English (United States)

Prices

Support

Forum

Start now

Legal documents

Legal documents

Privacy Policy

As of: April 2025

Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website or use our service. Personal data is any data that can be used to identify you personally. Detailed information about data protection can be found in our privacy policy listed below this text.

Responsible Party

Safina AI is a service of
DK Tech Solutions UG (in formation)
Schwanthalerstr. 141
80339 Munich

Authorized Representatives:
David Schemm & Karsten Kreh

Email:
info(at)safina.ai

Your Rights

You have the right at any time:

  • To obtain information about the data we store about you (Art. 15 GDPR)

  • To have this data corrected (Art. 16 GDPR)

  • To request the deletion of this data (Art. 17 GDPR)

  • To have the processing of this data restricted (Art. 18 GDPR)

  • To object to the processing (Art. 21 GDPR)

  • To have this data transferred (Art. 20 GDPR)

  • To revoke any granted consent at any time (Art. 7 para. 3 GDPR)

  • To lodge a complaint with a supervisory authority (Art. 77 GDPR)

Detailed information about your rights can be found further down in this statement.

Overview of Processing Activities

Types of Processed Data

  • Inventory Data (e.g., names, addresses during registration)

  • Contact Data (e.g., email, phone numbers)

  • Content Data (e.g., audio recordings of calls (if activated), transcripts, summaries, analyses, configurations such as call scripts) - hereafter also referred to as "user content"

  • Usage Data (e.g., visited websites/app areas, interest in content, access times, features used)

  • Meta/Communication Data (e.g., device information, IP addresses, call data such as phone numbers, time of call, duration)

  • Payment Data (for paid plans, processed by payment service providers)

Categories of Affected Persons

  • Users of our service (customers, prospects)

  • Callers who interact with users via the service

  • Visitors to our website

  • Communication partners

  • Business and contractual partners

Purposes of Processing

  • Provision of the Safina AI service (AI-powered mailbox/telephone exchange) according to contract (Art. 6 para. 1 lit. b GDPR)

  • Fulfillment of contractual obligations (e.g., providing user accounts, billing) (Art. 6 para. 1 lit. b GDPR)

  • Communication with users and prospects (Art. 6 para. 1 lit. b or f GDPR)

  • Security measures to protect the service and data (Art. 6 para. 1 lit. f GDPR)

  • Direct marketing (with consent or for existing customers under the conditions of § 7 para. 3 UWG) (Art. 6 para. 1 lit. a or f GDPR)

  • Reach measurement and analysis to improve website and service (with consent or based on legitimate interests) (Art. 6 para. 1 lit. a or f GDPR)

  • Office and organizational procedures (Art. 6 para. 1 lit. c or f GDPR)

  • Management of feedback and inquiries (Art. 6 para. 1 lit. b or f GDPR)

  • Provision and optimization of our online offerings and user-friendliness (Art. 6 para. 1 lit. f GDPR)

  • Fulfillment of legal obligations (e.g., storage obligations) (Art. 6 para. 1 lit. c GDPR)

Applicable Legal Bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection provisions in your or our residence or seat country may apply. If specific legal bases are significant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or multiple specific purposes.

  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures initiated at the request of the data subject.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - the processing is necessary for the protection of the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject, which require protection of personal data, do not outweigh.

National Data Protection Regulations in Germany: In addition to the data protection provisions of the GDPR, national regulations on data protection in Germany apply. This particularly includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) as well as the Telecommunications-Telemedia Data Protection Act (TTDSG). The BDSG contains specific provisions regarding the right to information, the right to deletion, the right to object, processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Note on the applicability of the GDPR and Swiss DPA: This privacy notice serves to provide information according to both the Swiss DPA and the General Data Protection Regulation (GDPR). For this reason, please note that due to its broader geographic application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA "processing" of "personal data", "overriding interest", and "particularly sensitive personal data", the terms used in the GDPR "processing" of "personal data" as well as "legitimate interest" and "special categories of data" are used. The legal meaning of the terms will continue to be determined under the applicability of the Swiss DPA.

Security Measures

We implement appropriate technical and organizational measures in accordance with the legal requirements (in particular Art. 32 GDPR) considering the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing as well as the varying probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure an adequate level of protection relative to the risk.

These measures include in particular ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data and also the access, input, transfer, protection of availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data security breaches. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures in line with the principle of data protection through technical design and by default settings that are privacy-friendly (Art. 25 GDPR).

Transmission of Personal Data

As part of our processing of personal data, it may occur that these are transmitted to other locations, companies, legally independent organizational units, or persons or are disclosed to them. Recipients of this data may include, for example, service providers tasked with IT functions or providers of services and content that are integrated into a website. In particular, for the provision of the core service of Safina AI, we use specialized technical service providers (sub-processors) as described in the section "Engaged Service Providers (Sub-processors) for the Safina AI Service".

In such cases, we observe the legal requirements and conclude in particular corresponding contracts or agreements (data processing agreements in accordance with Art. 28 GDPR) that protect your data with the recipients of your data. There will be no transfer of your data to third parties for advertising purposes.

Engaged Service Providers (Sub-processors) for the Safina AI Service

To technically provide and optimize the Safina AI service, we engage carefully selected technical service providers (sub-processors). The processing by these service providers takes place on the basis of data processing agreements (Art. 28 GDPR). This includes in particular services in the following areas:

  • Hosting: For storing and providing the data and the service. Our primary hosting location is Germany (currently Amazon Web Services - AWS in Frankfurt am Main).

  • Telephony Connection: For answering and forwarding calls (e.g., Twilio).

  • AI Functions: For speech recognition, transcription, speech generation, summaries, and analyses (e.g., OpenAI, Google Cloud AI Services, Deepgram, Elevenlabs).

  • Payment Processing: For processing payments for paid plans (e.g., Stripe when booked via the website; Apple/Google for in-app purchases, possibly via RevenueCat for subscription management).

  • Analysis Tools (Service Optimization): For analyzing service usage and troubleshooting (e.g., Posthog).

  • Communication Services: For sending emails and notifications (e.g., Brevo).

The use of these service providers is necessary for the provision of the contractually agreed services (Art. 6 para. 1 lit. b GDPR). Some of these service providers may have their location outside the EU/EEA or process data there, as described in the section "International Data Transfers".

No Use of User Content for AI Training

We clarify that your user content, specifically audio recordings and transcripts of phone calls, will not be used by us to train our own or third-party AI models. The processing of this data occurs exclusively for the provision of the service you have booked according to our terms of use.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons, authorities, or companies, this will only take place in accordance with the legal requirements.

Our primary hosting location for the core data of the Safina AI service is Germany (see section "Engaged Service Providers"). However, some of the subprocessors we use (especially for AI functions, telephony, analysis, or payment processing) may also process data in third countries, particularly the USA.

If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. For the USA, such an adequacy decision exists for companies certified under the "EU-US Data Privacy Framework" (DPF). The list of certified companies and more information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the descriptions of individual services (e.g., Google, Meta, Posthog) whether the provider is DPF-certified.

Otherwise, data transfers will only occur if the level of data protection is secured in another way, particularly through the conclusion of Standard Contractual Clauses (SCCs) of the EU Commission (Art. 46 para. 2 lit. c GDPR), your explicit consent (Art. 49 para. 1 lit. a GDPR), or if the transfer is necessary for the performance of the contract (Art. 49 para. 1 lit. b or c GDPR).

Information on third-country transfers and existing adequacy decisions can be found in the information offerings of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions (Art. 17 GDPR) as soon as the underlying consents are revoked or no further legal bases for the processing exist (e.g., when the purpose of processing has ceased and there is no legal retention obligation to the contrary). This concerns cases where the original purpose of processing no longer applies or the data is no longer necessary. Exceptions to this regulation apply when legal obligations (e.g., commercial or tax retention obligations) or our legitimate interests (e.g., to assert, exercise or defend legal claims) require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that specifically applies to particular processing processes. After the termination of the user agreement, we delete your user content in accordance with the provisions in our terms of use (typically after 30 days, unless retention obligations exist).

In the case of multiple statements regarding the retention period or deletion deadlines of a date, the longest period shall always apply.

If a period does not expressly begin on a specific date and lasts at least one year, it automatically starts at the end of the calendar year in which the event giving rise to the period occurred. In the case of ongoing contractual relationships in which data is stored, the event giving rise to the period is the date of the validity of the termination or any other termination of the legal relationship.

Data that is retained no longer for the originally intended purpose, but based on legal provisions or other reasons, will only be processed for the reasons that justify their retention.

Further notes on processing activities, procedures and services:

  • Retention and Deletion of Data: The following general deadlines apply for the retention and archiving according to German law:

    • 10 Years: Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the necessary work instructions and other organizational documents, booking documents, and invoices (§ 147 para. 3 i. V. m. para. 1 No. 1, 4, and 4a AO, § 14b para. 1 UStG, § 257 para. 1 No. 1 and 4, para. 4 HGB).

    • 6 Years: Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents, as far as they are relevant for taxation (§ 147 para. 3 i. V. m. para. 1 No. 2, 3, 5 AO, § 257 para. 1 No. 2 and 3, para. 4 HGB).

    • 3 Years: Data that is necessary to consider potential warranty and damage claims or similar contractual claims and rights as well as to process associated inquiries, based on previous business experiences and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Affected Persons

Rights of affected persons under the GDPR: You have various rights under the GDPR as a data subject, which arise particularly from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is being processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is connected to such direct marketing.

  • Right to revoke consent: You have the right to revoke consents granted at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

  • Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.

  • Right to rectification: You have the right to request the completion of the personal data concerning you that is processed or the rectification of inaccurate personal data concerning you in accordance with legal requirements.

  • Right to deletion and restriction of processing: You have the right to request that personal data concerning you be deleted immediately, or alternatively to request a restriction of the processing of personal data concerning you in accordance with legal requirements.

  • Right to data portability: You have the right to receive personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transfer to another controller in accordance with legal requirements.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contract partners"), within the framework of contractual and comparable legal relationships as well as related measures and with regard to communication with the contract partners (or pre-contractually), for example to respond to inquiries. The legal basis here is Art. 6 para. 1 lit. b GDPR.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services (Safina AI service), any update obligations and remedy for warranty and other performance disruptions. In addition, we use the data to assert our rights and for purposes related to these obligations as well as organizational tasks (Art. 6 para. 1 lit. f GDPR). Furthermore, we process the data based on our legitimate interests in proper and economical business management as well as in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., to involve telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities) (Art. 6 para. 1 lit. f GDPR). In accordance with applicable law, we only pass on the data of contract partners to third parties (in particular our sub-processors) to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Further forms of processing, for example for marketing purposes, will be communicated to the contract partners in the context of this privacy policy.

We inform the contract partners which data is necessary for the aforementioned purposes prior to or in the course of data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after expiry of legal warranty and comparable obligations, i.e., in principle after four years, unless the data is stored in a customer account, e.g., as long as it has to be retained for legal archiving reasons (e.g., for tax purposes generally ten years). Data disclosed to us by the contract partner in the course of an order is deleted in accordance with the provisions and generally after the end of the order, subject to legal retention obligations.

Data Processing Agreement (DPA) for Entrepreneurs

If you use the Safina AI service as an entrepreneur (in accordance with § 14 BGB) and have personal data (especially data of your callers) processed by us as Safina AI, you act as the controller within the meaning of Art. 4 No. 7 GDPR and we act as the processor within the meaning of Art. 4 No. 8 GDPR.

In this case, the conclusion of a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR between you and us is mandatory to ensure data protection compliant processing. This DPA regulates the rights and obligations of both parties concerning the processing of personal data.

Conclusion of the DPA is a prerequisite for the lawful use of the service by entrepreneurs for processing personal data of their callers. You are responsible for concluding the DPA with us in a timely manner before the processing of personal data via the service begins. Our standard DPA can be obtained by request at info(at)safina.ai.

Registration, Sign-In, and User Account

Users can create a user account. During the registration process, the required mandatory information will be communicated to users and processed for the purpose of providing the user account based on contractual obligation fulfillment (Art. 6 para. 1 lit. b GDPR). The processed data includes in particular the login information (username or email address, password).

As part of the use of our registration and sign-in functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage occurs based on our legitimate interests as well as those of users for protection against misuse and other unauthorized use (Art. 6 para. 1 lit. f GDPR). Transfer of this data to third parties generally does not occur unless it is necessary for pursuing our claims or there is a legal obligation to do so (Art. 6 para. 1 lit. c or f GDPR).

Users can be informed via email about events relevant to their user account, such as technical changes or billing information (Art. 6 para. 1 lit. b GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media), as well as in the context of existing user and business relationships, the information of the inquiring persons will be processed to the extent necessary to answer contact inquiries and any requested measures (Art. 6 para. 1 lit. b or f GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") solely with the consent of the recipients (Art. 6 para. 1 lit. a GDPR) or based on a legal basis (e.g., § 7 para. 3 UWG for existing customers). If, in the context of signing up for the newsletter, its contents are mentioned, these contents are decisive for the users' consent. For subscribing to our newsletter, providing your email address is usually sufficient. However, to provide you with a personalized service, we may request your name for personal addressing in the newsletter or additional information if this is necessary for the purpose of the newsletter.

Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to document a previously given consent (Art. 6 para. 1 lit. f GDPR). Processing of this data will be limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided the former existence of consent is confirmed at the same time. In the case of obligations to permanently comply with objections, we reserve the right to store the email address solely for this purpose in a blocking list (known as a "blocklist") (Art. 6 para. 1 lit. f GDPR).

The logging of the registration process occurs based on our legitimate interests for the purpose of proving its proper course (Art. 6 para. 1 lit. f GDPR). If we engage a service provider for sending emails (e.g., Brevo), this is done based on our legitimate interests in an efficient and secure sending system (Art. 6 para. 1 lit. f GDPR) and within the framework of a data processing agreement (Art. 28 GDPR).

Contents: Information about us, our services, promotions, and offers.

Advertising Communication via Email, Post, Fax, or Phone

We process personal data for the purposes of advertising communication, which may occur through various channels, such as email, phone, post, or fax, in accordance with legal provisions (based on Art. 6 para. 1 lit. a or f GDPR, possibly in conjunction with § 7 UWG).

Recipients have the right to revoke consents granted at any time or to object to advertising communication at any time.

After revocation or objection, we store the data necessary for documenting the previous authorization for contact or sending for up to three years after the end of the year in which the revocation or objection occurred, based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). Processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest of permanently considering the cancellation or objection of users, we also store the required data to avoid renewed contact (e.g., depending on the communication channel the email address, phone number, name) in a blocking list (Art. 6 para. 1 lit. f GDPR).

Web Analysis, Monitoring, and Optimization (Website & App)

The web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offerings (website and app) and can include behavior, interests, or demographic information about the visitors, such as age or gender, in pseudonymous values. Using reach analysis, we can, for example, identify when our online offerings or their functions or content are most frequently used or invite reuse. It is also possible for us to track which areas need improvement. In addition to web analysis, we may also use testing methods to test and optimize different versions of our online offerings or its components.

Unless stated otherwise below, profiles can be created for these purposes which summarize data related to a usage operation, and information can be stored in a browser or on an end device and then read out (e.g., using cookies or similar technologies such as local storage or app-specific identifiers). The collected information includes in particular visited websites/app areas and the elements used there as well as technical information such as the used browser, the used computer system/operating system, and information about usage times. If users have consented to the collection of their location data towards us or towards the providers of the services we use, processing of location data is also possible.

Furthermore, the IP addresses of users are stored. However, we use an IP-masking method (i.e., pseudonymization by truncating the IP address) to protect users where technically feasible. Generally, no clear data of users (such as email addresses or names) is stored within the framework of web analysis, A/B testing, and optimization, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on Legal Bases: If we ask users for their consent to use third-party providers (e.g., through a cookie banner or app query), the legal basis for data processing will be consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG). Otherwise, user data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services as well as optimizing our offerings) (Art. 6 para. 1 lit. f GDPR, § 25 para. 2 TTDSG). In this context, we would also like to draw your attention to the information regarding the use of cookies and similar technologies in this privacy policy.

Online Marketing

We process personal data for the purpose of online marketing, which may include the marketing of advertising spaces or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar methods are used, through which the information relevant for displaying the aforementioned content are stored pertaining to the user. This may include viewed content, visited websites, used online networks, but also communication partners and technical information such as the used browser, the used computer system as well as information about usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

Additionally, the IP addresses of users are stored. However, we use available IP-masking methods (i.e., pseudonymization by truncating the IP address) for user protection. Generally, no clear data of users (such as email addresses or names) is stored in online marketing procedures, but pseudonyms. This means that we, as well as the providers of the online marketing processes, do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are generally stored in the cookies or via similar methods. These cookies may later also be read on other websites that use the same online marketing process, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the provider of the online marketing process.

In exceptional cases, it is possible to associate clear data with the profiles, primarily when users, for example, are members of a social network whose online marketing processes we use and the network connects the user profiles with the aforementioned information. Please note that users can make additional agreements with the providers, for example, through consent during registration.

Generally, we only receive access to aggregated information about the success of our advertising. However, we can check within the framework of so-called conversion measurements which of our online marketing measures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used only for the success analysis of our marketing measures.

Unless stated otherwise, please assume that cookies used will be stored for a period of up to two years.

Notes on Legal Bases: If we ask users for their consent to use third-party providers (e.g., via a cookie banner), the legal basis for data processing is consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG). Otherwise, the users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services as well as analyzing and optimizing our marketing measures) (Art. 6 para. 1 lit. f GDPR, § 25 para. 2 TTDSG).

Notes on Revocation and Objection: We refer to the privacy notices of the respective providers and the options for objection provided for the providers (so-called "opt-out"). If no explicit opt-out option has been indicated, one option is that you disable cookies in your browser settings. However, this may limit the functionality of our online offerings. Therefore, we also recommend the following opt-out options, which are offered collectively in respective areas:
a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Cross-border: https://optout.aboutads.info.

Plug-ins and Embedded Functions as well as Content

We integrate functional and content elements into our online offerings that are obtained from the servers of their respective providers (hereinafter referred to as "third parties"). This may include graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the third parties of this content process the users' IP address as they cannot send the content to their browser without the IP address. The IP address is thus required for displaying this content or functions. We strive to use only those contents whose respective providers apply the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users' devices, containing technical information about the browser and operating system, referring websites, visit time, and other data regarding the usage of our online offerings, but may also be connected with such information from other sources.

Notes on Legal Bases: If we ask users for their consent to use third parties, the legal basis for data processing will be consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG). Otherwise, user data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services as well as appealing representation of our offerings) (Art. 6 para. 1 lit. f GDPR, § 25 para. 2 TTDSG).

Engaged Services and Service Providers

Google Fonts (Local)

This site uses so-called "Google Fonts" for a uniform presentation of fonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have embedded the Google Fonts locally on our server. Therefore, no connection to Google servers occurs when accessing our website. No data is transmitted to Google.

Use of the Meta Pixel (Facebook Pixel)

On our website, we use the Meta Pixel of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; "Meta"). This is an analysis tool that allows us to measure the effectiveness of our advertising measures on the platforms Facebook and Instagram, run targeted advertising (Custom Audiences), and track user activities triggered by our advertisements (conversion measurement).

The Meta Pixel captures information such as the pages you visit, interactions (e.g., clicks), purchases made (if applicable), filled-out forms, and device-specific information (including IP address, browser information, and cookie data). This data is transmitted to Meta's servers and stored there, possibly also in the USA.

The processing occurs exclusively based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which you grant through our cookie banner and can revoke at any time.

You can also object to the data collection by the Meta Pixel in your Facebook settings: https://www.facebook.com/settings?tab=ads. For more information on data processing by Meta, please refer to Meta's data policy at: https://www.facebook.com/policy.php.

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection for data transfers to the USA (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active).

Posthog (Website & App Analysis Tool)

If you have granted your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG (e.g., via a cookie banner or app query), we collect user data about your behavior on our website and within the app (click and display behavior) via our analysis tool Posthog, which we statistically evaluate for internal purposes (website/app optimization, improving user experience).

For this, we use functions of the service Posthog Inc., 2261 Market Street #4063, San Francisco, CA 94114, USA. Posthog can record and replay your behavior on the website and within the app. Your personal data is stored and evaluated – particularly the activity (which pages/functions were used, which elements were clicked). Each user is assigned a tracking code (pseudonymized user ID). The processed personal data will be stored by PostHog by default on servers within the EU (Frankfurt, Germany). A transfer to the USA only occurs in exceptional cases.

The storage of this data occurs as long as it is necessary for the fulfillment of processing purposes or your consent exists.

For more information on data processing by PostHog, please see here: https://posthog.com/privacy.

PostHog Inc. is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection for any data transfers to the USA (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000POO8AAO&status=Active).

Chatbot from Pickaxe Project

We use a chatbot from the provider Pickaxe Project Inc., based in the USA, on our website. This chatbot is designed solely to answer general questions about our service. To ensure your privacy, the chatbot is configured so that no personal data from you is collected or stored. This means we neither store your IP address nor request you to provide personal information to use the chatbot. Communication is anonymous.

As no personal data is processed, an agreement on data processing with Pickaxe Project is not required. The use is based on our legitimate interest in efficiently answering general inquiries (Art. 6 para. 1 lit. f GDPR).

For more information on data protection at Pickaxe Project, please refer to the provider's privacy policy: https://beta.pickaxeproject.com/privacy.

Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure that it always meets the current legal requirements or to implement changes to our services in the privacy policy, for example, when introducing new services. For your subsequent visit, the new privacy policy will then apply.