Legal

Privacy

How we handle your data on this website — written plainly, without legal boilerplate fog.

Controller / Verantwortlicher

The party responsible for data processing on this website (the “controller” within the meaning of Art. 4(7) GDPR) is:

Yam Labs GmbH
Goethestr. 8
86356 Neusäß
Germany
E-Mail: info@yamlabs.de

Scope of This Policy

This policy covers data processing on the yamlabs.de marketing website only. It does not apply to the Mizu application, which is a separate product operated by Carealytix and has its own privacy policy available at mizu-app.com ↗ .

Data We Process

Server log files

When you visit this website, your browser automatically transmits certain information to our hosting provider’s servers. This includes your IP address, the page you requested, the date and time of the request, your browser type and version, your operating system, and the referring URL. These data are stored in server log files for the sole purpose of ensuring the security and stable operation of the website, and are not combined with data from other sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating and securing our website). Logs are retained only as long as technically necessary and are then deleted automatically.

This website is hosted by Netlify (Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA), acting as our processor under a data-processing agreement (Auftragsverarbeitungsvertrag, AVV) in accordance with Art. 28 GDPR. Server data may be processed on infrastructure in the United States. Netlify, Inc. is certified under the EU–US Data Privacy Framework, so the transfer is based on the European Commission’s adequacy decision of 10 July 2023 (Art. 45 GDPR); EU standard contractual clauses (Art. 46 GDPR) apply additionally as a fallback. See Netlify’s Privacy Policy ↗ for detail.

Contact by e-mail

If you contact us at info@yamlabs.de, we process the personal data contained in your message (your e-mail address, name if provided, and the content of your message) in order to handle your enquiry and respond to you.

Legal basis: Art. 6(1)(b) GDPR where your enquiry relates to a potential contractual relationship; Art. 6(1)(f) GDPR (legitimate interest in responding to communications) in all other cases. Data are retained only for as long as necessary to handle the enquiry and meet any applicable retention obligations, then deleted.

Fonts

The typefaces used on this site (Cormorant Garamond and DM Sans) are self-hosted — served directly from this website’s own server. No font files are loaded from Google Fonts or any other third party, so no data is transmitted to Google when you view this site.

No cookies, no analytics, no tracking pixels

This website does not set any cookies. We do not use analytics software (such as Google Analytics or Plausible), tracking pixels, or any other third-party tools that observe visitor behaviour.

External Links

This website links to external services, including mizu-app.com ↗ . We have no control over the data-processing practices of third-party websites. Please consult the respective privacy policies of those services before interacting with them.

If we integrate a scheduling tool in the future, we will update this policy accordingly before the integration goes live.

Your Rights Under GDPR

As a data subject within the EU/EEA, you have the following rights with respect to personal data we hold about you:

  • Access (Art. 15 GDPR) — you may request a copy of the personal data we process about you.
  • Rectification (Art. 16 GDPR) — you may ask us to correct inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR) — you may ask us to delete your personal data where the conditions of Art. 17 are met.
  • Restriction of processing (Art. 18 GDPR) — you may ask us to restrict processing in certain circumstances.
  • Data portability (Art. 20 GDPR) — where processing is based on consent or contract and carried out by automated means, you may request your data in a machine-readable format.
  • Objection (Art. 21 GDPR) — you may object at any time to processing based on legitimate interests (Art. 6(1)(f) GDPR), including for direct marketing.
  • Withdrawal of consent (Art. 7(3) GDPR) — where processing is based on your consent, you may withdraw it at any time with effect for the future.

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

To exercise any of these rights, please contact us at info@yamlabs.de. We will respond within the timeframes required by law (generally within one calendar month).

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data are being processed unlawfully. The competent authority for Yam Labs GmbH (Neusäß, Bavaria) is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
www.lda.bayern.de ↗

Last Updated

This policy was last updated on 24 June 2026.