Privacy | STYLE ME easy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. For this reason, we would like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.

This Privacy Policy applies to the online offering of tatjana style ag, which is accessible under the domain www.stylemeeasy.com and its various subdomains (“our website”).

Who is responsible and how can you contact us?

Controller

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

tatjana style ag
Wiesenstrasse 8a
8700 Küsnacht
Switzerland
tatjanastyleag@gmail.com

What is this about?

This Privacy Policy meets the legal requirements for transparency in the processing of personal data. This includes all information relating to an identified or identifiable natural person. Examples include your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information that cannot be linked to your person (or only with a disproportionate effort), such as anonymized data, is not considered personal data. The processing of personal data (e.g., collection, retrieval, use, storage, or transfer) always requires a legal basis and a defined purpose.

Stored personal data is deleted as soon as the purpose of the processing has been fulfilled and there are no legal grounds for further retention. We inform you of the specific storage periods or storage criteria within each individual processing activity. Regardless of this, we may retain your personal data in individual cases for the establishment, exercise, or defense of legal claims and where statutory retention obligations apply.

Who has access to my data?

We only share your personal data collected through our website with third parties when it is necessary to fulfill the specified purposes and is legally permitted on the applicable basis (e.g. your consent or our legitimate interests). In certain cases, we may also transfer personal data to third parties if it is required for the establishment, exercise or defense of legal claims. Potential recipients may include law enforcement authorities, legal counsel, auditors, or courts.

Where we engage service providers to support the operation of our website, they may process personal data on our behalf as processors in accordance with Article 28 GDPR. These providers may also be recipients of your personal data. For further details on the use of processors and online services, please refer to the overview of individual data processing activities.

Do you use cookies?

Cookies are small text files that are sent from our website to your browser and stored on your device during your visit. As an alternative to cookies, certain information may also be stored in your browser’s local storage. Some features of our website cannot function without the use of cookies or local storage (technically necessary cookies). Other cookies, however, allow us to perform various analyses – such as recognizing the browser you used during a previous visit and transmitting different types of information to us (non-essential cookies).

Cookies help us make our website more user-friendly and effective by enabling us, for example, to analyze how you use our website or to detect your preferred settings (such as language or regional preferences). If third parties process information via cookies, they collect the information directly through your browser.

Cookies do not harm your device. They cannot run programs or contain viruses.

We provide detailed information about the specific services for which we use cookies in the respective data processing activities. Comprehensive information about the cookies we use can be found in the cookie settings or the consent manager on this website.

What are my rights?

Under the provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Right of access (Article 15 GDPR): You have the right to obtain information about the personal data we store about you, including meaningful details about the nature of the processing and a copy of your data.
Right to rectification (Article 16 GDPR): You may request the correction of inaccurate or incomplete personal data we hold about you.
Right to erasure (Article 17 GDPR): You may request the deletion of your personal data, provided the processing is not required for exercising the right of freedom of expression and information, fulfilling a legal obligation, reasons of public interest, or the establishment, exercise or defense of legal claims.
Right to restriction of processing (Article 18 GDPR): You may request that we restrict the processing of your data if (i) you contest the accuracy of the data, (ii) the processing is unlawful and you oppose the erasure, (iii) we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or (iv) you have objected to processing pursuant to Article 21 GDPR.
Right to data portability (Article 20 GDPR): If the processing is based on your consent under Article 6(1)(a) GDPR or a contract under Article 6(1)(b) GDPR and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, or to request that we transmit it directly to another controller, where technically feasible.
Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, on grounds relating to your particular situation, or where your data is used for direct marketing purposes. This right does not apply if we can demonstrate compelling legitimate grounds for the processing that override your interests or if the processing is necessary for the establishment, exercise or defense of legal claims. Where this right does not apply in specific processing activities, this will be indicated accordingly.
Right to withdraw consent (Article 7(3) GDPR): You may withdraw your consent at any time with effect for the future.
Right to lodge a complaint (Article 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with a supervisory authority. You may typically contact the authority at your habitual residence, your place of work, or the location of our registered office.

How is my data processed in detail?

Below, we provide information on the individual data processing activities, including the scope and purpose of the processing, the legal basis, whether you are required to provide your data, and the applicable storage periods. No automated individual decision-making, including profiling, takes place.

Processing of personal data in the STYLE ME easy app

Type and scope of processing

When using our STYLE ME easy app, we process various categories of personal data required to provide the app’s functionality. This includes in particular:

Photos of clothing items uploaded via the app
Username and email address provided during registration
Responses to style and profile questions used to personalize content
Subscription data (e.g., status, duration, payment method)
Device information (e.g., model name of the device used)

Processing begins upon input or upload within the app. Data is transmitted directly to our servers via a secure connection. If registration is not completed or the connection is interrupted, data may be temporarily stored on the end device.

Services and recipients

To technically implement and provide the app, we use the following service providers acting as processors pursuant to Article 28 GDPR:

Google Cloud (Zurich and partly the Netherlands): Processing of image and text inputs to generate AI-based outfit suggestions
Amazon Web Services (AWS) (Zurich): Hosting of the app backend, API, and storage of uploaded images
ihosting: Central storage of all data collected via the app
Photoroom: Removal of image backgrounds
MailGun (EU): Sending of transactional emails (e.g., registration confirmations)
Zendesk: Support communication via in-app chat or email

Security measures

All data transmissions are encrypted via SSL/TLS. Passwords are hashed using the bcrypt algorithm before being stored. We implement technical and organizational measures in accordance with Article 32 GDPR to ensure data security.

Consent and user control

Registration within the app is only possible after actively agreeing to our privacy policy and terms of use. A function is available in the user profile that allows users to delete their account and thereby withdraw their consent. All associated personal data will be deleted in the process.

Purpose and legal basis

The processing of the above-mentioned data is carried out for the purpose of fulfilling the contractual services of the app in accordance with Article 6(1)(b) GDPR.

Certain features, such as third-party image processing or support requests, are processed based on your consent in accordance with Article 6(1)(a) GDPR.

Storage period

Your data is stored for the duration of your active app account or until its deletion. Further storage will only take place if legally required or if you have given separate consent.

Provision of the Website

Type and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting device
Date and time of access
Name and URL of the accessed file
Website from which the access originated (referrer URL)
Browser used and, if applicable, your computer’s operating system, as well as the name of your access provider

Our website is not hosted by us directly, but by a service provider who processes the aforementioned data on our behalf in accordance with Article 28 GDPR.

Purpose and legal basis

The processing is carried out in order to safeguard our overriding legitimate interest in displaying our website and ensuring its security and stability, based on Article 6(1)(f) GDPR. The collection of data and its storage in log files is absolutely necessary for the operation of the website. Therefore, under the exception set out in Article 21(1) GDPR, there is no right to object to this processing. If the log files are stored beyond this for legal reasons, the processing is based on Article 6(1)(c) GDPR. There is no legal or contractual obligation to provide this data; however, accessing our website is technically impossible without it.

Storage period

The aforementioned data is stored for the duration of the website display and, for technical reasons, for a maximum of 7 days thereafter.

Contact Form

Type and scpe of data processing

Our website provides a contact form you can use to get in touch with us. The information collected via the required fields is necessary for processing your inquiry. You may also voluntarily provide additional information that you consider relevant for handling your request.

When using the contact form, your personal data is not shared with third parties.

Purpose and legal basis

The processing of your data through the use of our contact form is carried out for the purpose of communication and handling your inquiry, based on your consent in accordance with Article 6(1)(a) GDPR. If your inquiry relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling that contract pursuant to Article 6(1)(b) GDPR.

There is no legal or contractual obligation to provide your data; however, we cannot process your request without the information required in the mandatory fields. If you prefer not to provide this data, please contact us using an alternative method.

Storage period

If you use the contact form based on your consent, we retain the data collected with each inquiry for a period of three years from the completion of your request or until you withdraw your consent, whichever occurs first.

If you use the contact form in connection with a contractual relationship, we retain the data collected with each inquiry for a period of three years following the end of the contractual relationship.

Newsletter

Type and scope of data processing

If you register on our website to receive our newsletter, we collect your email address [and your name…] and store this information along with the date of registration and your IP address.

You will then receive an email asking you to confirm your subscription to the newsletter (double opt-in). If you do not confirm your registration within [48 hours], the subscription will automatically expire and your data will not be used for newsletter distribution.

Purpose and legal basis

We process your data for the purpose of sending the newsletter based on your consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by unsubscribing from the newsletter, in accordance with Article 7(3) GDPR.

There is no legal or contractual obligation to provide your data; however, we are unable to send you the newsletter without it.

Storage period

After you register for the newsletter, we store your data for a maximum of 48 hours until the subscription is confirmed. Once you have successfully confirmed your subscription, we retain your data until you withdraw your consent (unsubscribe from the newsletter), and for technical reasons for up to 7 days thereafter.

Customer Account Registration

Type and scope of data processing

As part of the order process, we collect your personal data to register a customer account. You can choose to place your order as a guest or to register a permanent user account. The information collected via mandatory fields is identical in both cases and required to process your order in the online shop.

If you register a permanent user account, we additionally collect a password of your choosing. You may also voluntarily provide additional information that you consider necessary for processing your order.

Your personal data will only be shared with third parties (e.g., shipping providers / freight companies) and processors pursuant to Article 28 GDPR to the extent necessary for order fulfillment.

Puropse and legal basis

We process your personal data for the purpose of registering a customer account in order to fulfill a contract with you, pursuant to Article 6(1)(b) GDPR. There is a contractual obligation to provide the data entered in the mandatory fields, as this information is necessary to identify you and to perform the contract. There is no legal obligation to provide this data. However, without this information, placing an order in our online shop and concluding a contract is not possible. There is no obligation to provide any additional voluntary information; placing an order is also possible without disclosing such data.

The additional processing of your password for the registration of a permanent user account is carried out for the purpose of providing a customer account, displaying your past purchases, and storing order-related data (e.g., billing address, multiple delivery addresses), based on your consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by deleting your customer account, in accordance with Article 7(3) GDPR.

Storage period

If you place an order as a guest, we store your personal data until the order has been fully processed (end of contract). If you register a permanent customer account, we retain your purchase-related data beyond the end of the contract until you withdraw your consent by deleting your customer account.
In both cases, further storage of your data only takes place if statutory retention obligations apply (e.g., under tax or commercial law).

Presence on Social Media Platforms

We maintain so-called fan pages, accounts, or channels on the social networks listed below to provide you with information and offers within social media platforms, and to give you additional ways to contact us and learn more about our services.
Below, we explain which data we – and the respective social network – process in connection with your access to and use of our fan pages/accounts.

Data we process from you

If you contact us via messenger or direct message through the respective social network, we generally process your username used to contact us and, if necessary, any additional data you provide, to the extent required to handle or respond to your inquiry.

The legal basis for this processing is Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Aggregated) Usage Data We Receive from Social Networks

Through the insights features provided by the respective platforms, we receive automatically generated statistics relating to our accounts. These statistics include, for example, the total number of page views, likes, page activity and post interactions, reach, video views, as well as demographic breakdowns such as the proportion of male and female followers.

These statistics contain only aggregated data that cannot be linked to individual persons. We are not able to identify you based on this information.

What data the social networks process from you

You do not need to be a member of the respective social network or have a user account in order to view the content on our fan pages or accounts.

Please note, however, that social networks may collect and store data from website visitors who do not have a user account when accessing the respective platform (e.g., technical data required to display the website) and may use cookies or similar technologies. We have no control over this processing. For details, please refer to the privacy policies of the respective social networks (see the corresponding links above).

If you wish to interact with the content on our fan pages or accounts – such as commenting on, sharing, or liking our posts – and/or contacting us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence over how social networks process your data when you use their platforms. To the best of our knowledge, your data is stored and processed in connection with the services provided by the respective social network, and is also used to analyze user behavior (including through cookies, pixels/web beacons, and similar technologies). Based on this analysis, interest-based advertising may be displayed to you both within and outside the respective social network. It cannot be ruled out that your data may be stored outside the EU/EEA and transferred to third parties by the social networks.

Information about the specific scope and purposes of the processing of your personal data, storage periods/deletion, as well as policies on the use of cookies and similar technologies in the context of registering with and using social networks can be found in the privacy policies and cookie guidelines of the respective social networks. These also contain information about your rights and options for objecting to such processing.

Facebook Page

When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical insights about the use of the page. Further details are available from Facebook at the following link: https://facebook.com/help/pages/insights.

The statistical information provided does not allow us to draw any conclusions about individual users. We use it solely to better understand the interests of our users, continuously improve our online presence, and ensure its quality.

We collect your data via our fan page solely to enable communication and interaction with us. This typically includes your name, message content, comment content, and any profile information you have made “public.”

If you, as a user, have given consent to the respective social network provider for the processing of your data, the legal basis for processing is also Article 6(1)(a) in conjunction with Article 7 GDPR.

Auf Grund der Tatsache, dass die eigentliche Datenverarbeitung durch den Anbieter des sozialen Netzwerkes erfolgt, sind unsere Zugriffsmöglichkeiten auf Ihre Daten beschränkt. Lediglich der Anbieter des sozialen Netzwerkes ist zu einem vollständigen Zugriff auf Ihre Daten legitimiert. Auf Grund dessen, kann nur der Anbieter direkt entsprechende Massnahmen zur Erfüllung Ihrer Nutzerrechte (Auskunftsanfrage, Löschverlangen, Widerspruch, etc.) ergreifen und umsetzen. Die Geltendmachung entsprechender Rechte erfolgt somit am effektivsten direkt gegenüber dem jeweiligen Anbieter.

We are jointly responsible with Facebook for the personal data processed in connection with our fan page. Data subject rights may be asserted both with Meta Platforms Ireland Ltd. and with us.

According to the GDPR, primary responsibility for the processing of Insights data lies with Facebook, and Facebook complies with all GDPR obligations with regard to the processing of Insights data. Meta Platforms Ireland Ltd. provides the essence of the Page Insights Addendum to data subjects.

We do not make any decisions regarding the processing of Insights data or the storage duration of cookies on users’ end devices.

Further information can be found directly on Facebook (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more detailed information on the specific scope and purposes of the processing of your personal data, storage periods/deletion, as well as Facebook’s policies on the use of cookies and similar technologies in the context of registration and use, please refer to Facebook’s privacy policy and cookie guidelines:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
https://www.facebook.com/policies/cookies

Instagram Page

When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the operator of the Instagram page, with statistical insights regarding the use of the page. Further information is available from Instagram at the following link (Note: by clicking the link below, you will be redirected to the website of the social network Facebook, which is also part of the Meta group. However, the information provided there applies equally to the social network Instagram): https://facebook.com/help/pages/insights.

The statistical information provided does not allow us to draw any conclusions about individual users. We use this data solely to better understand the interests of our users, to continuously improve our online presence, and to ensure its quality.

The processing of your personal data for the purposes mentioned above is based on our legitimate business and communication interest in providing an information and communication channel pursuant to Article 6(1)(f) GDPR. If you, as a user, have given consent to the respective social network provider for the processing of your data, the legal basis for processing also includes Article 6(1)(a) in conjunction with Article 7 GDPR.

As the actual data processing is carried out by the social network provider, our access to your data is limited. Only the provider of the social network is authorized to access your data in full.
Therefore, only the provider can take appropriate measures to fulfill your user rights (e.g., access requests, deletion requests, objections, etc.). As a result, asserting such rights is most effective when addressed directly to the respective provider.

We are jointly responsible with Instagram for the personal data processed in connection with our fan page. Data subject rights may be asserted both with Meta Platforms Ireland Ltd. and with us.

According to the GDPR, primary responsibility for the processing of Insights data lies with Instagram, and Instagram fulfills all obligations under the GDPR in relation to the processing of Insights data. Meta Platforms Ireland Ltd. provides the essence of the Page Insights Addendum to data subjects.

We do not make any decisions regarding the processing of Insights data or the storage duration of cookies on users’ end devices.

Further information can be found directly on Instagram (Supplementary Agreement with Facebook):°https://www.facebook.com/legal/terms/page_controller_addendum.

For more detailed information on the specific scope and purposes of the processing of your personal data, storage periods/deletion, as well as Instagram’s policies on the use of cookies and similar technologies in the context of registration and use, please refer to Instagram’s privacy policy and cookie guidelines (Note: by clicking the link below, you will be redirected to the website of the social network Facebook):°https://help.instagram.com/519522125107875/?helpref=uf_share

This information can also be found in the Help section of the Instagram website via the following link:°https://help.instagram.com/581066165581870

LinkedIn Page

LinkedIn is a social network operated by LinkedIn Inc., headquartered in Sunnyvale, California, USA. It enables users to create personal and professional profiles, as well as company pages. Users can maintain existing connections and establish new ones within the network. Companies and other organizations can create profiles where they upload photos and other corporate information to present themselves as employers and recruit staff. Other LinkedIn users can access this information, write their own articles, and share content with others. The platform primarily focuses on professional networking and the exchange of knowledge and expertise among individuals with shared career interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors—for example, username, job title, and IP address. This is done using various tracking technologies. Based on the data collected in this way, LinkedIn provides users with information, offers, and recommendations.

We collect your data via our company profile solely to enable communication and interaction with us. This typically includes your name, message content, comment content, and any profile information you have made “public.”

We are jointly responsible with LinkedIn for the personal data processed in connection with our company profile. Data subject rights may be asserted both with LinkedIn Inc. and with us.

We do not make any decisions regarding the data collected on LinkedIn through tracking technologies.

Further information about LinkedIn can be found at: https://about.linkedin.com.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on storage periods/deletion as well as LinkedIn’s policies on the use of cookies and similar technologies in the context of registration and use can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

Facebook Pixel

Type and scope of data processing

We use the Meta Pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences – i.e., to segment visitor groups of our online offering, measure conversion rates, and subsequently optimize them. This takes place in particular when you interact with ads we have placed via Meta Platforms Ireland Limited.

Purpose and legal basis

The use of the Meta Pixel is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

We intend to transfer personal data to third countries outside the European Economic Area, in particular to the United States. The data transfer to the U.S. is carried out pursuant to Article 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision by the European Commission exists (including U.S. companies that are not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards within the meaning of Articles 44 et seq. GDPR. Unless otherwise stated, these safeguards consist of the Standard Contractual Clauses issued by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these Standard Contractual Clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent in accordance with Article 49(1)(a) GDPR prior to any such transfer to a third country. This consent is provided via the consent manager (or other forms, registrations, etc.).
Please note that transfers to third countries may involve risks that are not fully known in detail (e.g., data processing by security authorities of the third country, the exact scope and consequences of which are unknown to us, beyond our control, and may not be made known to you).

Storage period

The specific storage duration of the processed data is not determined by us but is set by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Meta Pixel: https://www.facebook.com/privacy/explanation

Google Tag Manager

Type and scope of data processing

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.

This enables us to flexibly integrate additional services in order to analyze user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

In cases where no adequacy decision by the European Commission exists (including U.S. companies that are not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards in accordance with Articles 44 et seq. GDPR. Unless otherwise stated, these safeguards consist of the Standard Contractual Clauses issued by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these Standard Contractual Clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent in accordance with Article 49(1)(a) GDPR prior to any such transfer to a third country. This consent is provided via the consent manager (or other forms, registrations, etc.). Please note that transfers to third countries may involve risks that are not fully known in detail (e.g., data processing by security authorities of the third country, the exact scope and consequences of which are unknown to us, beyond our control, and may not be made known to you).

Storage period

The specific storage duration of the processed data is not determined by us but is set by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Sentry

Type and scope of data processing

We use Sentry, a service provided by Functional Software, Inc., 132 Hawthorne St, San Francisco, CA 94107, United States, as a bug tracking tool to detect code errors at an early stage and thereby ensure the technical functionality of our online offering. Anonymous information is collected about the device on which the error occurred and the time the error was detected. In some cases, user sessions may also be recorded to facilitate the resolution of the issue.
Functional Software, Inc. does not use this data for advertising purposes.

Purpose and legal basis

The use of Sentry is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage period

The exact storage period varies on a case-by-case basis. Data is deleted once the error has been resolved and there is no longer a need to access error details. Further information on storage duration by Functional Software, Inc. can be found in the privacy policy for Sentry: https://sentry.io/privacy/

Online Meetings, Conference Calls, und Webinars via „Zoom“

Type and scope of data processing

We use the tool “Zoom” to conduct online meetings, video conferences, and/or webinars (hereinafter referred to as “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., headquartered in the United States.

Various types of data are processed when using “Zoom.” The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data may be subject to processing:

User information: First name, last name, telephone number (optional), email address, password (if “Single Sign-On” is not used), profile picture (optional), department (optional)

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio, and presentation recordings; M4A file of all audio recordings; text file of the online meeting chat

When dialing in by phone: Incoming and outgoing phone number, country name, start and end time. Additional connection data such as the IP address of the device may also be stored, if applicable.

Text, audio, and video data: During an online meeting, you may have the option to use the chat, Q&A, or polling features. Any text input you provide will be processed in order to display it during the online meeting and, if necessary, to log it. To enable video display and audio playback, the data from your device’s microphone and any video camera will be processed for the duration of the meeting. You can deactivate your camera or mute your microphone at any time via the Zoom application.

To participate in an online meeting or to enter the meeting room, you are required to provide at least your name.

We use “Zoom” to conduct online meetings. If we intend to record an online meeting, we will inform you transparently in advance and – where required – ask for your consent. The fact that a recording is taking place will also be displayed within the Zoom app.

If it is necessary to document the results of an online meeting, we may log chat content. However, this is generally not the case.

In the case of webinars, we may also process questions submitted by participants for the purpose of recording and follow-up.

If you are registered as a Zoom user, reports on online meetings (meeting metadata, phone dial-in data, questions and answers in webinars, polling features in webinars) may be stored by Zoom for up to one month.

No automated decision-making as defined in Article 22 GDPR takes place.

Purpose and legal basis

Where personal data of customers is processed, the legal basis for the data processing in the context of conducting online meetings is Article 6(1)(b) GDPR, provided the meetings are held as part of a contractual relationship. If no contractual relationship exists, the legal basis is Article 6(1)(f) GDPR. In this case, our legitimate interest lies in the effective execution of online meetings.

Personal data processed in connection with participation in online meetings is generally not disclosed to third parties unless it is specifically intended for disclosure.

Please note that content from online meetings – just like in face-to-face meetings – is often intended to be shared with customers, prospects, or third parties and is therefore meant to be disclosed.

Other recipient: The provider of “Zoom” necessarily gains access to the above-mentioned data to the extent required under our data processing agreement with Zoom.

“Zoom” is a service provided by a U.S.-based company, which means that personal data is also processed in a third country. We have concluded a data processing agreement with the provider of Zoom that complies with the requirements of Article 28 GDPR.

An adequate level of data protection is ensured, among other things, by the conclusion of the EU Standard Contractual Clauses. As an additional safeguard, we have configured our Zoom settings so that only data centers located in the EU, the EEA, or secure third countries such as Canada or Japan are used for conducting online meetings.

Speicherdauer

The specific storage duration of the processed data is not determined by us but is set by Zoom Video Communications, Inc. Further information can be found in Zoom’s privacy policy: https://explore.zoom.us/de/privacy/?amp_device_id=916ff3ad-b5be-478e-88ab-f9dcfd01cab0&_device_id=916ff3ad-b5be-478e-88ab-f9dcfd01cab0&_gl=1*10rg20r*_gcl_au*MTU5NTYxODMwLjE3MTU4MzAzNDM.*_ga*MTQ0NjEwNjk1LjE3MDczOTE4MjM.*_ga_L8TBF28DDX*MTcyMTc1Nzc3Mi4yOC4xLjE3MjE3NTc5NzEuMC4wLjA.&_ga=2.64626479.1053685439.1723047785-144610695.1707391823

Vimeo Video

Type and scope of data processing

We have integrated Vimeo Video on our website. Vimeo Video is a component of the video platform operated by Vimeo, LLC, where users can upload content, share it over the internet, and access detailed statistics.

Vimeo Video allows us to embed content from the platform into our website.

Vimeo Video uses cookies and other browser technologies to analyze user behavior, recognize returning users, and create user profiles. This information is used, among other things, to analyze interactions with the embedded content and to generate reports.

When you access this content, a connection is established to the servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, during which your IP address and, where applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The use of Vimeo Video is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

n cases where no adequacy decision by the European Commission exists (including U.S. companies that are not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards in accordance with Articles 44 et seq. GDPR. Unless otherwise stated, these safeguards consist of the Standard Contractual Clauses issued by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these Standard Contractual Clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE

Storage period

The specific storage duration of the processed data is not determined by us but is set by Vimeo, LLC.
Further information can be found in the privacy policy for Vimeo Video: https://vimeo.com/privacy

Wix

Type and scope of data processing

Our website was created using the website builder system provided by Wix. Wix is a service offered by Wix.com, Inc. and provides web development technology, web design and layout tools, domain hosting, and other applications for marketing and workflow management.

We use Wix for web hosting and to display our website. In addition, Wix collects statistical data about visits to our website.

The following data is typically transmitted: accessed website, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user operating system, previously visited website (referrer), and IP address.

These log data are processed solely for the purposes mentioned above, as well as to maintain the security, functionality, and optimization of Wix’s services.

Purpose and legal basis

The use of this service is based on our legitimate interests, namely our interest in the secure, efficient provision and optimization of our online offering in accordance with Article 6(1)(f) GDPR.

Storage period

The specific storage duration of the processed data is not determined by us but is set by Wix.com, Inc. Further information can be found in the privacy policy for Wix: https://de.wix.com/about/privacy

Wix CDN

Type and scope of data processing

We use Wix CDN to ensure the proper delivery of content on our website. Wix CDN is a service provided by Wix.com, Inc. that functions as a Content Delivery Network (CDN) on our website.

A CDN helps deliver content from our online offering – particularly files such as graphics or scripts – more quickly by using regionally or internationally distributed servers. When you access this content, a connection is established to servers of Wix.com, Inc., during which your IP address and, where applicable, browser data such as your user agent are transmitted. This data is processed solely for the purposes mentioned above and to maintain the security and functionality of Wix CDN.

Purpose and legal basis

The use of the content delivery network is based on our legitimate interests – namely, our interest in the secure and efficient provision and optimization of our online offering – accordance with Article 6(1)(f) GDPR.

Storage period

The specific storage duration of the processed data is not determined by us but is set by Wix.com, Inc. Further information can be found in the privacy policy for Wix CDN: https://de.wix.com/about/privacy

Wix-Sentry

Type and scope of data processing

We use Wix-Sentry, a service provided by Wix.com, Inc., as a bug tracking tool to detect code errors at an early stage and thereby ensure the technical functionality of our online offering. Anonymous information is collected about the device on which the error occurred and the time the error was detected. In some cases, user sessions may also be recorded to facilitate error resolution. Wix.com, Inc. does not use this data for advertising purposes.

Purpose and legal basis

The use of Wix-Sentry is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

Storage period

The exact storage period varies on a case-by-case basis. Data is deleted once the error has been resolved and there is no longer a need to access error details.

Further information on storage duration by Wix.com, Inc. can be found in the privacy policy for Wix-Sentry: https://sentry.io/privacy/

YouTube Video

Type and scope of data processing

We have integrated YouTube Video on our website. YouTube Video is a component of the video platform operated by YouTube, LLC, where users can upload content, share it over the internet, and access detailed statistics.

YouTube Video allows us to embed content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize returning users, and create user profiles. This information is used, among other things, to analyze interactions with the embedded content and to generate reports. If a user is registered with YouTube, LLC, YouTube Video can associate the viewed videos with the user’s profile.

When you access this content, a connection is established to the servers of YouTube, LLC and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, during which your IP address and, where applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG).

In cases where no adequacy decision by the European Commission exists (including U.S. companies that are not certified under the EU-U.S. DPF), we have agreed with the data recipients on other appropriate safeguards in accordance with Articles 44 et seq. GDPR. Unless otherwise stated, these safeguards consist of the Standard Contractual Clauses issued by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these Standard Contractual Clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE

In addition, we obtain your consent in accordance with Article 49(1)(a) GDPR prior to any such transfer to a third country. This consent is provided via the consent manager (or other forms, registrations, etc.). Please note that transfers to third countries may involve risks that are not fully known in detail (e.g., data processing by security authorities of the third country, the exact scope and consequences of which are unknown to us, beyond our control, and may not be made known to you).

Storage period

The specific storage duration of the processed data is not determined by us but is set by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy

ActiveCampaign

This website uses ActiveCampaign for sending newsletters. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA.

ActiveCampaign is a service used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on servers of ActiveCampaign in the United States.

Data analysis by ActiveCampaign

ActiveCampaign allows us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links were clicked, if any. This helps us identify which links are particularly popular.

Additionally, we can determine whether certain predefined actions were taken after opening or clicking the newsletter (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

ActiveCampaign also allows us to segment newsletter recipients into different categories (“clusters”). For example, recipients can be grouped by age, gender, or place of residence. This enables us to tailor newsletters more effectively to specific target groups. If you do not wish to be analyzed by ActiveCampaign, you must unsubscribe from the newsletter. We provide a corresponding unsubscribe link in every newsletter.

For detailed information about the features of ActiveCampaign, please refer to the following link: https://www.activecampaign.com/email-marketing.

You can find ActiveCampaign’s privacy policy at: https://www.activecampaign.com/privacy-policy.

Legal basis

Data processing is based on your consent (Article 6(1)(a) GDPR). You can revoke your consent at any time. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.

The data transfer to the United States is based on the Standard Contractual Clauses of the European Commission. You can find more details here: https://www.activecampaign.com/legal/newscc and https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.

Storage period

The data you provided for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be combined with other data.
This serves both your interest and our interest in complying with legal requirements for the sending of newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the U.S. Each company certified under the DPF is committed to adhering to these data protection standards.
For more information, please refer to the provider’s website at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnH6AAK&status=Active

Data processing agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Stripe Payments

Type and scope of data processing

We have integrated components of Stripe Payments into our website. Stripe Payments is a service provided by Stripe, Inc. and offers online payment solutions worldwide.

If you choose Stripe Payments as your payment method, the data required for the payment process will be automatically transmitted to Stripe, Inc., San Francisco, California, USA.

The following data is generally collected in this context: name, address, company (if applicable), email address, telephone and mobile number, and IP address.

Purpose and legal basis

The use of this service is based on the performance of a contract, i.e., for processing payment transactions, in accordance with Article 6(1)(b) GDPR.

Storage period

The specific storage duration of the processed data is not determined by us but is set by Stripe, Inc. Further information can be found in the privacy policy for Stripe Payments. https://stripe.com/de/privacy

Mighty Networks

Type and scope of data processing

To access certain areas of our website (community, member area), you have the option to create a member account. The information required for registration is provided by you through the purchase of our products. The username is necessary for creating a member account.

Your personal data will be shared for the purpose of registering a member account solely in accordance with this privacy policy.

To provide the restricted member area, we use a service provided by Mighty Software, Inc., 530 Lytton Ave, 2nd Fl, Office #208, Palo Alto, CA 94301, USA, which processes your personal data on our behalf in accordance with Article 28 GDPR. Your data will not be shared with third parties.

Purpose and legal basis

We process your data to provide access to our member area based on your contract with us, in accordance with Article 6(1)(b) GDPR.

Storage period

After providing access to the member area, we store the data until the end of the contractual term.
Further information can be found in the privacy policy for Mighty Networks: https://www.mightynetworks.com/privacy-policy

Newsletter abonnieren