Data Protection

Collection of general information When you access our website, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is only information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the content of websites you have requested and is mandatory when using the Internet. We statistically evaluate anonymous information of this type in order to optimize our website and the technology behind it. Contact form If you contact us by email or contact form, the information you provide will be stored for the purpose of processing the request and for possible follow-up questions. Duration of data storage To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years. We delete the images you provide after the AI model has been trained, usually after 4 hours. We delete avatar images after 7 days. If we need data to assert, exercise or defend legal claims against us, we will store this for the necessary period. Third parties engaged by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order. Transfer of data to third parties We do not transfer your personal data to third parties for purposes other than those listed below. The following categories of recipients, may receive access to your personal data: Service providers for training the AI model, generating the avatar images and sending them. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. b or lit. f DSGVO, insofar as it does not involve order processors; government agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c DSGVO; Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DSGVO. The service providers are usually order processors; in this regard, we would like to point out the following: As with any larger company, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT, telecommunications, sales and marketing). They only act on our instructions and have been contractually obligated to comply with the provisions of data protection law in accordance with Art. 28 DSGVO. With regard to the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, we would like to point out the following: In the course of our business relationships, your personal data may be passed on or disclosed to third parties. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations to us. We will inform you about the respective details of the transfer in the relevant places below. Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de). Some of the providers we use are located outside the EU, specifically in the USA. Currently, it is not possible to conclude data protection contracts with these providers that meet the requirements of the high European data protection standard. Nevertheless, we would like to make the functionalities available to you. However, we must point out that when using these services, your data will be processed in the USA, i.e. a third country that is insecure from a data protection perspective. In this case, you consent to these transfers in accordance with Art. 49 Para. 1 lit. a DSGVO. In this case, there is a risk that your data will be processed by authorities based there for purposes of which we are not aware. Normally, you will not be informed of these processing operations and you will not be able to make use of any active legal protection. We conclude standard contractual clauses with the providers (the 2021 standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), or other appropriate safeguards in accordance with Art. 46 GDPR. Changes to our privacy policy We reserve the right to occasionally adjust this data protection declaration so that it always complies with the current legal requirements or to implement changes to our services in the data protection declaration, e.g. B. when introducing new services. The new data protection declaration then applies to your next visit. Questions to the data protection officer If you have any questions about data protection, please use the help function to contact us directly.