Privacy policy

Information about the processing of your data

In accordance with Art. 12 of the General Data Protection Regulation (hereinafter: DSGVO), we are obliged to inform you aIn accordance with Art. 12 of the General Data Protection Regulation (hereinafter: GDPR), we are obliged to inform you about the processing of your data when you use our website. We take the protection of your personal data very seriously and this privacy policy informs you about the details of the processing of your data and your legal rights in this regard. We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.

Definitions

Scope of application

The privacy policy applies to http://www.timeless.investments. It does not extend to any linked websites or internet presences of other providers. 

Responsible provider

The following is responsible for the processing of personal data within the scope of this privacy policy:
New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin
contact@timeless.investments
Questions about data protection
If you have any questions about data protection with regard to our company or our app, you can contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnership of Lawyers
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin
Contact by e-mail:
datenschutzbeauftragter@timeless.investments

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art. 

Your rights

You have the following rights with regard to the personal data concerning you, which you can assert against us:
You can assert your rights by sending a message to the contact details specified in the “Responsible provider” section or to the data protection officer appointed by us. If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for us Berliner Beauftragte für Datenschutz und Informationssicherheit, Friedrichtstr. 219, 10969 Berlin. Further information on your rights in relation to your personal data can be found, for example, at the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

Legal bases for the processing

We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 para. 1 sentence 1 lit. b) GDPR. After the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or deleted unless we are entitled to further storage and processing required in the respective context on the basis of consent given by you (e.g. consent to the processing of the email address for sending electronic advertising mail), a contractual agreement, a legal authorisation (e.g. authorisation to send direct advertising) or on the basis of legitimate interests (e.g. storage for the enforcement of claims). Your personal data will be passed on if it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/shipping company to process a contract with you), (Art. 6 para. 1 sentence 1 lit. b) GDPR), or
Your personal data will not be passed on to other persons, companies or organisations unless you have effectively consented to such a transfer. The legal basis for processing is then Art. 6 para. 1 sentence 1 lit. a) GDPR.

Use of the website, access data

In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our hosting provider so that the website can be displayed to you. This is the following data:
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to recognise and prevent misuse. This includes, for example, defence against requests that overload the service or possible bot use. The access data is deleted as soon as it is no longer required to fulfil the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks. 
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Cookies and similar technologies
In addition to the aforementioned access data, so-called cookies, pixels or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Pixels are one-pixel images that are not transparent or are created in the background colour of the website and are therefore not visible to the user. The pixel also records information about your user behaviour on the website. Fingerprinting technologies generate a unique fingerprint based on the browser settings and thus identify an individual browser. Using a script that every Internet browser executes automatically, information such as the screen resolution, fonts used, operating system, hardware information and integrated browser plug-ins can be collected, which in their specific combination can ultimately be traced back to a specific user. Tracking technologies are used to make our website more user-friendly. The use of tracking technologies may be technically necessary or for other purposes (e.g. analysing/evaluating website usage).
Technically necessary website elements
Some elements of our website require that the accessing browser can be identified even after a page change. The following data is processed in the technically necessary elements, such as cookies or similar methods of terminal device access in particular, for the purpose of carrying out or facilitating electronic communication and providing an information society service requested by the user: 
The user data collected by technically necessary elements are not processed to create user profiles. We also use so-called “session cookies”, which store a session ID that can be used to assign various requests from your browser to the joint session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognise the device you are using when you return to the website. We use this cookie to recognise you on subsequent visits to the website if you have a customer account with us; otherwise you will have to log in again each time you visit. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted as soon as you log out or, depending on which browser you are using and which browser settings you have made, when you close the browser.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Technically unnecessary website elements
Insofar as we integrate third-party cookies or pixels and similar tracking technologies into our website that are not technically necessary, we will inform you of this separately below.
Contact our company
When contacting our company, e.g. by email, the personal data you provide will be processed by us to respond to your enquiry. The legal basis for the processing is Article 6 para. 1 p. 1 lit. f) DSGVO. The data is processed exclusively for processing in the context of the conversation. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing to compliance with the existing legally mandatory retention obligations.
You can object to the processing. Your right to object exists on grounds arising from your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.

Create account

When registering on our website, you can log in with your Google, Apple or Facebook account or you must enter your email address and a password of your choice. If you wish to purchase a fraction in a digital asset, further personal data will be requested, e.g. your name and address. The following data is also processed at the time of registration: IP address, date/time of registration. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was processed.  After successful registration, you will be assigned an account ID to enable transactions to be allocated to you. 
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is contractually required and mandatory for registration on our website. If you do not register, it will not be possible to conclude/execute a corresponding contract for the use of the website. The data is stored until it is no longer required to fulfil the purpose of its processing or until the expiry of the statutory retention obligations (e.g. mandatory retention obligations under commercial and tax law in relation to invoice data). This is the case for the data collected during the registration process if the registration on the website is cancelled or completely changed. If you remove the website from your end device, we will delete your data collected for the use of the website.
Google Sign In
You have the option of registering on our website using the Google login function. You can use “Google Sign In” to log in to our website via your Google account. The purpose of this option is to save you from having to create another account and the time-consuming registration process. When you log in with your Google account, your relevant data is transmitted to us by Google, in particular your name, email address, profile picture and language settings. Google, on the other hand, is given the opportunity to collect and process information about your user behaviour on our website. If you are logged in via your Google account, it is possible that Google will receive data on your user activity, your website visits and other short-term data. Google may also process your data in the USA. We have agreed standard contractual clauses with Google in order to oblige Google to comply with an appropriate level of data protection. We will provide you with a copy on request. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. With the “Google Sign In” option, we pursue the legitimate interest of making it easier for you to use our website by not having to create another account and saving you time by using your Google account in the registration process. Google deletes all data at the latest at the time you delete your Google account (https://policies.google.com/privacy?hl=en). Further information on data protection at Google can be found at the following link: https://policies.google.com/privacy?hl=en.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.
Facebook Sign up
In order to enable you to register on our website via your Facebook account, we have implemented a Facebook login function using programming interfaces from Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter: “Facebook”). If you use the login function offered on our website, you have the option of logging in to our website via Facebook. The purpose of this integration is to make the registration process easier for you, to optimise our registrations and to improve the conversion of Facebook campaigns. When you use the Facebook login function, Facebook transmits your personal data to us, in particular your surname, first name, email address and Facebook user ID. In turn, Facebook processes information from you about website events, configuration data, error messages and other short-term data such as your user activity after you have logged in. Facebook may also process your data in the USA. We have agreed standard contractual clauses with Facebook in order to oblige Facebook to comply with an appropriate level of data protection. We will provide you with a copy on request. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. With the Facebook login function, we are pursuing the legitimate interest of saving you from having to register on our platform and optimising and customising our offering for you. According to Facebook, it ceases data processing as soon as the data is no longer required to provide services and Facebook products. Further information on the storage period and other information on data protection at Facebook can be found in the corresponding privacy policy at https://www.facebook.com/privacy/policy/. You can find more information about Facebook’s programming interfaces at: https://developers.facebook.com/docs/ios and https://developers.facebook.com/docs/android.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.
Apple Sign In
You also have the option of registering on our website using the Apple login function. You can use “Apple Sign In” to log in to our website with your Apple ID. This is to save you from having to create another account and the time-consuming registration process. When you log in with your Apple ID, depending on your selection, either your email address stored with Apple or a one-time email address generated by Apple will be sent to us. Only Apple can assign the email address once created to the user and their email address. However, Apple only receives the information that you are a user of our website. Apple does not process your usage data any further. Apple may also process your data in the USA. We have agreed standard contractual clauses with Apple in order to oblige Apple to comply with an appropriate level of data protection. We will provide you with a copy on request. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. With the login function, we are pursuing the legitimate interest of saving you from having to register on our platform and optimising and customising our offering for you. Further information on data protection, in particular on the storage period, can be found at https://www.apple.com/legal/privacy/en-ww/.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.

Data transmission to Switzerland / the EU  

If users from Switzerland use the app, data is transferred to EU member states and vice versa to Switzerland in order to provide the app. The data transfer to Switzerland takes place on the basis of the adequacy decision of the European Commission 2000/518/EC (available at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518&from=EN) in accordance with Art. 45 of the GDPR, according to which Switzerland offers an adequate level of protection for your data. The transfer of data to the European Union takes place on the basis of the list of states published by the Swiss Federal Data Protection and Information Commissioner (available at: https://www.edoeb.admin.ch/dam/edoeb/de/dokumente/2017/04/staatenliste.pdf.download.pdf/staatenliste.pdf) for countries in the European Union that offer an adequate level of protection under Swiss data protection law.  

Reservation, purchase and sale of fractions

In our app, different functions relating to digital assets are available to you in accordance with the applicable terms of use. In the case of reserving a share of a digital asset, your expression of interest will be assigned to your user account. If you decide to purchase a share, further personal data such as your full name and address will be requested and stored in your user account and wallet together with an overview of your transactions. Only your wallet ID is then stored with the digital asset on the blockchain. Only a randomly assigned identification number is assigned and processed on the blockchain. Your digital assets are assigned to this ID on the blockchain. The provider is EOS Blockchain (Block.one, George Town, Cayman Islands). There is no adequacy decision for the transfer of your data. We have concluded standard data protection clauses with Block.one to commit Block.one to an adequate level of data protection. We will provide you with a copy upon request. We process your data exclusively for the purpose of processing the contract and, depending on the payment method you have selected, will in particular forward your payment data to the respective payment service provider for the purpose of processing the payment. You can find more information in the section “Payment service providers”.
If you decide to sell your share or buy new fractions after the lookup period, the information will be added to your wallet in your user account. Only your wallet ID with the digital asset is then stored on the blockchain. In the event of the sale of fractions, the data processing will be carried out according to the payment method applicable to the redemption. The processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. b) DSGVO. The provision of your data is necessary and obligatory for the conclusion or execution of the contract. If the data is not provided, the acquisition of fractions in digital assets is not possible.

Payment service provider

Stripe
The payment options credit card, KLARNA SOFORTÜBERWEISUNG and GiroPay are integrated via “Stripe” (provider is Stripe Inc., Townsend Street, San Francisco, CA 94103, USA, hereinafter: “Stripe”). If you select one of the aforementioned payment options, the payment data you provide during the booking process, together with information about your booking, will be forwarded to “Stripe” for the purpose of payment processing. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract using the aforementioned payment methods. As part of data processing, your data will also be transferred to the USA. There is no adequacy decision by the EU Commission for data transfer to the USA. We have concluded so-called standard contractual clauses with “Stripe” in order to commit “Stripe” to an appropriate level of data protection. We will be happy to provide you with a copy on request. Further information on data protection and the storage period at Stripe can be found at: https://stripe.com/en-gb-de/privacy.
Credit card payment 
If you select the payment method “credit card”, we will pass on the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and invoice service provider commissioned by us, if applicable, for the purpose of processing the payment. The processing is based on Art. 6 para. 1 p. 1 lit. b) DSGVO. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude a contract and/or execute a credit card payment. The data required for payment processing are transmitted securely via the “SSL” procedure and processed exclusively for payment processing. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations. 
KLARNA SOFORTÜBERWEISUNG
If you select the “SOFORT” payment method as part of your payment, we will forward the data you provide to Sofort GmbH (Theresienhöhe 12, 80339 Munich, Germany; hereinafter referred to as “SOFORT”) for the purpose of payment processing. “SOFORT” is a direct transfer procedure in which a transfer can be completed during the payment process and executed in real time. For this purpose, you will be redirected to the website of the payment service provider “SOFORT”. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract using the “SOFORT” payment method. The data required for payment processing is transmitted securely via the “SSL” procedure and processed exclusively for payment processing. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations. Further information on the processing of your data by “SOFORT” can be found at https://www.sofort.com/datenschutz.html.
Giropay 
You have the option of paying using “Giropay” (Giropay GmbH, An der Welle 3, 60322 Frankfurt am Main, Germany, hereinafter: “Giropay”). “Giropay” is a direct transfer procedure that allows you to make a transfer during the order process. For this purpose, you will be redirected to the website of the payment service provider “Giropay”. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract using the “Giropay” payment method. We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations. Further information on the processing of your data by “Giropay” can be found at https://www.giropay.de/rechtliches/datenschutzerklaerung.

Paying taxes, enquiry at the Federal Central Tax Office (Bundeszentralamt für Steuern)

Within the scope of our offer of financial products, we are obliged to remit capital gains tax, church tax and, if applicable, the solidarity surcharge. For the purpose of fulfilling our obligation to pay the capital gains tax as well as the church tax and, if applicable, the solidarity surcharge, we process your data, such as your tax identification number and your investment income, and transmit them to the tax office, if applicable. In this context, we can enquire from the Federal Central Tax Office whether you are liable to church tax by providing your tax identification number and your date of birth. If we do not know your tax identification number, we can also request this from the Federal Central Tax Office. The legal basis for the processing of your data in connection with the withholding of capital gains tax is Art. 6 Para. 1 Sentence 1 lit. c) DSGVO in conjunction with § 44 Para. 1 Sentence 3 Income Tax Act (EStG). The legal basis for the query at the Federal Central Tax Office is Art. 6 para. 1 p. 1 lit. c) DSGVO in conjunction with § 51a para. 1, para. 2c no. 3 EStG. The legal basis for the query of your tax identification number is Art. 6 para. 1 p. 1 lit. c) DSGVO in conjunction with § 51a para. 1, para. 2c no. 3 and no. 2 EStG. The storage period of the data is six years in accordance with the statutory retention obligation, unless other statutory provisions on recording and retention obligations provide for a longer period.

Joint responsibility within the framework of contract implementation

For the execution of the contract, we process together with Timeless Investments GmbH & Co. KG (Neue Schönhauser Str. 2, 10178 Berlin) your data required for the purchase and sale of fractions (such as title, academic degree, first and last name, address, e-mail address, date of birth, place of birth, information on tax liability, knowledge and experience with financial products, capacity as a politically exposed person as well as data on the transacted assets offered by Timeless Investments GmbH & Co. KG). We are joint controllers with Timeless Investments GmbH & Co. KG with regards to the collection and processing of personal data required to perform the contract with Timeless Investments GmbH & Co. KG, the invoicing on behalf of the fractional owners, the verification of the disbursement requirements as well as the coordination of the distribution of the payment receipt among the fractional owners who meet the disbursement requirements, and the ongoing reminder of the fractional owners at the disbursement date, if the disbursement requirements are not met. For the purpose of executing the contract, Timeless Investments GmbH & Co KG will have access to the data collected via our platform and will process your data for the purpose of managing and executing the contract concluded with Timeless Investments GmbH & Co KG.
In principle, you can assert your data protection rights within the scope of joint responsibility both against us and against Timeless Investments GmbH & Co KG. Timeless Investments GmbH & Co. KG and we will inform each other without delay about the assertion of data subject rights and provide each other with all information necessary to respond to requests for information. Within the scope of the data subject rights, we act as a central point of contact. You can find our contact details in the section “Responsible provider”. For further information on processing by Timeless Investments GmbH & Co. KG, please refer to the data protection information [link] of Timeless Investments GmbH & Co. KG.

Direct Marketing

Existing customer acquisition by email
We reserve the right to use the email address provided by you during registration in accordance with the statutory provisions to send you the following content by email during or after registration, unless you have already objected to this use of your email address or push notifications:
If the sending of electronic information is not necessary for the fulfilment of a contract (e.g. email in an informative form) and the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR is relevant, the processing is based on the legal basis pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in improving and optimising our services, sending direct advertising and ensuring customer satisfaction. We delete your data when you terminate your user contract, but no later than three years after termination of the contract. Further information on the email marketing service used to send email advertising can be found in the “Brevo” section.
We would like to point out that you can object to the receipt of direct advertising and data processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic tariffs. To do so, click on the unsubscribe link in the respective email for the receipt of emails or deactivate the push notification function in the app menu item “Messages” or send us your objection to the contact details specified in the section “Responsible provider”. In the event of an objection, we will continue to process your data, in particular your email address, to ensure that you do not receive any further direct advertising from us.
Newsletter via WhatsApp
You have the option of subscribing to our newsletter via WhatsApp (WhatsApp LLC., 1601 Willow Road Menlo Park, California 94025, USA and WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; hereinafter: “WhatsApp”) on our website, which we use to inform you regularly about the following content: 
To receive the newsletter, you must provide your name or pseudonym and a valid mobile phone number. We process the mobile phone number for the purpose of sending you our WhatsApp newsletter and for as long as you have subscribed to the newsletter. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. We process your data for the purpose of sending you our newsletter via WhatsApp until you withdraw your consent.
You can withdraw your consent to the processing of your telephone number for the purpose of receiving the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message using the contact details provided under “Controller”. This will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of your cancellation. When using WhatsApp, certain data is automatically processed that is required for the use of the app, in particular to ensure access to the Internet. This includes: IP address, date and time of the server request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific app function), access status, amount of data transferred in each case, app from which the request comes, device type, operating system used and its interface (Android or IOS), language and version of the operating system, device identifiers. We do not process any user data in this context. WhatsApp (WhatsApp LLC., 1601 Willow Road Menlo Park, California 94025, USA and WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is solely responsible for this processing. You can find more information on data protection at WhatsApp at: https://www.whatsapp.com/privacy.

Blocking list

In the event that you unsubscribe from our newsletter, we process your data, in particular your email address or mobile phone number, to ensure that you do not receive any further newsletters from us. For this purpose, we add your email address or mobile phone number to a so-called “block list“, which makes it possible that you do not receive any newsletter from us. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c) DSGVO in order to comply with our verification obligations, otherwise Art. 6 para. 1 sentence 1 lit. f) DSGVO. Our legitimate interests in this case are to comply with our legal obligations to reliably no longer send you newsletters. 
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”. 

Legal defence

In addition, we process the aforementioned data for the establishment, exercise or defence of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. c) DSGVO and Art. 6 para. 1 lit. f) DSGVO. In these cases, we have a legitimate interest in asserting or defending claims. 
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.  

Email marketing service

Brevo
We use the email marketing service Brevo (Sendinblue SAS, 106 boulevard Haussmann,  75008 Paris, France) to send you emails to the email address you have provided or messages within our app for various administrative and functional purposes, such as resetting your password. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the fulfilment of the contract in the context of sending messages. If you do not provide the data, it will not be possible to send you messages. If you have subscribed to our newsletter, consented to the notifications for our app or have not objected to the processing of your personal data by way of existing customer advertising, we will send you emails and messages with advertising content (further information can be found under “Existing customer advertising”). In this case, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in improving and optimising our services, providing information about technical changes to our app, sending direct advertising and ensuring customer satisfaction. We delete your data when you terminate your user contract, but no later than three years after termination of the contract. Further information on data protection at Brevo can be found at: https://www.brevo.com/legal/privacypolicy/
If the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR, we would like to point out that you can object to receiving direct advertising at any time without incurring any costs other than the transmission costs according to the basic tariffs. To do so, click on the unsubscribe link in the respective email for the receipt of emails or deactivate the push notification function in the app menu item “Messages” or send us your objection to the contact details given in the section “Responsible provider”.

Hosting

We use external hosting services from Amazon Web Services (Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States) to provide you with the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. All data required for the operation and use of our app is processed. We use external hosting services for the operation of this app offering. Amazon also processes your data in the USA. We have agreed standard contractual clauses with Amazon in order to oblige Amazon to maintain an appropriate level of data protection. We will provide you with a copy on request. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the use of external hosting services are the efficient and secure provision of our app offering.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.

Cloudfront

We also use Cloudfront as a content delivery network (CDN). The provider of this is Amazon Web Services Inc, 440 Terry Ave N, Seattle, WA 98109, USA. When you use our app, requests are forwarded to servers of the CDN. In the process, your IP address is transmitted and processed. Amazon also processes your data in the USA. We have agreed standard contractual clauses with Amazon to oblige Amazon to maintain an appropriate level of data protection. We will provide you with a copy upon request. A permanent storage of your data does not take place in this case. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DSGVO. We use Cloudfront to make our app offer more attractive and to optimise the loading times of the app. 
You may object to the processing. Your right to object is on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.

INTERCOM

We use Intercom, a service of Intercom, Inc. a Delaware corporation (55 2nd Street, 4th Fl., San Francisco, CA 94105, USA, hereinafter: Intercom), in order to be able to process enquiries from our users by e-mail more quickly and in a more structured manner. The use of Intercom is for the purpose of improving our customer service and simplifying email communication. The legal basis for the processing by Intercom is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interests are to optimise and improve our customer service and to ensure customer satisfaction. Intercom may also process the data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. We have entered into an agreement with Intercom with the standard contractual clauses, in order for Intercom to comply with an adequate level of data protection. We will provide you with a copy of this upon request. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing to compliance with existing legally mandatory retention obligations. Further information on data protection at Intercom can be found here: https://www.intercom.com/legal/privacy. 
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.

Website analysis with Matomo

We use the web analytics service Matomo. “Matomo” is an open source software that allows statistical analysis of our website, in particular visitor access, page views, downloads, previously visited websites and to measure the success of entries in search engines. The analysed information and statistics are processed exclusively on our own web servers and databases. The “Matomo” tool uses technologies such as “tracking pixels” and “fingerprinting” to collect, analyse and categorise incoming information generated by the user’s end device about the use of and interaction with our website, as well as access data, in particular IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of statistical analysis and to measure the reach of advertisements in search engines. We use “Matomo” with the extension “AnonymizeIP”, whereby the IP addresses are further processed in a shortened form in order to make it more difficult to link them directly to individuals. The legal basis for the use of “Matomo” is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests are the statistical analysis of website usage and the optimisation and improvement of our website. Your data will be stored for thirteen months. You can find more information about Matomo’s privacy policy and practices at https://matomo.org/privacy/ and https://matomo.org/faq/new-to-piwik/#faq_14.

Google Analytics 4

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter referred to as “Google” and “Google Analytics 4″). Google Analytics 4 uses so-called “cookies” that are stored on your end device for recognition, as well as similar tracking methods for device recognition such as pixel tags, device fingerprinting, and programming interfaces (e.g., APIs and SDKs) to process information from your end device. For this purpose, a randomly generated identification number (cookie ID/device ID) is assigned to your end device.
Using these technologies, Google processes the generated information about the use of our website by your end device, as well as access data, for the purpose of statistical analysis. This includes, for example, the access to specific web pages, the number of unique visitors, entry and exit pages, duration of visit, click, swipe, and scroll behavior, button clicks, newsletter sign-ups, bounce rate, and similar user interactions. For this purpose, it may also be determined whether different end devices belong to you or your household. Access data includes, in particular, the IP address, browser and device information, cookie ID/device ID, the previously visited website, and the date and time of the server request.
In the systems of Google Analytics 4, individual IP addresses are not logged or stored. At the moment of capturing the IP address by Google in specific local data centers in the EU, your IP address is used to determine location information. Subsequently, the IP address is deleted before the access data is stored in a data center or on a server for Google Analytics. Google Analytics 4 does not provide precise data on the geographic location; rather, it only offers general location information such as the region and city of the device’s location derived from the IP address. Google will process this information to evaluate your use of the website, compile reports on website activities, and – if specifically indicated – provide us with additional services related to website usage. If you are registered with a Google service, Google may associate the website visit with your user account and create and analyze user profiles across applications.
In addition, there is a cross-platform analysis of user behavior on websites and apps utilizing Google Analytics 4 technologies. This allows the user behavior to be captured, measured, and compared across different environments equally. For instance, automated scroll events of the user are recorded to provide a better understanding of the use of websites and apps. Various cookie IDs/device IDs for different end devices are used for this purpose. Subsequently, anonymized statistics, created based on selected criteria, are provided to us regarding the usage of different platforms.
Using Google Analytics 4, automatically, target audiences are created for specific cookie IDs/device IDs or mobile advertising IDs, which are later used for personalized advertising. Target audience criteria may include, for example: users who viewed products but did not add them to a shopping cart, or added items to a cart but did not complete the purchase, OR users who have purchased specific items. A target audience comprises at least 100 users. With the Google Ads tool, interest-based ads can then be displayed in search results. Similarly, users of websites on other sites within the Google advertising network (in Google Search, on YouTube, so-called “Google Ads” or on other websites) can be recognized, and tailored ads can be presented based on the defined target audience criteria.
With regard to the storage of and access to information on your end device, your consent is the legal basis according to Article 6(1) sentence 1 (a) of the General Data Protection Regulation (GDPR). Google also processes the data in part in the US. The EU Commission has issued an adequacy decision for the USA. Google, LLC is certified within this framework. In addition, we have concluded so-called standard contractual clauses with Google, LLC in order to oblige Google, LLC to an appropriate level of data protection. A copy is of course available at https://cloud.google.com/terms/sccs. Your data processed in connection with Google Analytics 4 will be erased after 26 months at the latest. For further information about privacy at Google, please refer to: http://www.google.de/intl/de/policies/privacy.
You can withdraw your consent to the processing and transfers to third countries at any time by moving
You have the right to object to the processing. You can exercise your objection by clicking on the opt-out link at: https://matomo.org/faq/general/faq_20000/. In the event of an objection, an opt-out cookie will be stored in your browser, which means that Matomo will not collect any session data. Please note that if you delete your cookies completely, the opt-out cookie will also be deleted and you may need to re-enable it.