browser type and the version used
  • Information about your operating system
  • Information about your Internet service provider
  • Date and time of your access
  • Websites that are accessed by your system via our website
  • Your IP address (possibly in anonymized, shortened form)

When processing this data, we do not draw any conclusions about your person. There is neither a personal evaluation nor an evaluation of the data for marketing purposes or profiling.

Your data will be deleted as soon as you leave our website and the respective session has ended. Your IP address will be anonymized no later than thirty days after the end of your visit to our website. This data is not stored together with your other personal data. The legal basis for the temporary storage of this data is Art. 6 para. 1 lit. f GDPR. Both the collection of the data and the storage of the data in log files are absolutely necessary for the provision and operation of our website.

1.3. YouTube

We use the provider YouTube, among others, for the integration of videos. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube videos are all integrated in “extended data protection mode”, i.e. no data about users is transferred to YouTube if they do not play the videos. Only when a user plays the videos is the following data transferred. We have no influence on this data transfer. When you access the web pages of our website that have such a plugin – for example our media library – a connection to the YouTube servers is established and the plugin is displayed. This tells the YouTube server which of our web pages you have visited. If you are logged in to YouTube as a member, YouTube assigns this information to your personal user account. When you use the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other Google user accounts before using our website and deleting the corresponding cookies from the companies.

Further information on data processing and notes on data protection by YouTube (Google) can be found at https://www.google.de/intl/de/policies/privacy/.

The use of YouTube is necessary to optimize our offer in accordance with Art. 6 para. 1 lit. f GDPR.

2. Contact us

You can contact us electronically, for example by e-mail, chat or using one of the contact forms on the website. It is also possible to make an appointment online before contacting us. If you contact us and are interested in our content or have already concluded a contract with us, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Otherwise, data processing is based on our legitimate interest in processing customer inquiries, Art. 6 para. 1 lit. f GDPR. We process the data that you transmit to us and that is required for communication.

2.1. Service provider

We use the services of third-party providers for customer communication:

E-mail and contact form: BREVO, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin and the Freshdesk service, a service provided by Freshworks Inc. 2950 S. Delaware Street Suite 201 San Mateo, CA 94403, USA. The data provided when contacting us will be transferred to this company as part of data processing in accordance with Art. 28 para. 3 GDPR, i.e. this data will not be used by the companies to write to you directly or to pass the data on to third parties.

Chat: Our website uses Freshchat, a live chat software from Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA.

The transfer of data to Freshworks in the USA is secured by Freshworks’ certification in accordance with the EU-U.S. Data Privacy Framework. Further information on data processing by Freshworks can be found in Freshworks’ privacy policy at https://www.freshworks.com/security/.

Chatbot: We offer an AI-controlled chatbot tool on our website. For this we use the service of Wonderchat Private Limited, Singapore, 7 Temasek Boulevard #12-07 Suntec City Tower One, 038987 Singapore. The data is transmitted to Wonderchat in encrypted form and is hosted in the EU.

Self-service portal: Freshworks Inc, in the Freshdesk product, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA.

Online appointment booking: Microsoft Bookings service (part of Microsoft Office 365) provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521.

2.2. Improvement of customer support, anonymization, artificial intelligence

We are constantly striving to improve our customer support. To this end, we process contact requests and customer communications.

We anonymize certain contact requests and customer communications to improve our customer support. Anonymized data is data that can no longer be used to identify you personally. The legal basis for the anonymization of data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in generating anonymized data in order to use the anonymized data to improve our service quality in our and your interest.

In some cases, customer inquiries are forwarded to service providers who operate an artificial intelligence system. We use OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, as a service provider. Forwarding to the service provider takes place in particular to generate a draft response. The legal basis for the automated generation of a response is Art. 6 para. 1 lit. f GDPR. We pursue the legitimate interest of improving our customer support by supporting our support staff with artificial intelligence for quality assurance and acceleration. The legal basis for the transfer to a service provider is Art. 28 GDPR in conjunction with the order processing contract.

3. Newsletter

In our newsletter, we regularly inform you about new products, functions, updates, special promotions, training courses and other events. To subscribe to our newsletter, we only need your e-mail address and your first and last name. We do not collect any other data. This data is used exclusively for sending our newsletter.

After submitting the registration form, you will receive a confirmation e-mail from us. The newsletter subscription only becomes effective once you have clicked on the link in the confirmation e-mail (“double opt-in”). The legal basis for data processing is your consent, Art. 6 para. 1 lit. a GDPR, § 7 UWG. You can unsubscribe from the newsletter and thus revoke your consent to data processing at any time, either by using the link provided in the newsletter, by sending an email to cs@maxda.com or by clicking on this link Unsubscribe newsletter.

If we receive your e-mail address in connection with the sale of a product or service, we reserve the right to regularly send you information about our own similar products or services by e-mail. Your e-mail address is processed for this purpose on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG without the need for separate consent. You can object to the use of your email address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. You can declare your objection, for example, via the unsubscribe link in every newsletter e-mail.

We use Sendinblue, a service provided by BREVO, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, to send our newsletter. The above-mentioned data is transferred to this company as part of data processing in accordance with Art. 28 para. 3 GDPR, i.e. this data is not used by the company to write to you directly or to pass the data on to third parties.

BREVO, Sendinblue provides analysis tools that make it possible to evaluate the success of the newsletter mailing. In these evaluations, we are only interested in statistical results, e.g. how many subscribers read our newsletters and which links are followed. You can find more information here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go. The processing is based on our legitimate interest in evaluating the success of the newsletter, Art. 6 para. 1 lit. f GDPR.

4. Use of a trial version

In order to use a trial license for Tailwind, it is necessary to create a MAXDQA account. As part of the registration process, we process personal data (e.g. name, e-mail address) in order to create the account and provide the test license.

After successful registration, the trial version of Tailwind can be used for a limited period of time. Your data will be processed for the purpose of providing the test license and for the technical administration of access and is based on Art. 6 para. 1 lit. b GDPR (performance of a contract or implementation of pre-contractual measures).

At the end of the test phase, your data will be stored for three months and then deleted if you do not become a customer. The storage is intended to ensure that projects that have been started can continue to be used if a subscription is taken out. We use this data as part of the trial version usage contract, Art. 6 para. 1 lit. b GDPR.

We use the “reCAPTCHA” service as part of the form for the test version to ensure the security of our website and to prevent unwanted, automated access in the form of spam or similar. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In addition to your IP address, Google may also collect other information that is necessary for the provision and guarantee of this service. The legal basis is Art. 6 para. 1 lit. f) GDPR. An adequate level of data protection is ensured by the use of standard contractual clauses of the EU Commission within the meaning of Art. 46 para. 2 lit. c) GDPR. Google offers further information on the general handling of your user data at https://policies.google.com/privacy

5. Online store

When you visit the online store or order products and services from VERBI, you leave the VERBI website and go to the website of our reseller cleverbridge GmbH. All services, orders and inquiries on this page, i.e. in the “store”, are subject to the data protection declaration of cleverbridge GmbH.

Additional data protection information for the use of MAXQDA Tailwind

The following provisions relate to the provision of the web-based tool MAXQDA Tailwind. MAXQDA Tailwind offers the customer the possibility to automatically analyze and summarize uploaded files according to various criteria.

1. Purchase of MAXQDA Tailwind

1.1. Account creation

Customers must create an account to use MAXQDA Tailwind. The following personal data is required for registration:

  • First name, last name
  • E-mail address

This data processing is required in accordance with Art. 6 para. 1 lit. b GDPR for the creation of the account and thus the implementation of the user relationship.

1.2. Payment and invoice

Payment processing for the use of the tool is handled by our e-sales partner cleverbridge GmbH, Gereonstr. 43-65, 50670 Cologne, Germany (cleverbridge). Data processing in connection with payment processing is carried out by cleverbridge as controller. Information on data processing by cleverbridge can be found in cleverbridge’s privacy policy.

In the case of payment processing, cleverbridge transmits the following data to us:

  • Last name
  • First name
  • E-mail address
  • Postal address
  • Institution, if applicable
  • Address

This data processing is required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of the contractual relationship with you.

2. Operation of MAXQDA Tailwind

2.1. Use of MAXQDA Tailwind

When you use MAXQDA Tailwind, we process your personal data in order to provide MAXQDA Tailwind. The following categories of data are processed for this purpose:

  • Account data
  • Information about the operating system and the hardware used
  • UserID
  • Date and time of use
  • Selected language
  • MAXQDA Tailwind function and options
  • Text length

This data processing is necessary for the provision of MAXQDA Tailwind, including the provision of support, in accordance with Art. 6 para. 1 lit. b GDPR.

2.2. Processing of project data

With regard to the content of the transmitted files containing personal data, you as the controller within the meaning of the GDPR remain solely responsible for the processing of the personal data. In particular, you are obliged to ensure that there is a legal basis for the processing of the data and that the data subjects are informed about the data processing in an appropriate form. In this respect, our order processing contract applies to the processing of this project data when MAXQDA Tailwind is provided by us.

2.3. Processing of usage data

We process data about your use of MAXQDA Tailwind (e.g. time of login, IP address, e-mail address, functions used) in a generally aggregated form as part of reports on the use of MAXQDA Tailwind for product development. The legal basis for the processing of usage data is Art. 6 para. 1 lit. f GDPR, as we have an overriding, legitimate interest in obtaining aggregated data for the aforementioned purposes.

3. Storage of the data

After termination of a subscription, your account data and project data will be stored for a period of 12 months. Within this period, you can reactivate your subscription and access your previous data. The storage takes place on the basis of Art. 6 para. 1 lit. f GDPR in order to enable easy resumption and continuation of the subscription for a limited period of time. After this period has expired, your data will be automatically and irrevocably deleted.

You will be notified by e-mail before your data is deleted.

4. Forwarding of data

We use third-party services for the provision of MAXQDA Tailwind. Your data is therefore passed on to service providers. A current list of the service providers used can be found on our website at https://www.maxqda.com/de/agb/drittdienstleister.

The service providers process your data as processors on our behalf. We have concluded data processing contracts with the service providers for this purpose. If the service providers process personal data in a third country for which the EU Commission has not issued an adequacy decision, we conclude standard contractual clauses with the respective service provider.


5. Cookies we use