Privacy
We are pleased about your visit to our website www.bridge-brain.com and your interest in our company. To provide you with as much transparency as possible, we inform you below in accordance with the requirements of Articles 13, 14, and 21 of the General Data Protection Regulation (hereinafter "GDPR") about the nature, scope, and purpose of the collection, processing, and use of personal data that occurs during your use of our website, as well as your rights in this regard. You can access the complete GDPR document here.
Contents
- Definitions of Terms
- Name and Address of the Data Controller
- Name and Address of the Data Protection Officer
- Processing of Personal Data
- Cookies
- Sharing of Personal Data
- Duration of Data Storage and Data Deletion
- Your Rights
- Data Security
1. Definitions of Terms
The following terms used in our privacy policy are defined within Article 4 of the GDPR. This is only an excerpt from Article 4 GDPR. All definitions can be viewed in the GDPR (accessible here).
- Personal Data (Art. 4 No. 1 GDPR)
All information relating to an identified or identifiable natural person ("data subject"); a person is considered identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person. - Processing (Art. 4 No. 2 GDPR)
Any operation or set of operations performed with or without automated means concerning personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. - Pseudonymization (Art. 4 No. 5 GDPR)
Processing personal data in a way that the data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. - Data Controller (Art. 4 No. 7 GDPR)
The natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means are dictated by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for in Union law or the law of the Member States. - Processor (Art. 4 No. 8 GDPR)
A natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller. - Third Party (Art. 4 No. 10 GDPR)
A natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and persons authorized to process data under the direct responsibility of the controller or processor. - Consent (Art. 4 No. 11 GDPR)
Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data concerning him or her. - Company (Article 4 No. 18 GDPR)
A company is a natural or legal person that carries out an economic activity, regardless of its legal form, including associations or partnerships that regularly carry out an economic activity.
2. Name and Address of the Data Controller
The data controller within the meaning of the GDPR is:
BRIDGEBRAIN GmbH
Ölmühlweg 33
61462 Königstein im Taunus
Phone: +49 6174 2939510
Email: sabine.eich@bridge-brain.com
You can access our full imprint here: https://www.bridge-brain.com/rechtliches/impressum
3. Name and Address of the Data Protection Officer
You can contact our Data Protection Officer, Ms. Sabine Eich, by mail at:
BRIDGEBRAIN GmbH
Ölmühlweg 33
61462 Königstein im Taunus
Germany
With the addition: "z.Hd. der Datenschutzbeauftragte der BRIDGEBRAIN GmbH" (attn: Data Protection Officer of BRIDGEBRAIN GmbH) or by e-mail at: sabine.eich@bridge-brain.com
4. Processing of Personal Data
We process personal data only if there is a legal basis for doing so:
- A contract exists between you and us, for the fulfillment of which the processing is necessary, or the processing is required to carry out pre-contractual measures upon your request (Art. 6(1)(b) GDPR).
- Fulfillment of a legal obligation to which we are subject (Art. 6(1)(c) GDPR).
- Protecting your vital interests or those of another natural person requires processing (Art. 6(1)(d) GDPR).
- The performance of a task carried out in the public interest or in the exercise of official authority requires processing (Art. 6(1)(e) GDPR).
- The processing is necessary to safeguard our legitimate interests or those of a third party, provided that your interests, fundamental rights, or freedoms do not override these interests (Art. 6(1)(f) GDPR).
- You have given your consent to the processing (Art. 6(1)(a) GDPR).
Additionally, the employees of BridgeBrain GmbH and any service providers are obliged, within the framework of legal requirements, to comply with the applicable data protection regulations.
4.1. Informational use of our website
If you do not provide us with any data (for example, by using a contact form), only the personal data transmitted from your browser to our server will be collected. This data is technically necessary for us to provide you with the website while ensuring a secure and stable display. This includes the following information, which is derived from a log file line:
- Internet Protocol address (IP address)
- Time and date of each access
- Time zone difference from Greenwich Mean Time (GMT)
- The specific page accessed
- Status of the access / Hypertext Transfer Protocol (http)
- Amount of data transferred in each case
- Website from which our website is accessed (referrer URL)
- Internet browser used (including language and version)
- Operating system used
The legal basis for collecting the listed data is Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring error-free connection establishment and convenient use of our website, as well as analyzing system stability and security and using the data for related administrative purposes.
Data will not be shared with third parties unless there is a legal obligation to disclose.
4.2. Contact via email
If you contact us via the email address stated in section 2 or other email addresses of our company published on our website, we will store your email address and other contact information contained in your email (e.g., your name or telephone number) in order to process your inquiry. Depending on the reason for sending the email, the legal basis for processing the data is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. This means that processing is either necessary to process the contract concluded with you or to fulfill our (pre-)contractual obligations, or based on our legitimate interest in contacting parties interested in our services.
4.3. Contact form
We offer a contact form on our website, the use of which generally requires the provision of personal data that goes beyond the data required for informational use of our website. When you contact us using the contact form on our website, your email address and other data you provide will be stored and processed by us to process your request. Depending on the reason for contact, the legal basis for processing the data is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. This means that it is either for the execution of the contract concluded with you or for the fulfillment of our (pre-)contractual obligations, or it is based on our legitimate interest in contacting parties interested in our services.
4.4. Processing of applicant data
For submitted application documents and other data collected during the application process that can be personally attributed to you as an applicant, your personal data will be processed if this is necessary for the decision on establishing an employment relationship or, after the employment relationship has been established, for its implementation or termination (Section 26 (1) BDSG, Article 6 (1) (b) GDPR). The same applies if the data processing is necessary to protect the legitimate interests of the responsible body for purposes other than the employment relationship and there is no reason to assume that your legitimate interest as the data subject in excluding processing or use outweighs this (Article 6 (1) (f) GDPR).
5. Cookies
We use cookies on our website. Cookies are small, browser-specific text files that are stored on your hard drive. This provides the location that sets the respective cookie with certain information, but does not allow programs to be executed or viruses to be transmitted. Cookies are divided into the following categories:
- First, a distinction is made according to who set the respective cookie (website operators in the form of first-party cookies or third parties in the form of third-party cookies).
- Then, a distinction is made regarding the storage duration.
- There are transient cookies that are automatically deleted when the browser is closed. This primarily applies to so-called session cookies, which store a session ID. These session cookies are used to recognize your computer when you visit our website again within a session using the same browser. When you close the browser or log out, these temporary cookies are deleted.
- There are also so-called persistent cookies, which are stored for a longer period (up to two years). However, the period until deletion varies from cookie to cookie. You can delete these cookies manually at any time using your browser settings.
- Another group is the so-called Flash cookies. These are Flash Player-bound cookies that store the technical data required to play video or audio content (e.g., image quality or network speed). There is usually no automatic expiration date, and the cookies store the required data regardless of the browser used. Some browsers (e.g., Firefox) offer the option of deleting Flash cookies along with other cookies.
- Cookies are also differentiated based on their function, which is most relevant from a data protection perspective.
- Technical (essential) cookies are cookies that are necessary to perform basic website functions (e.g., saving a product that has been added to the shopping cart).
- Performance cookies collect information about website usage and any errors that occur. This is anonymous information that is used to improve the website.
- Advertising cookies or targeting cookies make it possible to display customized advertising (including from third parties) to website users and to determine the effectiveness of this advertising.
- Sharing cookies connect the website with other services (e.g., social media presences).
We automatically only use technical cookies, and thus cookies that are essential for the operation of our website, based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR, in order to design and continuously improve our website effectively.
Please note that you can prevent cookies from being saved at any time by selecting the appropriate settings in your browser. We have compiled further information on this topic for the most common browsers below, but please note that doing so may limit the functionality of our website.
- Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
- Microsoft Edge: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647
- Opera: https://help.opera.com/de/latest/web-preferences/#cookies
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
6. Transfer of personal data
Personal data will only be transferred outside the EU if one of the legal bases listed under 4 applies. We provide further information on this below. As a general rule, we only transfer personal data to third countries where an adequate level of protection has been confirmed by the EU Commission or where we can guarantee the careful handling of personal data based on contractual agreements or other appropriate safeguards.
6.1. Webflow and others
Our website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as "Webflow"). Webflow also provides the content management system for our website. We have concluded a data processing agreement with this company, which contains the current EU standard contractual clauses for the transfer of personal data to third countries. Webflow's global privacy policy can be accessed here: https://webflow.com/legal/privacy. The privacy policy for the EU and Switzerland can be accessed here: https://webflow.com/legal/eu-privacy-policy. Data processing within the USA is possible. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is permitted under Articles 44 and 45 of the GDPR, as Webflow is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").
Webflow hosts our website using the content delivery networks of the US companies Fastly Inc. and Amazon Web Services, Inc. A content delivery network is a network of geographically distributed, possibly interconnected servers. The server closest to the respective website user is always used. The CDN used here includes servers in North America and parts of Europe. More information can be found on the following Webflow page: https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service.
Webflow hosts our website using the content delivery network of the US company Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107 (hereinafter referred to as "Fastly"). You can access the company's privacy policy here: https://www.fastly.com/privacy/ Data processing within the USA is possible. The USA is a so-called third country within the meaning of the GDPR. Data transfer to this third country is permitted under Articles 44 and 45 GDPR, as Fastly is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").
Webflow hosts our website using the content delivery network of the US company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109 (hereinafter referred to as "AWS"). The CDN is called Amazon CloudFront. You can access the company's imprint here: https://aws.amazon.com/de/impressum/?nc1=f_cc. The company's privacy policy can be accessed here: https://aws.amazon.com/de/privacy/?nc1=f_pr. Data processing within the USA is possible to the extent that it is permitted. The USA is a so-called third country within the meaning of the GDPR. Data transfer to this third country is permitted under Articles 44 and 45 GDPR, as AWS is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").
To ensure cross-browser compatibility, so that the modern functionality of Webflow pages is also available in older browsers that do not natively support it, Webflow integrates JavaScript using Cloudflare's content delivery network. The CDN is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 (hereinafter referred to as "Cloudflare"). The company's privacy policy can be found here: https://www.cloudflare.com/de-de/privacypolicy. Data processing within the USA is possible. The USA is a so-called third country within the meaning of the GDPR. Data transfer to this third country is permitted under Articles 44 and 45 GDPR, as Cloudflare is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").
Furthermore, there is a connection to the domains webflow.com and website-files.com. These domains belong to Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103 (hereinafter referred to as "Webflow"). Images, fonts, and other assets embedded in our website are hosted there. These Webflow domains are also hosted via the CDNs Fastly and Amazon Cloud-Front. The company's privacy policy can be found here: https://webflow.com/legal/eu-privacy-policy. Data processing within the USA is possible to this extent. The USA is a so-called third country within the meaning of the GDPR. Data transfer to this third country is permitted under Articles 44 and 45 GDPR, as Cloudflare is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision").
Legal Basis
The legal basis for data processing within the meaning of the above is Art. 6 (1) (f) GDPR and is justified by our interest in providing you with a fast, secure, and user-friendly website. As far as data processing in the third country USA is concerned, the legal basis, as explained, arises from Art. 44 and 45 GDPR (since all companies involved are active participants in the so-called "EU/US Data Privacy Framework"), as well as from Art. 46 (1) and (2) (c) GDPR (standard contractual clauses).
6.2. Pirsch
We use the web analysis tool "Pirsch" (https://pirsch.io/) provided by Emvi Software GmbH, Nickelstraße 1b, 33378 Rheda-Wiedenbrück. Legal notice: https://pirsch.io/legal. The privacy policy of Emvi Software GmbH can be found here: https://pirsch.io/privacy. No cookies are used. Pirsch generates a unique number for each user, which is composed of the user's IP address, the user agent, and a random string of characters defined for each website. This allows the user to be uniquely identified without collecting personal data. The random string of characters ensures that the number varies from website to website, making it impossible to compare them. Sessions are also recorded for a maximum of 24 hours. A new unique number is then assigned to each user. For this purpose, we have concluded a data processing agreement with Emvi Software GmbH. Emvi Software GmbH hosts all data in Germany. We use the Pirsch service based on our legitimate interest in optimizing and operating our website economically, in accordance with Art. 6 (1) (f) GDPR. You can object to data processing at any time here:
If you use the opt-out, the local storage will be described, which is technically necessary for the objection to be executed.
6.3. Vimeo
We embed Vimeo videos on our website. This is a video portal operated by Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA. Legal notice: https://vimeo.com/leo/guidelines/impressum (hereinafter referred to as "Vimeo"). Vimeo's privacy policy can be accessed here: https://vimeo.com/privacy. These videos can be played from our website. Therefore, if our website is used exclusively for informational purposes, the transfer of the personal data specified in this privacy policy to Vimeo in the USA and thus to an unsafe third country cannot be ruled out when playing the videos. Data processing within the USA is possible in this respect. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is justified in accordance with Articles 44 and 45 GDPR, as Vimeo is an active participant in the Data Privacy Framework. This is a data protection agreement between the EU and the USA, which declares the level of data protection for certified companies in the USA to be adequate ("adequacy decision"). We embed Vimeo videos with the "Do-Not-Track" extension so that no cookies are set. When you play the video, the local storage is described, which is technically necessary for you to be able to play the video. A Data Transfer Agreement, which contains the EU standard contractual clauses for the transfer of personal data to third countries, has been concluded with Vimeo. The legal basis for processing the data is Article 6 (1) (f) GDPR, i.e. it is based on our legitimate interest in making videos available to our website users so that they can find out about our services.
6.4. Cloudflare
To integrate graphics on our website, we use the content delivery network Cloudflare. The CDN is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 (hereinafter referred to as "Cloudflare"). The company's privacy policy can be found here: https://www.cloudflare.com/de-de/privacypolicy. Data processing within the USA is possible. The USA is a so-called third country within the meaning of the GDPR. The data transfer to this third country is permitted in this case under Articles 44 and 45 GDPR, as Cloudflare is an active participant in the so-called "EU/US Data Privacy Framework." This is a data protection agreement between the EU and the USA, under which the level of data protection for certified companies in the USA has been declared adequate ("adequacy decision"). The legal basis for processing the data is Article 6 (1) (f) GDPR, i.e. it is based on our legitimate interest in providing our website users with clear graphics on the website so that they can find out about our services.
7. Duration of data storage and deletion
Within the processing described in our privacy policy, we have communicated the corresponding storage periods and the dates of deletion or blocking of data. If no explicit storage period is specified, the data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.
Storage may extend beyond the defined periods if legal regulations to which we are subject (e.g., Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB)) stipulate a different storage period. The retention and documentation periods stipulated therein range from two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
Following the storage period, the personal data will be deleted or blocked unless further storage is required by us based on a legal basis. Furthermore, storage beyond the specified period is possible in the event of (any) legal dispute or other legal proceedings.
8. Your Rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:
Right to information pursuant to Art. 15 (1) GDPR
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, in addition to the right to information about this personal data, you have the right to information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data have been or will be disclosed in the future (in particular for recipients in third countries or international organizations), the storage period or criteria for determining the storage period, the existence of a right to rectification or erasure of the personal data concerning you or the right to restriction of processing on our part, as well as the existence of a right to object to this processing, the existence of a right to lodge a complaint with a supervisory authority and all available information about the origin of the data (in the event that this was not collected by us). In addition, you have the right to information about whether personal data is transferred to a country that is not a member of the EU (so-called third country) or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
Right to rectification pursuant to Art. 16 GDPR
You have the right to request that we promptly rectify inaccurate personal data and complete incomplete personal data concerning you.
Right to erasure ("right to be forgotten") pursuant to Art. 17 (1) GDPR
You have the right to request that we delete the personal data concerning you immediately if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you were processed unlawfully.
- The erasure of personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If the personal data concerning you has been made public by BridgeBrain GmbH and we are obligated to delete the personal data according to the above principles, we are also obligated to inform other data controllers that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.
In this regard, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to comply with these obligations, at least to the extent that processing is no longer necessary, i.e., if required by law or legitimate interests conflict with deletion.
However, according to Art. 17 (3) GDPR, the right to erasure does not exist if processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or to assert, exercise or defend legal claims.
Right to restriction of processing pursuant to Art. 18 (1) GDPR
You have the right to request that we restrict the processing of your personal data if you contest the accuracy of your personal data (the restriction applies for the period enabling us to verify the accuracy), the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for the purposes of the processing, but you require it to assert, exercise, or defend legal claims, or you have objected to processing pursuant to Art. 21 (1) GDPR (the restriction applies as long as it has not yet been determined whether our legitimate reasons outweigh yours).
If the processing of personal data concerning you has been restricted, this data -- apart from its storage -- may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. In this case, we will also inform you before the restriction is lifted.
Right to notification pursuant to Art. 19 GDPR
If you have asserted your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you was disclosed of this rectification, erasure, or restriction of processing, unless doing so proves impossible or involves disproportionate effort. In this respect, you may request that we inform you of these recipients.
Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you from us in a structured, common, and machine-readable format and to have it transmitted to another controller without hindrance from us (or to request direct transmission from us to another controller, where technically feasible) if the processing by us is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR and the processing was carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you may request that the personal data be transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
Right to revoke consent granted in accordance with Art. 7 (3) GDPR
You have the right to revoke consent you have given us at any time with future effect. This means that data processing based on the consent can no longer be continued in the future. However, this does not affect the legality of the processing carried out up to your revocation. Please also note that we may have to retain certain data for a certain period of time to comply with legal requirements (see Section 6 of the Privacy Policy).
Right to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your habitual residence, your place of work, or the place of the alleged violation.
The supervisory authority to which the complaint was submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Responsible supervisory authority for data protection:
The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden
Right to object to the processing of your data according to Art. 21 GDPR
In addition to the aforementioned rights, you also have the right to object at any time to the processing of your personal data based on the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) (e) GDPR) or to protect our legitimate interests (Art. 6 (1) (f) GDPR), with future effect, provided that there are reasons for doing so that arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If your personal data is processed for the purpose of direct advertising or profiling, provided there is a connection to direct advertising, you have a general right of objection without having to provide reasons related to your particular situation. In the event of an objection, we will immediately cease processing your personal data for these purposes. To exercise your right of withdrawal or objection, simply send an email to: datenschutz@bridge-brain.com
9. Data Security
Our website uses the TLS 1.3 (Transport Layer Security) encryption and communication protocol. The TLS certificate we use, issued by a certification authority, enables encrypted data exchange between the web browser and web server, preventing sensitive data from being read by third parties. We use the highest encryption level supported by your browser; this will usually be 256-bit encryption. The higher the number of bits, the longer the key and therefore the better the protection against third parties.