English (United States)

Pricing

Support

Login

Try for free

Legal documents

Legal documents

Privacy Policy

Status: April 2025

Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website or use our service. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Responsible Entity

Safina AI is a service of
DK Tech Solutions UG
Schwanthalerstr. 141
80339 Munich

Authorized Representatives:
David Schemm & Karsten Kreh

Registration Number
HRB 302584

E-Mail:
info(at)safina.ai

Your Rights

You have the right at any time to:

  • Obtain information about your data stored with us (Art. 15 GDPR)

  • Have this data rectified (Art. 16 GDPR)

  • Request the deletion of this data (Art. 17 GDPR)

  • Request the restriction of processing of this data (Art. 18 GDPR)

  • Object to the processing (Art. 21 GDPR)

  • Request the transfer of this data (Art. 20 GDPR)

  • Withdraw any consent given at any time (Art. 7 (3) GDPR)

  • File a complaint with a supervisory authority (Art. 77 GDPR)

Detailed information about your rights can be found further down in this declaration.

Overview of Processing Activities

Types of Processed Data

  • Inventory Data (e.g., names, addresses upon registration)

  • Contact Data (e.g., email, phone numbers)

  • Content Data (e.g., audio recordings of calls (if activated), transcripts, summaries, analyses, configurations like call scripts) - hereinafter referred to as "user content"

  • Usage Data (e.g., visited websites/app areas, interest in content, access times, utilized functions)

  • Meta/Communication Data (e.g., device information, IP addresses, call data such as phone numbers, time, duration)

  • Payment Data (for paid plans, processed by payment service providers)

Categories of Affected Persons

  • Users of our service (customers, prospects)

  • Callers interacting with users through the service

  • Visitors to our website

  • Communication partners

  • Business partners and contractual partners

Purposes of Processing

  • Provision of the Safina AI service (AI-controlled mailbox/telephone system) in accordance with the contract (Art. 6 (1) (b) GDPR)

  • Fulfillment of contractual obligations (e.g., provision of user account, billing) (Art. 6 (1) (b) GDPR)

  • Communication with users and prospects (Art. 6 (1) (b) or (f) GDPR)

  • Security measures to protect the service and the data (Art. 6 (1) (f) GDPR)

  • Direct marketing (with consent or for existing customers under the conditions of § 7 (3) UWG) (Art. 6 (1) (a) or (f) GDPR)

  • Reach measurement and analysis to improve website and service (with consent or based on legitimate interests) (Art. 6 (1) (a) or (f) GDPR)

  • Office and organizational procedures (Art. 6 (1) (c) or (f) GDPR)

  • Management of feedback and inquiries (Art. 6 (1) (b) or (f) GDPR)

  • Provision and optimization of our online offering and user-friendliness (Art. 6 (1) (f) GDPR)

  • Compliance with legal obligations (e.g., storage requirements) (Art. 6 (1) (c) GDPR)

Relevant Legal Bases

Relevant legal bases under GDPR: Below you will find an overview of the legal bases under GDPR on which we process personal data. Please note that in addition to the provisions of GDPR, national data protection regulations in your or our country of residence may apply. If, in individual cases, more specific legal bases should be relevant, we will inform you of this in the privacy policy.

  • Consent (Art. 6 (1) sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or purposes.

  • Contract fulfillment and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6 (1) sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR) - the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes, in particular, the Federal Data Protection Act (BDSG) and the Telecommunications-Telemedia Data Protection Act (TTDSG). The BDSG contains special provisions on the right of access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission and automated decision-making in individual cases including profiling. Furthermore, state data protection laws of individual federal states may apply.

Notice on the applicability of GDPR and Swiss DSG: This data protection notice serves to provide information under both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data” used in the Swiss DSG, “processing” of “personal data” as well as “legitimate interest” and “special categories of data” are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DSG within the scope of its applicability.

Security Measures

We take appropriate technical and organizational measures, in accordance with legal requirements (in particular Art. 32 GDPR), taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the varying probabilities of occurrence and the severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access relating to the data, input, transfer, securing the availability, and separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and responses to data security threats. We consider the protection of personal data at the time of the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and by default data protection settings (Art. 25 GDPR).

Transmission of Personal Data

In the context of our processing of personal data, it may occur that these are transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers assigned with IT tasks or providers of services and content embedded in a website. Specifically for the provision of the core service of Safina AI, we engage specialized technical service providers (sub-processors) as described in the section “Engaged Service Providers (Sub-processors) for the Safina AI Service.”

In such cases, we comply with legal requirements and enter into appropriate contracts or agreements (data processing agreements in accordance with Art. 28 GDPR) aimed at protecting your data with the recipients of your data. There is no transfer of your data for the purposes of advertising by third parties.

Engaged Service Providers (Sub-processors) for the Safina AI Service

To technically provide and optimize the Safina AI service, we use carefully selected technical service providers (sub-processors). The processing by these service providers is carried out on the basis of data processing agreements (Art. 28 GDPR). This includes, in particular, services in the following areas:

  • Hosting: For the storage and provision of data and service. Our primary hosting location is Germany (currently Amazon Web Services - AWS in Frankfurt am Main).

  • Telephony Connection: For receiving and forwarding calls (e.g., Twilio).

  • AI Functions: For speech recognition, transcription, speech generation, summaries, and analyses (e.g., OpenAI, Google Cloud AI Services, Deepgram, Elevenlabs).

  • Payment Processing: For processing payments in paid plans (e.g., Stripe for bookings through the website; Apple/Google for in-app purchases, possibly via RevenueCat for subscription management).

  • Analysis Tools (Service Optimization): For analyzing service usage and troubleshooting (e.g., Posthog).

  • Communication Services: For sending emails and notifications (e.g., Brevo).

The engagement of these service providers is necessary for the provision of the contractually agreed services (Art. 6 (1) (b) GDPR). Some of these service providers may be located outside the EU/EEA or process data there, as described in the section “International Data Transfers.”

No Use of User Content for AI Training

We clarify that your user content, in particular audio recordings and transcripts of phone calls, will not be used by us to train our own or third-party AI models. The processing of this data is carried out solely for the provision of the service you booked in accordance with our terms of use.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing occurs in connection with the use of third-party services or the disclosure or transfer of data to other persons, entities, or companies, this will only be done in accordance with legal requirements.

Our primary hosting location for the core data of the Safina AI service is Germany (see the section “Engaged Service Providers”). However, some of the sub-processors we use (especially for AI functions, telephony, analysis, or payment processing) may also process data in third countries, particularly the USA.

If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. For the USA, such an adequacy decision exists for companies certified under the “EU-US Data Privacy Framework” (DPF). You can find the list of certified companies and further information about the DPF on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the descriptions of the individual services (e.g., Google, Meta, Posthog) whether the provider is DPF-certified.

Moreover, data transfers will only occur if the data protection level is otherwise secured, particularly through the conclusion of standard contractual clauses (Standard Contractual Clauses - SCCs) of the EU Commission (Art. 46 (2) (c) GDPR), your express consent (Art. 49 (1) (a) GDPR), or if the transfer is necessary for the performance of the contract (Art. 49 (1) (b) or (c) GDPR).

Information on third country transfers and present adequacy decisions can be found in the informational offering of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions (Art. 17 GDPR) as soon as the underlying consents are revoked or no further legal bases for processing exist (e.g., when the purpose of processing no longer applies and there are no legal retention obligations). This applies to cases where the original purpose of processing no longer exists or the data are no longer needed. Exceptions to this provision apply when legal obligations (e.g., commercial or tax retention obligations) or our legitimate interests (e.g., for the assertion, exercise, or defense of legal claims) require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or that must be stored for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that specifically apply to certain processing processes. After the termination of the service contract, we will delete your user content in accordance with the regulations in our terms of use (generally after 30 days, unless there are retention obligations).

In cases with multiple statements regarding the retention period or deletion deadlines of a date, the longest period shall be applicable.

If a period does not explicitly start at a specific date and lasts at least one year, it shall automatically begin at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships during which data is stored, the triggering event is the moment when the termination becomes effective or any other termination of the legal relationship.

Data that is no longer required for the originally intended purpose but is retained due to legal mandates or other reasons will only be processed for the reasons justifying its retention.

Further Information on Processing Processes, Procedures, and Services:

  • Retention and Deletion of Data: The following general periods apply for retention and archiving under German law:

    • 10 Years: Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the necessary work instructions and other organizational documents, bookkeeping vouchers and invoices (§ 147 (3) in conjunction with (1) nos. 1, 4 and 4a AO, § 14b (1) UStG, § 257 (1) nos. 1 and 4, (4) HGB).

    • 6 Years: Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents as far as they are relevant for taxation (§ 147 (3) in conjunction with (1) nos. 2, 3, 5 AO, § 257 (1) nos. 2 and 3, (4) HGB).

    • 3 Years: Data necessary to consider potential warranty and damage claims or similar contractual claims and rights as well as to process related inquiries, based on previous business experiences and customary industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Affected Persons

Rights of affected persons under the GDPR: As affected persons, you have various rights under the GDPR, which particularly arise from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on this provision. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to Withdraw Consent: You have the right to withdraw given consents at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right of Access: You have the right to obtain confirmation as to whether personal data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.

  • Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of your personal data or the rectification of your inaccurate personal data.

  • Right to Deletion and Restriction of Processing: You have the right, in accordance with legal requirements, to request that personal data concerning you be deleted immediately, or alternatively, to request a restriction of processing of personal data concerning you in accordance with legal requirements.

  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of that data to another controller in accordance with legal requirements.

  • Right to Lodge a Complaint with a Supervisory Authority: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contract partners”), within the framework of contractual and comparable legal relationships as well as related measures and in relation to communication with the contract partners (or pre-contractually), for example, to respond to inquiries. The legal basis for this is Art. 6 (1) (b) GDPR.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services (Safina AI service), any obligations to update, and remedying warranty and other performance disturbances. Furthermore, we use the data to safeguard our rights and for the purposes of related administrative tasks and corporate organization (Art. 6 (1) (f) GDPR). In addition, we process the data on the basis of our legitimate interests in proper and efficient business management as well as security measures to protect our contract partners and our business operations from abuse, threats to their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax, and legal advisors, payment service providers, or financial authorities) (Art. 6 (1) (f) GDPR). Within the framework of applicable law, we only pass on the data of contract partners to third parties (particularly our sub-processors) to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contract partners will be informed of other forms of processing, for example, for marketing purposes in the framework of this privacy policy.

We will inform contract partners of which data are required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We will delete the data after expiration of the statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (typically ten years for tax purposes). Data that has been disclosed to us in the context of an order by the contract partner will be deleted in accordance with the regulations and generally after the end of the order, subject to legal retention obligations.

Data Processing Agreement (DPA) for Entrepreneurs

If you use the Safina AI service as an entrepreneur (according to § 14 BGB) and have personal data (especially data of your callers) processed by us as Safina AI within this use, you act as the controller under Art. 4 No. 7 GDPR and we act as the processor under Art. 4 No. 8 GDPR.

In this case, the conclusion of a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR between you and us is mandatory to ensure compliance with data protection regulations. This DPA regulates the rights and obligations of both parties regarding the processing of personal data.

The conclusion of the DPA is a prerequisite for the lawful use of the service by entrepreneurs for processing personal data of their callers. You are responsible for completing the DPA with us in a timely manner before processing personal data through the service begins. You can obtain our standard DPA by requesting it at info(at)safina.ai.

Registration, Login, and User Account

Users can create a user account. In the context of registration, the necessary mandatory information is communicated to users and is processed for the purpose of providing the user account based on contractual obligation fulfillment (Art. 6 (1) (b) GDPR). The processed data includes, in particular, the login information (username or email address, password).

In the context of utilizing our registration and login features as well as the use of the user account, we store the IP address and the time of the respective user action. The storage occurs based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use (Art. 6 (1) (f) GDPR). This data is generally not shared with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so (Art. 6 (1) (c) or (f) GDPR).

Users may be informed via email about occurrences that are relevant to their user account, such as technical changes or billing information (Art. 6 (1) (b) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or via social media) as well as in the context of existing user and business relationships, the details of the inquiring individuals are processed as far as this is necessary for answering the contact inquiries and any requested measures (Art. 6 (1) (b) or (f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) solely with the consent of the recipients (Art. 6 (1) (a) GDPR) or based on a legal basis (e.g., § 7 (3) UWG for existing customers). If the contents of the newsletter are specified during the signup process, these contents are decisive for the users’ consent. Normally, you only need to provide your email address to sign up for our newsletter. However, to provide a personalized service, we may request your name for personal addressing in the newsletter or additional information if this is necessary for the purpose of the newsletter.

Deletion and Restriction of Processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them to prove a previously given consent (Art. 6 (1) (f) GDPR). Processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed. In the case of obligations to permanently respect objections, we reserve the right to retain the email address solely for this purpose in a suppression list (so-called “blocklist”) (Art. 6 (1) (f) GDPR).

The logging of the registration process occurs based on our legitimate interests for the purpose of evidence of its proper course (Art. 6 (1) (f) GDPR). If we engage a service provider to send emails (e.g., Brevo), this is done based on our legitimate interests in an efficient and secure mailing system (Art. 6 (1) (f) GDPR) and within the framework of a data processing agreement (Art. 28 GDPR).

Contents: Information about us, our services, promotions, and offers.

Promotional Communication via Email, Post, Fax, or Phone

We process personal data for the purposes of promotional communication, which can occur through various channels, such as email, phone, post, or fax, in accordance with legal provisions (based on Art. 6 (1) (a) or (f) GDPR, possibly in conjunction with § 7 UWG).

The recipients have the right to withdraw given consents at any time or to object to promotional communication at any time.

After withdrawal or objection, we will store the data necessary to prove previous authorization for contact or sending for up to three years after the end of the year of withdrawal or objection based on our legitimate interests (Art. 6 (1) (f) GDPR). The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest in permanently respecting the users’ withdrawal or objection, we will also store the data necessary to avoid contacting again (e.g., depending on the communication channel, the email address, telephone number, name) in a suppression list (Art. 6 (1) (f) GDPR).

Web Analysis, Monitoring, and Optimization (Website & App)

Web analysis (also known as “reach measurement”) serves to evaluate visitor flows to our online offering (website and app) and can include pseudonymous values regarding visitor behavior, interests, or demographic information such as age or gender. With the help of reach analysis, for example, we can recognize when our online offering or its functions or contents are used most often, or invite for reuse. It is also possible for us to track which areas need optimization. In addition to web analysis, we can also employ testing procedures to test and optimize different versions of our online offering or its components.

Unless stated otherwise below, profiles may be created for these purposes, i.e., data summarized for a usage process, and information may be saved in a browser or on an end device and then read (e.g., using cookies or similar technologies like local storage or app-specific identifiers). The collected information includes, in particular, visited websites/app areas and the elements used there, as well as technical information such as the browser used, the computer system/operating system used, and information about usage times. If users have consented to the collection of their location data with us or with the providers of the services we employ, the processing of location data may also be possible.

Furthermore, the users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users where technically feasible. Generally, no clear data of users (such as email addresses or names) is stored within the context of web analysis, A/B testing, and optimization; instead, pseudonymous data is used. This means that neither we nor the providers of the utilized software know the actual identity of the users but only the information stored in their profiles for purpose of the respective procedures.

Notes on Legal Bases: If we ask users for their consent to use third-party providers (e.g., via a cookie banner or app prompt), the legal basis for data processing is consent (Art. 6 (1) (a) GDPR, § 25 (1) TTDSG). Otherwise, user data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services, as well as optimizing our offering) (Art. 6 (1) (f) GDPR, § 25 (2) TTDSG). In this context, we would also like to draw your attention to the information regarding the use of cookies and similar technologies in this privacy policy.

Online Marketing

We process personal data for the purpose of online marketing, which may particularly involve the marketing of advertising spaces or the presentation of advertising and other content (collectively referred to as “content”) based upon potential interests of users as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar methods used to store relevant information about users for the display of the aforementioned content. This may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information, such as the browser used, the computer system used, and information on usage times and used features. If users have consented to the collection of their location data, this can also be processed.

Moreover, the users’ IP addresses are stored. However, we employ available IP masking procedures (i.e., pseudonymization through truncation of the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) is stored within the framework of the online marketing procedure; rather, pseudonymous data is used. This means that neither we nor the providers of the online marketing procedures know the actual user identity but only the information stored in their profiles.

Typically, the information in profiles is stored in cookies or similar methods. These cookies can later be read on other websites utilizing the same online marketing procedure and analyzed for the purpose of displaying content, as well as being complemented with additional data and stored on the server of the online marketing service provider.

Occasionally, it may be possible to assign clear data to profiles, primarily when users are, for example, members of a social network whose online marketing procedure we employ and the network connects user profiles with the aforementioned information. Please note that users can enter into additional agreements with the providers, such as by giving consent during registration.

We generally only gain access to summarized information about the success of our advertisements. However, we can check, as part of so-called conversion measurements, which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used solely for the success analysis of our marketing measures.

Unless stated otherwise, please assume that cookies used are stored for a period of up to two years.

Notes on Legal Bases: If we ask users for their consent to use third-party providers (e.g., via a cookie banner), the legal basis for data processing is consent (Art. 6 (1) (a) GDPR, § 25 (1) TTDSG). Otherwise, user data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services as well as analyzing and optimizing our marketing measures) (Art. 6 (1) (f) GDPR, § 25 (2) TTDSG).

Notes on Withdrawal and Objection: We refer to the privacy notices of the respective providers and the objection possibilities provided for the providers (so-called “opt-out”). If no explicit opt-out possibility has been provided, one means is that you can disable cookies in your browser settings. However, this may limit the features of our online offering. We therefore also recommend the following opt-out options, which are summarized and offered for each area:
a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Across Territory: https://optout.aboutads.info.

Plug-ins and Embedded Features as well as Content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereafter referred to as “third-party providers”). This may include graphics, videos, or city maps (uniformly referred to as “content”).

The embedding always requires that the third-party providers of this content process the users’ IP address, since they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content or functions. We strive to use only such content whose respective providers apply the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information, such as visitor traffic on the pages of this website, can be evaluated. The pseudonymous information may also be stored in cookies on the users' device and contain technical details about the browser and operating system, referring websites, visiting time, and additional information about the use of our online offering, but may also be linked with information from other sources.

Notes on Legal Bases: If we ask users for their consent to use third-party providers (e.g., via a cookie banner), the legal basis for data processing is consent (Art. 6 (1) (a) GDPR, § 25 (1) TTDSG). Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services as well as an appealing representation of our offering) (Art. 6 (1) (f) GDPR, § 25 (2) TTDSG).

Engaged Services and Service Providers

Google Fonts (Locally)

This website uses so-called “Google Fonts” for the uniform representation of fonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have embedded the Google Fonts locally on our server. No connection to Google servers occurs when visiting our website. No data is transmitted to Google.

Use of the Meta Pixel (Facebook Pixel)

On our website, we utilize the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; “Meta”). This is an analytical tool that allows us to measure the effectiveness of our advertising measures on Facebook and Instagram platforms, target group-based advertising (Custom Audiences), and track user activity triggered by our advertisements (conversion measurement).

The Meta Pixel collects, among other things, information about the pages you visit, interactions (e.g., clicks), purchases made (if applicable), filled-out forms, as well as device-specific information (including IP address, browser information, and cookie data). This data is transmitted to Meta servers and stored there, possibly also in the USA.

The processing occurs solely on the basis of your consent according to Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, which you grant through our cookie banner and can withdraw at any time.

You can also object to the data collection by the Meta Pixel in your Facebook settings: https://www.facebook.com/settings?tab=ads. More information on data processing by Meta can be found in Meta's data policy at: https://www.facebook.com/policy.php.

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework, thereby ensuring an adequate level of data protection for data transfers to the USA (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active).

Posthog (Analysis Tool for Website & App)

If you have given your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (e.g., through cookie banners or app inquiries), we collect user data about your behavior on our website and within the app (click and display behavior) using our analysis tool Posthog, which we statistically evaluate for internal purposes (website/app optimization, improvement of user experience).

For this purpose, we use functions provided by Posthog Inc., 2261 Market Street #4063, San Francisco, CA 94114, USA. Posthog can record and playback your behavior on the website and within the app. Your personal data is stored and evaluated - in particular, the activity (which pages/functions were used, which elements were clicked). Each user is assigned a tracking code (pseudonymous user ID). The processed personal data is typically stored by PostHog on servers within the EU (Frankfurt, Germany). A transfer to the USA only occurs in exceptional cases.

The storage of this data will take place as long as necessary to fulfill the processing purposes or until you withdraw your consent.

Further information on the processing of data by PostHog can be found here: https://posthog.com/privacy.

PostHog Inc. is certified under the EU-US Data Privacy Framework, thereby ensuring an adequate level of data protection for potential data transfers to the USA (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000POO8AAO&status=Active).

Chatbot from Pickaxe Project

We use a chatbot from the provider Pickaxe Project Inc., based in the USA, on our website. This chatbot is solely used to answer general questions about our service. To ensure the protection of your privacy, the chatbot is configured in such a way that no personal data from you is collected or stored. This means that we do not store your IP address nor do we request you to provide personal information to use the chatbot. Communication takes place anonymously.

Since no personal data is processed, a data processing agreement with Pickaxe Project is not required. The use is based on our legitimate interest in efficiently answering general inquiries (Art. 6 (1) (f) GDPR).

For further information on data protection at Pickaxe Project, we refer to the provider's privacy policy: https://beta.pickaxeproject.com/privacy.

Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it meets current legal requirements or to implement changes in our services within the privacy policy, for example, with the introduction of new services. For your next visit, the new privacy policy will apply.