Skip to main content

The Next Era of Autonomous Commercial Decision-Making 👉 Meet Buynomics 3.0

 

Home   /   Buynomics: Privacy Policy

Privacy Policy

Last updated: 22 June 2026

Introduction

The protection of your personal data is of the highest priority for buynomics GmbH. This Privacy Policy describes how buynomics GmbH (“buynomics”, “we”, “our”, “us”), Rudolfplatz 3, 50674 Cologne, Germany, collects, processes, and protects personal data in connection with the use of our website and our Revenue Growth Management services, and informs you of the rights to which you are entitled.

We process personal data in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”), and other applicable data protection laws. By using our website and services, you acknowledge this Privacy Policy.

Where buynomics processes personal data on behalf of our customers (companies that use our Revenue Growth Management platform), our customers act as the controller and buynomics acts as the processor. In such cases, please refer to the privacy policy of the relevant customer organization.

Controller and data protection contact

The controller responsible for the processing of personal data within the meaning of the GDPR is:

buynomics GmbH

Rudolfplatz 3, 50674 Cologne, Germany

Email: info@buynomics.com

Website: www.buynomics.com

Data protection contact: For any privacy-related question or to exercise your rights, you can reach our data protection function at privacy@buynomics.com.

Data subject requests: please use the subject line “Data Privacy Request” to ensure prompt handling.

Definitions

This Privacy Policy uses the terminology of the GDPR. To make it legible and understandable, the most relevant terms are explained below:

  • Personal data: any information relating to an identified or identifiable natural person (“data subject”), such as a name, identification number, location data, or online identifier.
  • Processing: any operation performed on personal data, whether automated or not, including collection, storage, use, disclosure, or erasure.
  • Controller: the natural or legal person that determines the purposes and means of the processing of personal data.
  • Processor: a natural or legal person that processes personal data on behalf of the controller (e.g. our service providers).
  • Consent: any freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.

What personal data do we collect?

Website visitors and potential customers

When you visit our website or inquire about our services, we may collect:

  • Contact information: name, company name, email address, and phone number
  • Usage data: browser type and version, operating system, referring website, pages visited, date and time of access, IP address, and Internet service provider
  • Communication data: messages, feedback, or inquiries you submit via our website or contact forms
  • Event and webinar registration data: name, email, job title, and company

Customers and platform users

When you register for or use our Revenue Growth Management platform, we collect:

  • Account information: name, email address, job title, and company details
  • Billing and payment information
  • Usage and interaction data within the platform
  • Support communications and feedback

Job applicants

When you apply for a position at buynomics, we collect your name, contact details, application materials, and recruitment-related data. Full details, including our use of the recruitment service provider Greenhouse, are set out in Section 12.

Third-party data sources

We may receive personal data from third-party sources such as professional networks (e.g. LinkedIn), data enrichment providers, and publicly available sources. We use such data to understand your professional context and to improve the relevance of our communications. Where required, this processing is based on our legitimate interest (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR).

Cookies

Our website uses cookies — small text files stored on your device via your browser — to enable core functionality, remember your preferences, and analyze website traffic. Non-essential cookies are only set with your consent (Art. 6(1)(a) GDPR; § 25 TDDDG).

You may disable cookies at any time through your browser settings or our cookie banner. Disabling certain cookies may affect the functionality of parts of our website. For more information on the cookies we use, please refer to the cookies section of this Privacy Policy or contact us at privacy@buynomics.com.

Automatic data collection

As you navigate our website, we automatically collect certain technical data via server log files and cookies, including IP address, device identifiers, browser settings, and behavioral data. This information is used to maintain website functionality, analyze usage patterns, and protect against security threats. Server-log data is stored separately from any personal data you provide directly.

Purpose - How do we use your personal data?

We process personal data for the following purposes:

  • To provide, operate, and improve our Revenue Growth Management platform and related services
  • To respond to inquiries, provide customer support, and manage our business relationship with you
  • To process job applications and manage our recruitment processes (see Section 12)
  • To send marketing communications, newsletters, product updates, and event invitations, subject to your right to opt out (see Section 11)
  • To conduct analytics, product research, and service improvement
  • To ensure the security and integrity of our systems and to detect and prevent fraud
  • To comply with our legal and regulatory obligations

Legal bases (Art. 6(1) GDPR): (a) performance of a contract or pre-contractual steps; (b) compliance with a legal obligation; (c) our legitimate interests in operating and improving our business, where not overridden by your rights and freedoms; and (d) your consent, where explicitly given. For applicant data in Germany, we additionally rely on § 26 BDSG.

How long do we retain your personal data?

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law. Indicative retention periods are:

  • Website visitor data (server logs): up to 12 months
  • Customer account data: for the duration of the contractual relationship and up to 6 years thereafter for legal and tax purposes (§ 257 HGB, § 147 AO)
  • Marketing contact data: until you object or withdraw consent
  • Applicant data: up to 6 months after the recruitment process (up to 12 months in our talent pool with your consent) — see Section 12

When personal data is no longer required, it is deleted or anonymized in accordance with our retention and deletion policy.

How and with whom do we share your personal data?

We may share your personal data with the following categories of recipients:

  • Service providers (sub-processors): trusted third-party vendors that assist with hosting, analytics, payment processing, marketing, customer support, and recruitment (including Greenhouse — see Section 12). They are bound by data processing agreements pursuant to Art. 28 GDPR and process data only on our instructions. A current list of our sub-processors is available on request.
  • Business partners: where necessary to deliver co-branded services or joint offerings.
  • Professional advisors: lawyers, auditors, accountants, and insurers, where required.
  • Corporate transactions: in connection with a merger, acquisition, or transfer of business assets.
  • Legal obligations: where required by law, court order, or public authority, including for fraud prevention or national security purposes.
  • With your consent: for any other purpose explicitly disclosed to and agreed by you.

We do not sell your personal data, and we do not share it with third parties for their own direct marketing purposes.

International data transfers

buynomics is headquartered in Germany and primarily processes data within the European Economic Area (EEA). Some of our service providers and sub-processors are located outside the EEA, including in the United States (for example, our recruitment provider Greenhouse — see Section „Job applicants and recruitment“).

Where we transfer personal data outside the EEA, we ensure adequate safeguards in accordance with Chapter V of the GDPR, in particular:

  • an adequacy decision of the European Commission, including certification under the EU–U.S. Data Privacy Framework where applicable; or
  • the EU Standard Contractual Clauses (SCCs) together with supplementary technical and organizational measures.

You may request further information about the specific safeguards applied, including a copy of the relevant SCCs, by contacting us at privacy@buynomics.com.

How do we protect your personal data?

We implement appropriate technical and organizational measures (Art. 32 GDPR) to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure, including:

  • Encryption of data in transit and at rest
  • Access controls and role-based permissions
  • Regular security assessments and penetration testing
  • Employee training on data protection and security
  • Documented incident-response procedures

While we take data security seriously, no method of transmission over the Internet is completely secure. Please use strong credentials and contact us immediately if you suspect any unauthorized use of your account.

Your rights — EU and EEA residents (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

  • Right of access (Art. 15): to obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): to have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17, “right to be forgotten”): to have your data deleted where there is no longer a legal basis for its retention.
  • Right to restriction (Art. 18): to limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20): to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): to object to processing based on our legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent (Art. 7(3)): at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact privacy@buynomics.com. We will respond within one month (Art. 12(3) GDPR). We may ask you to verify your identity, and reasonable requests are free of charge.

Right to lodge a complaint: You may lodge a complaint with a supervisory authority. Our lead supervisory authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW). Residents of other EU/EEA countries may also contact their local supervisory authority.

Marketing communications and opt-out

We may use your name, email address, and professional details to send marketing communications such as newsletters, product updates, event invitations, and promotional offers. Where required by law, we do so only with your consent or where we have a legitimate interest (e.g. towards existing customers, § 7(3) UWG).

You may opt out at any time by clicking the “unsubscribe” link in any marketing email or by contacting us. Opting out of marketing does not affect transactional or service-related communications necessary to manage your account or our contract.

Job applicants and recruitment

When you apply for a position at buynomics, we process your personal data to assess your suitability for the role and to manage our recruitment process. We process applicant data for positions in Germany, across the EMEA region (including Ireland), in the United Kingdom, and in the United States.

Personal data we process in this context includes:

  • Identity and contact details: name, email address, phone number, and location
  • Application materials: CV/resume, cover letter, work history, educational qualifications, and links to professional profiles (e.g. LinkedIn)
  • Recruitment data: communications exchanged during the process, interview notes and assessments, and — where applicable and where you have been informed in advance — interview recordings, transcripts, summaries, and related meeting metadata
  • Technical data: IP address, device, and browser information collected when you use our application portal

Use of Greenhouse as our recruitment service provider (processor)

To receive, store, and manage job applications, buynomics uses the applicant-tracking and recruitment platform provided by Greenhouse Software, Inc. (“Greenhouse”), 110 E 42nd St, Suite 2101, New York, NY 10017, USA.

In this context, buynomics is the controller and Greenhouse acts as our processor, processing applicant data solely on our behalf and in accordance with our documented instructions. We have concluded a data processing agreement with Greenhouse pursuant to Art. 28 GDPR.

Greenhouse may enrich application profiles with information obtained from third-party sources, including professional networks such as LinkedIn, data enrichment providers, and publicly available sources, in order to provide professional context relevant to the recruitment process. Where required, this processing is based on our legitimate interest in evaluating applications effectively (Art. 6(1)(f) GDPR) and, where applicable, your consent (Art. 6(1)(a) GDPR).

International transfer of applicant data

Greenhouse is established in the United States, and applicant data processed via the Greenhouse platform is transferred to and processed in the United States. To safeguard this transfer, we rely on one or more of the following mechanisms:

  • Greenhouse’s certification under the EU–U.S. Data Privacy Framework, the UK Extension to the EUdefi–U.S. Data Privacy Framework, and the Swiss–U.S. Data Privacy Framework; and/or
  • the EU Standard Contractual Clauses (SCCs) together with supplementary technical and organizational measures.

You can review Greenhouse’s privacy practices in its privacy policy at https://www.greenhouse.com/privacy-policy. For the EEA, Greenhouse has appointed a representative pursuant to Art. 27 GDPR.

Legal basis and retention of applicant data

We process applicant data on the basis of Art. 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and, for applicants in Germany, § 26(1) BDSG (data processing for the purposes of the employment relationship), as well as Art. 6(1)(f) GDPR (our legitimate interest in conducting an effective recruitment process).

We retain applicant data for up to 6 months after the conclusion of the recruitment process, in order to comply with statutory limitation periods (e.g. under the German General Equal Treatment Act, AGG). With your explicit consent (Art. 6(1)(a) GDPR), we may retain your profile in our talent pool for up to 12 months to consider you for future opportunities. You may withdraw this consent at any time, with effect for the future, by contacting careers@buynomics.com.

UK residents — UK GDPR

If you are located in the United Kingdom, your personal data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. You have the same rights as EU residents described in Section 10. Where we transfer your data outside the UK, we use the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.

To exercise your rights, please contact privacy@buynomics.com. You may also lodge a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, www.ico.org.uk.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. We will post any changes on this page and update the “Last updated” date above. For material changes, we will notify you by email or by a prominent notice on our website. Changes apply only to data collected after the effective date.