Privacy Policy

If you visit this website or use our webapp, some of your personal data will be processed in connection with your visit and with an inquiry to us. “Processing” means, inter alia, the collection, recording, organisation, organisation, filing, storage, adaptation or alteration, use, disclosure by transmission, alignment or deletion of information which also relates to an identified or identifiable natural person (“personal data”). With this privacy policy we would like to inform you about which personal data is collected, processed and/or used in the context of the use of the website.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) may have security gaps. A complete protection of data against access by third parties is not possible. The security and confidentiality of your data is very important to us. Therefore, we take the utmost care and apply the necessary security standards to ensure the protection of your personal data.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

1. Information on the collection of personal data
2. Your rights
3. Collection of personal data when using our webapp
4. Data processing by the operator(s) of other tools
5. International Transfer
6. Legal basis of the processing
7. Changes

1. Information on the collection of personal data

(1) In the following we provide information about the collection of personal data when using our website or webapp. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) The person responsible in accordance with Art. 4 para. 7 of the EU Data Protection Regulation (EU) 2016/679 (DSGVO) is Florian Baum, Yucca Technologies GmbH, Kokkolastraße 5, 40882 Ratingen, Germany (see our imprint). You can reach our data protection officer at or at our postal address with the addition “the data protection officer”.
(3) When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you have provided it, your name and telephone number in order to answer your questions. We delete the data arising in this connection after storage is no longer necessary or – in the case of legal storage obligations – restrict processing.
(4) If we wish to use commissioned service providers for individual functions of our offer or to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.

2. Your rights

(1) You have the following rights in relation to the personal data concerning you:
- Right to information, Pursuant to Art. 15, paras. 1 and 2 of the DSGVO, you have the right to obtain information about your personal data processed by us. In this context, you also have the right to receive a copy of the personal data processed by us in accordance with Article 15, paragraphs 3 and 4 of the DPA.
- Right of correction or deletion, In accordance with Art. 16 DSGVO, you have the right to ask us to correct or complete your personal data. Pursuant to Art. 17, paras. 1 and 3 of the DSGVO, you have the right to request that your personal data processed by us be deleted. If we have made this data public, you also have the right, in accordance with Art. 17, paras. 2 and 3 DSGVO, to demand that we inform other responsible parties of your request to delete all links, copies or replications of this data.
- Right to object to the processing, Pursuant to Art. 21 paras. 1, 2, 5 and 6 DSGVO, you have the right to object to the processing of your personal data by us if this is done for the purpose of direct advertising and/or on the basis of a “legitimate interest” within the meaning of Art. 6 para. 1 sentence 1 letter f) DSGVO.
- Right to data portability In accordance with Art. 20 Paragraphs 1 and 2 of the DSGVO, you have the right to receive the personal data you have provided us with concerning your person in a structured, common and machine-readable format and to request that we transfer this data directly to another person responsible.
- Revocation of your consent: If you have given us permission to process your personal data, you can revoke this permission at any time, in total or with regard to individual processing purposes, in each case without giving reasons.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company.

3. Collection of personal data when using our webapp

(1) When using the app, we collect the personal data described below to enable convenient use of the functions. If you would like to use our webapp, we collect the following data, which is technically necessary for us to offer you the functions of our webapp and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f DS-GVO):

In general we process and store the following data:
- IP address (in abbreviated anonymous form)
- Date and time of the request
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.

We collect the following data trough our website:
- Date and time of consent (Consent Management Protocol).

When you use our contact form, we store the following data:
- First name, last name, e-mail address, telephone number (optional), message.

By using our webapp:
- From all users that use the backend/webapp of yuccaHR, we only save the Microsoft Teams ID and authorization type.
- From all employees, that get connected and are targeted by the yuccaHR bot within the Microsoft Teams environment we save store the user ID.
- In our webapp, roles can be created for the employee, which are automatically saved and can be an indication of the employee’s position or role in the company. This can also be used to draw conclusions about the employee’s relationship to the employer).
- Created content (news in the Journeys, roles and upcoming events) – not necessarily personal, but may be, depending on the use of the webapp.
- Encrypted password of the webapp.
- Images and attached messages by the users.

(2) In addition to the data mentioned above, cookies are stored on your computer when you use our webapp. Cookies are small text files that are stored in the device memory of your mobile device and assigned to the webapp you are using. Cookies allow certain information to flow to the party that sets the cookie (here: us). Cookies cannot execute programs or transfer viruses to your mobile device. They serve to make webapps more user-friendly and effective overall.
This webapp uses the following types of cookies, the scope and functionality of which are explained below:
- Persistent cookies:
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can configure the settings of your mobile operating system and the webapp according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of our webapp.

4. Data processing by the operator(s) of other tools

The operator of the other tools uses web tracking methods. The web tracking can also be carried out independently of whether you are logged in or registered on the other´s tool platform. We have no influence on the webtracking methods of the other´s tool platform. For example, we cannot switch them off.
Please be aware that it cannot be ruled out that the provider of the other´s tool platform will use your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect I have no influence on the processing of your data by the provider of the other´s tool platform.
More detailed information on data processing by the provider of the other´s tool platform and further options for objection can be found in the provider’s data protection declaration.


On our website we handle payments via Stripe, among other things. The provider of this payment service is Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA If you choose a paid plan, the payment details you enter will be transmitted to Stripe. The transmission of your data to Stripe is based on art. 6 par. 1 letter a GDPR (consent) and art. 6 par. 1 letter b DSGVO (processing for the fulfilment of a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of data processing operations carried out in the past. For further Information please see:


On our website we offer payment via Chargebee, among other things. The provider of this payment service is Chargebee Inc. 340 S Lemon Avenue, #1537 Walnut, California 91789, USA (hereafter “ChargeBee”).
If you choose to pay via ChargeBee, the payment details you enter will be transmitted to ChargeBee.
The transmission of your data to ChargeBee is based on art. 6 par. 1 letter a DSGVO (consent) and art. 6 par. 1 letter b DSGVO (processing for the fulfilment of a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of data processing operations carried out in the past.
For further Information please see:

Google services

We use the Google services Google Analytics, Google Analytics Remarketing, Google Ads, Google Search Ads 360, Google Tag Manager and Google Forms. These services are provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”). Google has its headquarters in the so-called third country USA, which means that a level of data protection equivalent to that in the EU is generally lacking. However, Google is certified under the EU-U.S. Privacy Shield and thus offers an adequate level of data protection in accordance with Art. 45 DSGVO.
You can find more information about Google in the Google Privacy Policy:

Google Analytics

Google Analytics uses cookies. The information collected by these cookies is usually sent to a Google server in the USA and stored there. IP anonymization is used on this website. The IP address of the website visitors is shortened. Only in individual cases is the IP address initially transmitted in full to a Google server in the USA and shortened there. By this shortening the personal reference of the IP address is omitted. The IP address transmitted by the browser is not combined with other data stored by Google.
Within the framework of the agreement on commissioned data, which the website operator has concluded with Google Inc., the latter uses the information collected to create an evaluation of website use and website activity and provides associated services.
The data collected by Google on behalf of the website operator is used to evaluate the use of the online offer by individual users, e.g. to create reports on the activity on the website and to improve our online offer.

Google Analytics Remarketing

Google Analytics Remarketing allows you to link the created advertising target groups with the cross-device functions of Google Ads and Google Campaign Manager. In this way, interest-based, personalized advertising messages that have been adjusted on one device depending on the previous usage and surfing behavior of the website visitor can also be displayed on another device of the website visitor. This presupposes that the website visitor has given Google permission to do so. If such consent is given, Google will link the web and app browsing history to the personal Google Account for this purpose.
To support this feature, Google Analytics collects Google-authenticated visitor IDs that are temporarily linked to Google Analytics data to define and create target groups for cross-device advertising.
Visitors who have a Google Account can permanently opt-out of cross-device remarketing/targeting by deactivating personalised advertising in their Google Account (

Google Ads (formerly AdWords) and conversion tracking

In the context of Google Ads, this website uses the so-called conversion tracking. When visitors click on an ad served by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used to personally identify site visitors. If the user visits certain pages of this website and the cookie hasn’t expired, we can tell that the user clicked on the ad and was redirected to that page. The information collected using the conversion cookie is used to compile conversion statistics for us as AdWords customers. This tells us the total number of website visitors who clicked on an ad we placed and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies website visitors.
We use Google AdWords Remarketing to advertise us across the Internet and to advertise on third party websites (including Google) to previous visitors of the website. AdWords remarketing will display ads to Users based on what parts of the our website they have viewed by placing a cookie on the Users’ web browser. It could mean that our advertises to previous visitors who haven’t completed a task on the site or this could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. This cookie does not in any way identify the User or give access to the Users’ computer or mobile device. The cookie is only used to indicate to other websites that the User has visited a particular page on the website, so that they may show the User ads relating to that page. If Users do not wish to participate in Google AdWords Remarketing, they can opt out by visiting Google’s Ads Preferences Manager:

Google Search Ads 360 (formerly DoubleClick Search)

Similar to the previous paragraph; the use of Search Ads 360 allows Google and its partner sites to serve ads based on previous visits to our or other sites on the Internet. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there. In contrast to Google Ads, which is limited to the Google Search Network, Google Search Ads 360 enables the exchange of ads and keywords with several supported search engines.

Google Tag Manager

To manage the Google Analytics tracking (see above) we use the Google Tag Manager service. The Google Tag Manager itself does not collect any personal data.

Google Forms

We use the services of Google Forms to conduct surveys. The data collected with a Google Forms form is stored on a cloud storage provided by Google for us, “Google Drive”. Further information on data processing in connection with Google Forms and Google Drive can be found in Google’s data protection information:


We use functions of HubSpot Inc, 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter referred to as HubSpot). This is an integrated software solution with which we cover various aspects of our online marketing. These include among others: Email marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (especially traffic sources, access, etc.), contact management (especially user segmentation & CRM), landing pages and contact forms. HubSpot sets a cookie on your computer. It may be stored and analyzed personal data, especially the activity of the user (especially which pages have been visited and which elements have been clicked on), device and browser information (especially the IP address and operating system), data about the ads displayed (especially which ads were displayed and whether the user clicked on them) and also data from advertising partners (especially pseudonymized user IDs). The data may be transferred to servers of Hubspot in the USA. HubSpot has subjected itself to the Privacy-Shield-Agreement between the European Union and the USA and is certified. Thereby HubSpot commits itself to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
For more information on how HubSpot processes the data, click here:
The use of the HubSpot plug-in serves exclusively to optimize our marketing.
The legal basis for the processing of users’ personal data is in principle the consent of the user in accordance with Art. 6 Paragraph 1 S.1 lit. a DSGVO.
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that took place on the basis of your consent until revocation.
You may prevent HubSpot from collecting and processing your personal data by preventing the storage of third-party cookies on your computer, by using the “Do Not Track” function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript ( or Ghostery ( in your browser.
For more information on how to object to and resolve issues with HubSpot, please see:


We use JOIN to carry out our services by our webapp. Join is brought to you by JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany.
The data processing by JOIN can essentially be divided into two categories:
- For the purpose of contract processing or for the provision of our platform, all data required for the execution of the platform usage agreement with JOIN is processed. If external service providers are also involved in the processing of the contract, e.g. companies that advertise jobs, optimization services, hosters, CRM tools, etc., your data will be passed on to them to the extent necessary in each case.
- When you access our platform, various information is exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to further optimise our offer.
For further information please see JOIN´s privacy polivy:

LinkedIn Ads

We use the LinkedIn advertising feature of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, “LinkedIn”). LinkedIn is based in the third country USA, which generally does not have an EU level of protection. However, LinkedIn is certified according to the EU-US Privacy Shield and thus offers an adequate level of protection for personal data in accordance with Article 45 DSGVO.
This function is used to target visitors with a LinkedIn user account with interest-based advertising on the LinkedIn social network.
A remarketing tag has been implemented on this website for this purpose. This tag is used to create a direct link to the LinkedIn servers when visitors visit the website, and to transmit to the LinkedIn servers which pages of our website have been visited by the visitors. LinkedIn associates this information with your LinkedIn user account, if you have one. Within LinkedIn, visitors to our site who are also LinkedIn members will see personalized LinkedIn advertisements and sponsored posts/messages based on their interests.
For further information please see:


We use Slack on pur homepage and webapp. Slack is privided by Slack Technologies, Inc.500 Howard Street San Francisco, CA 94105 USA.
We use the Slack-API especially for single sign on, registration process an providing our service to you within the slack ecosystem an workflows. Slack acts as a service for certain data processing activities and as a processor for other activities. The users data is transmitted from the Slack user to Slack via the Slack API (or another integration method). Slack then uses this data to complete the transaction within the slack ecosystem. In this role, Slack therefore acts as a processor of orders. However, Slack also uses the data to fulfill its regulatory obligations. In this role, Slack acts as a responsible party.
For further information please see:

5. International Transfer

As we are located in Germany while using Amazon’s AWS Data centre located in Frankfurt, Germany, any information you provide maybe be processed and stored in the USA, which means that the personal information of our EU residents may be kept in a jurisdiction that isless protective than that whichthe GDPR currently requiresas standard. In the event that we need to transfer such information from the EU to third-parties which are not subject to laws requiring the GDPR levels ofprotection, we will either enter into contracts which are based on the EU Standard Contractual Clauses with these parties or transfer information under the scope of the EU/US Privacy Shield.

6. Legal basis of the processing

(1) We process your personal data in accordance with Art. 6 para. 1 lit. a), b), c) and f) DSGVO. This means that we process personal data only if you have given your consent (lit. a)), to the extent necessary for the performance of a contract or pre-contractual measures (lit. b)), if we are legally obliged to do so (lit. c)) or if we have a legitimate interest in the processing (lit. f)).
(2) In the following reasons and purposes are given for processing your data:
- To personalize the experience.
- To improve our website.
- To identify someone as a contractor.
- To enable a quick registration.
- To set up a primary communication channel.
- To enable the automated handling of subscriptions.
- To create and display cookie statements for end users and store and display scan reports for you.
- To send emails at certain intervals (The email address you provide for order processing can be used to send you information and updates regarding your order. In addition, if you have accepted, you will occasionally receive company news, updates, information about related products or services, etc.). If at any time you wish to unsubscribe from receiving future emails, you can cancel your account by clicking “Delete My Account” after logging in.

7. Changes

We reserve the right to change this privacy policy at any time in accordance with the applicable data protection regulations.

Immer up-to-date mit unserem Newsletter

Vielen Dank für Ihre Anmeldung zu unserem Newsletter 🙌
😰 Oops! Etwas hat nicht geklappt, bitte wiederholen Sie die Eingabe.