Table of Contents

• Preamble

• Data Controller

• Overview of Processing Activities

• Relevant Legal Bases

• Security Measures

• Transfer of Personal Data

• International Data Transfers

• General Information on Data Storage and Deletion

• Rights of Data Subjects

• Provision of the Online Offering and Web Hosting

• Use of Cookies

• Acquisition of Applications via App Stores

• Registration, Login, and User Account

• Contact and Inquiry Management

• Artificial Intelligence (AI)

• Customer Reviews and Rating Procedures

• Presence on Social Networks (Social Media)

• Changes and Updates

• Definitions of Terms

​

Data Controller

​

Theresa Münker

The Move Studio

Worringerstraße 60

40211 Düsseldorf, Germany

Email: info@themove-dus.com

​

Overview of Processing Activities

​

The following overview summarizes the types of data processed, the purposes of

processing, and the affected individuals.

​

Types of Processed Data

• Inventory data

• Payment data

• Contact data

• Content data

• Contract data

• Usage data

• Meta, communication, and procedural data

• Log data

​

Categories of Affected Individuals

• Service recipients and clients

• Communication partners

• Users

• Third parties

​

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations

• Communication

• Security measures

• Organizational and administrative procedures

• Feedback

• Marketing

• Provision of our online oAering and user-friendliness

• IT infrastructure

• Public relations

• Artificial Intelligence (AI)

​

Relevant Legal Bases

​

Legal Bases under the GDPR

Below is an overview of the legal bases of the General Data Protection Regulation

(GDPR) on which we process personal data. Please note that, in addition to the

provisions of the GDPR, national data protection regulations in your or our country of

residence or business location may also apply. If more specific legal bases are

applicable in individual cases, we will inform you accordingly in this privacy policy.

• Consent (Art. 6(1) Sentence 1 lit. a GDPR) – The data subject has given their

consent to the processing of their personal data for one or more specific

purposes.

• Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit.

b GDPR) – Processing is necessary for the performance of a contract to which the

data subject is a party or to take steps at the request of the data subject prior to

entering into a contract.

• Legitimate interests (Art. 6(1) Sentence 1 lit. f GDPR) – Processing is necessary

for the purposes of the legitimate interests pursued by the controller or a third

party, provided that such interests are not overridden by the interests,

fundamental rights, and freedoms of the data subject requiring the protection of

personal data.

​

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection regulations apply in Germany,

including the Federal Data Protection Act (BDSG). The BDSG contains specific

regulations regarding the right of access, the right to erasure, the right to object, the

processing of special categories of personal data, processing for other purposes, data

transfers, and automated decision-making, including profiling. Furthermore, data

protection laws of individual German federal states may also be applicable.

Third Countries (Outside the EU and Switzerland)

In addition to or alongside the GDPR, data protection regulations in the country of the

controller’s business location may apply. These regulations may include provisions that

go beyond or deviate from the GDPR, such as protection against misuse of personal

data, rights of access and deletion, rights to object, processing of special categories of

personal data, processing for other purposes, data transfer regulations, and automated

decision-making, including profiling.

​

Security Measures

​

We implement appropriate technical and organizational measures in accordance with

legal requirements, taking into account the state of technology, implementation costs,

the nature, scope, circumstances, and purposes of processing, as well as the varying

likelihood and severity of risks to the rights and freedoms of natural persons. These

measures ensure a level of security appropriate to the risk.

Our security measures include, but are not limited to:

• Confidentiality, integrity, and availability of data through access control (both

physical and electronic), access rights management, input control, data transfer

security, and data segregation.

• Procedures to uphold data subject rights, ensure data deletion, and respond to

potential security incidents.

• Privacy by design and by default, meaning we integrate data protection

measures into our hardware, software, and procedural choices.

​

Securing Online Connections with TLS/SSL Encryption (HTTPS)

​

To protect user data transmitted via our online services from unauthorized access, we

use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer

Security (TLS) are fundamental to secure data transmission on the internet. These

technologies encrypt the information exchanged between a website or app and the

user’s browser (or between two servers), ensuring protection from unauthorized access.

TLS, as the advanced and more secure version of SSL, guarantees that all data

transmissions meet the highest security standards.

A website secured by an SSL/TLS certificate is indicated by HTTPS in the URL, signaling

to users that their data is transmitted securely and in encrypted form.

 

Transfer of Personal Data

​

As part of our processing of personal data, it may be necessary to transfer this data to

other entities, companies, legally independent organizational units, or individuals, or to

disclose it to them. Recipients of this data may include service providers responsible for

IT tasks or providers of services and content integrated into a website. In such cases, we

comply with legal requirements and enter into appropriate contracts or agreements with

recipients to ensure the protection of your data.

Data Transfers Within the Corporate Group

We may transfer personal data to other companies within our corporate group or grant

them access to such data. This data transfer is based on our legitimate business and

economic interests, including:

• Improving business processes

• Ensuring efficient and effective internal communication

• Optimizing the use of our human and technological resources

• Enabling informed business decisions

In certain cases, data transfer may also be required to fulfill contractual obligations or

may be based on the consent of the data subjects or a legal authorization.

Data Transfers Within the Organization

We may transfer personal data to other departments or units within our organization or

grant them access to such data. If data sharing is for administrative purposes, it is based

on our legitimate business and economic interests. However, if it is necessary to fulfill

contractual obligations or is based on consent or legal authorization, we ensure

compliance with relevant regulations.

​

International Data Transfers

​

Data Processing in Third Countries

​

If we transfer data to a third country (i.e., outside the European Union (EU) or

the European Economic Area (EEA)) or if data is disclosed or transmitted to third

parties (which can be recognized by the provider’s business address or when explicitly

mentioned in this privacy policy), such transfers are always conducted in accordance

with legal requirements.

For data transfers to the United States, we primarily rely on the Data Privacy

Framework (DPF), recognized as a secure legal framework through an EU Commission

adequacy decision dated July 10, 2023. Additionally, we have concluded Standard

Contractual Clauses (SCCs) with the respective providers, ensuring contractual

obligations to protect your data.

This dual-layer protection guarantees comprehensive data security:

• The DPF serves as the primary protection mechanism.

• The Standard Contractual Clauses (SCCs) provide an additional layer of

security.

• If the DPF framework changes, the SCCs act as a fallback to ensure continued

data protection despite any legal or political changes.

For each service provider, we inform you whether they are certified under the DPF and

whether Standard Contractual Clauses are in place.

You can find more details about the DPF and a list of certified companies on the U.S.

Department of Commerce website:

🔗 Data Privacy Framework (English)

For data transfers to other third countries, we apply appropriate security measures,

including:

• Standard Contractual Clauses (SCCs)

• Explicit consent from data subjects

• Legally required transfers

Further details on third-country transfers and applicable adequacy decisions can be

found on the EU Commission's website:

🔗 International Data Protection

 

General Information on Data Retention and Deletion

​

We delete personal data we process in accordance with legal requirements as soon as

the underlying consent is revoked or there are no further legal grounds for processing.

This applies when:

• The original purpose for processing no longer exists.

• The data is no longer needed.

 

Exceptions to Deletion

Data may be retained if legal obligations or specific interests require longer storage,

including:

• Compliance with commercial or tax laws (e.g., financial records).

• Legal enforcement or protection of rights of individuals or legal entities.

Our privacy notices provide additional details about retention and deletion practices for

specific processing activities.

Retention Periods

If multiple retention or deletion periods apply to a dataset, the longest period prevails.

If a retention period is at least one year and does not have a specific start date, it

begins at the end of the calendar year in which the retention-triggering event occurred.

For ongoing contractual relationships, the retention period starts upon termination or

end of the contract.

If data is no longer needed for its original purpose but is retained due to legal

requirements, it is processed only for the purpose that justifies its retention.

Standard Retention and Deletion Periods (Germany)

The following general retention periods apply under German law:

• 10 years – Accounting records, annual financial statements, inventories,

management reports, opening balance sheets, and related organizational

documents (§ 147 AO, § 14b UStG, § 257 HGB).

• 8 years – Accounting vouchers, including invoices and cost receipts (§ 147 AO, §

257 HGB).

• 6 years – Business correspondence, wage records, pricing documentation, and

other documents relevant for taxation (§ 147 AO, § 257 HGB).

• 3 years – Data needed for potential warranty, compensation claims, or other

contractual disputes, based on industry standards and statutory limitation

periods (§§ 195, 199 BGB).

​

Rights of Data Subjects

Under the GDPR, you have several rights, particularly those outlined in Articles 15 to 21

GDPR:

Right to Object

You may object at any time to the processing of your personal data based on Article

6(1)(e) or (f) GDPR (legitimate interests or public interest).

• This also applies to profiling based on these provisions.

• If your data is processed for direct marketing purposes, you can object at any time, including against profiling used for such advertising.

Right to Withdraw Consent

You can withdraw your consent for data processing at any time.

Right of Access

You have the right to:

• Request confirmation of whether your data is being processed.

• Receive a copy of your data and additional legal information.

Right to Rectification

You can request the completion or correction of inaccurate personal data.

Right to Erasure and Restriction of Processing

You may request:

• Immediate deletion of your personal data, or

• Restriction of processing, in accordance with legal provisions.

Right to Data Portability

You can request a structured, machine-readable format of your data or have it

transferred to another data controller.

Right to Lodge a Complaint

You have the right to file a complaint with a data protection authority if you believe

your data is being processed in violation of the GDPR.

• This can be done in your place of residence, workplace, or the location of the

alleged violation.

 

Provision of Online Services and Web Hosting

​

We process user data to provide them with our online services. To this end, we process

the user's IP address, which is necessary to transmit the content and functionalities of

our online services to the user's browser or device.

 

Types of Processed Data:

• Usage data (e.g., page views and duration of stay, click paths, usage intensity and

frequency, types of devices and operating systems used, interactions with

content and features).

• Meta, communication, and procedural data (e.g., IP addresses, timestamps,

identification numbers, involved persons).

• Log data (e.g., log files regarding logins or data retrieval times).

• Content data (e.g., textual or visual messages and contributions, as well as

related information such as authorship details and time of creation).

 

Affected Persons:

• Users (e.g., website visitors, users of online services).

 

Purposes of Processing:

• Provision of our online services and user-friendliness.

• IT infrastructure (operation and provision of information systems and technical

devices such as computers, servers, etc.).

• Security measures.

​

Retention and Deletion:

• Deletion as per the section "General Information on Data Storage and Deletion."

​

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

 

Additional Information on Processing Procedures, Methods, and Services:

Provision of Online Services on Rented Storage Space: To provide our online services,

we use storage space, computing capacity, and software rented from an appropriate

server provider (also called "web host");

• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

 

Collection of Access Data and Log Files:

Access to our online services is recorded in the form of "server log files." These log files

may include:

• Address and name of accessed web pages and files,

• Date and time of retrieval,

• Data volumes transferred,

• Notification of successful retrieval,

• Browser type and version,

• User's operating system,

• Referrer URL (previously visited page),

• IP addresses and requesting provider.

 

Server log files may be used for security purposes, such as preventing server overload

(particularly in cases of abusive attacks, such as DDoS attacks) and ensuring server

capacity and stability

• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

• Data Deletion: Log file information is stored for a maximum of 30 days before

being deleted or anonymized unless required for evidence purposes.

​

Hosting and Software Services:

​

• Wix: Hosting and software services for website creation, provision, and

operation; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel.

o Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

o Privacy Policy: https://www.wix.com/about/privacy

o Data Processing Agreement: https://www.wix.com/about/privacy-dpausers

o Third-Country Transfers Basis: Data Privacy Framework (DPF).

​

• Google Cloud CDN: Content Delivery Network (CDN) for faster and more secure

delivery of large media files such as graphics or scripts via regionally distributed

servers;

o Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s

Quay, Dublin 2, Ireland.

o Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

o Privacy Policy: https://policies.google.com/privacy

o Data Processing Agreement: https://cloud.google.com/terms/dataprocessing-

addendum

o Third-Country Transfers Basis: Data Privacy Framework (DPF), Standard

Contractual Clauses.

 

Use of Cookies: Cookies refer to functions that store and read information on users'

devices. They serve diAerent purposes, including functionality, security, user

convenience, and visitor flow analysis.

• We use cookies in compliance with legal regulations and obtain prior user

consent when necessary. If consent is not required, we rely on legitimate

interests, particularly when cookies are essential for explicitly requested content

and functionalities.

• Users may revoke their consent at any time.

 

Data Processed via Cookies:

• Meta, communication, and procedural data (e.g., IP addresses, timestamps,

identification numbers, involved persons). 

• Affected Persons: Users (e.g., website visitors, online service users).

• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR).

 

Cookie Storage Duration:

• Temporary Cookies: Deleted after leaving the online service and closing the

device.

• Persistent Cookies: Remain stored even after closing the device, used for login

status retention and preference recognition; storage duration can be up to two

years.

​

Revocation and Objection (Opt-out): Users can revoke their consent and object to

processing using their browser's privacy settings.

​

Processing of Cookie Data Based on Consent:

• We use a consent management solution to collect, log, manage, and revoke user

consent, particularly regarding cookies and similar technologies.

• Consent declarations are stored for legal compliance, either server-side or in an

"opt-in cookie."

• Storage duration: Up to two years.

​

Obtaining Applications via App Stores: Our applications are obtained from third-party

online platforms ("App Stores"), which apply their own privacy policies, particularly

concerning tracking and advertising.

 

Processed Data Types:

• Inventory data (e.g., full name, address, contact details, customer number).

• Payment data (e.g., bank details, invoices, payment history).

• Contact data (e.g., postal and email addresses, phone numbers).

• Contract data (e.g., contract terms, customer category).

• Usage data (e.g., page views, interactions, device types, operating systems).

• Meta, communication, and procedural data (e.g., IP addresses, timestamps,

identification numbers, involved persons).

Legal Basis:

• Legitimate interests (Art. 6(1)(f) GDPR).

App Stores:

• Apple App Store: Apple Inc., Cupertino, CA 95014, USA.

o Privacy Policy (https://www.apple.com/legal/privacy/)

• Google Play: Google Ireland Limited, Dublin 4, Ireland.

o Privacy Policy (https://policies.google.com/privacy)

User Registration and Accounts: Users can create accounts, providing necessary login

details (username, password, email address). We store IP addresses and activity

timestamps to prevent misuse. Data is generally not shared with third parties unless

legally required

• Processed Data:

o Inventory data, contact data, content data, usage data, log data.

• Purposes: Contract fulfillment, security measures, administration.

• Retention and Deletion: Data is deleted upon account termination unless legal

obligations require retention.

• Legal Basis: Contract performance (Art. 6(1)(b) GDPR), Legitimate interests (Art.

6(1)(f) GDPR).

Data Deletion After Account Termination: Users should back up their data before

terminating their accounts, as all stored data may be permanently deleted.

​

Contact and Inquiry Management

​

When contacting us (e.g., by post, contact form, email, telephone, or via social media)

and in the context of existing user or business relationships, we process the data of the

inquiring individuals to the extent necessary to respond to the inquiries and any

requested actions.

Types of data processed: Master data (e.g., full name, residential address, contact

details, customer number, etc.); Contact data (e.g., postal and email addresses or

phone numbers); Content data (e.g., textual or visual messages and contributions as

well as related information, such as authorship or creation time); Usage data (e.g., page

views and time spent, click paths, usage intensity and frequency, device types and

operating systems used, interactions with content and features); Meta, communication

and procedural data (e.g., IP addresses, timestamps, identification numbers, involved

persons).

Data subjects: Communication partners.

Purposes of processing: Communication; organizational and administrative

procedures; feedback (e.g., collecting feedback via online forms); provision of our online

services and user-friendliness.

Retention and deletion: Deletion in accordance with the information provided in the

section “General Information on Data Storage and Deletion.”

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Contract performance and precontractual

inquiries (Art. 6(1)(b) GDPR).

Additional notes on processing activities, procedures, and services:

Contact form: When contacting us via our contact form, email, or other communication

channels, we process the personal data provided to us to respond to and handle the

respective matter. This typically includes details such as name, contact information,

and any additional information shared with us that is necessary for proper processing.

We use this data exclusively for the stated purpose of communication and response.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR);

Legitimate interests (Art. 6(1)(f) GDPR).

 

Artificial Intelligence (AI)

​

We use Artificial Intelligence (AI), which involves the processing of personal data. The

specific purposes and our interest in using AI are described below. According to Article

3(1) of the AI Regulation, we understand AI as a “system” designed for varying degrees of

autonomous operation, capable of adapting after deployment and producing outputs

such as predictions, content, recommendations, or decisions that can influence

physical or virtual environments.

Our AI systems are used in strict compliance with legal requirements, including specific

regulations for AI and data protection rules. We especially adhere to the principles of

lawfulness, transparency, fairness, human oversight, purpose limitation, data

minimization, integrity, and confidentiality. We ensure that personal data is always

processed based on a legal foundation—either with the consent of the data subjects or

a legal provision permitting it.

When using external AI systems, we carefully select their providers (hereafter "AI

providers"). In accordance with our legal obligations, we ensure that the AI providers

comply with the applicable regulations. We also meet our responsibilities when using or

operating third-party AI services. The processing of personal data by us and the AI

providers occurs solely on the basis of consent or legal authorization. We place

particular emphasis on transparency, fairness, and maintaining human control over AIsupported

decision-making processes.

To protect the data being processed, we implement appropriate and robust technical

and organizational measures. These measures ensure the integrity and confidentiality of

the data and minimize potential risks. Through regular audits of AI providers and their

services, we ensure continuous compliance with current legal and ethical standards.

Types of data processed:

Content data (e.g., textual or visual messages and contributions as well as related

information, such as authorship or creation time); Usage data (e.g., page views and time

spent, click paths, usage intensity and frequency, device types and operating systems

used, interactions with content and features).

Data subjects: Users (e.g., website visitors, users of online services), third parties.

Purpose of processing: Artificial Intelligence (AI).

Retention and deletion: Deletion in accordance with the information provided in the

section “General Information on Data Storage and Deletion.”

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

ChatGPT: AI-based service designed to understand and generate natural language and

related inputs, analyze information, and make predictions ("AI" as defined by the

applicable legal definition of the term);

Service provider: OpenAI Ireland Ltd., 117-126 SheriA Street Upper, D01 YC43 Dublin 1,

Ireland;

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);

Website: https://openai.com/product;

Privacy policy: https://openai.com/de/policies/eu-privacy-policy;

Opt-out

option: https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZS

OcIWzcUYUXQ1xttjBgDpA/viewform

DeepL: Translation of texts into various languages and provision of synonyms and

context examples. Support with correction and improvement of texts in different

languages;

Service provider: DeepL SE, Maarweg 165, 50825 Cologne, Germany;

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);

Website: https://www.deepl.com;

Privacy policy: https://www.deepl.com/de/privacy;

Data Processing Agreement: Provided by the service provider.

​

Customer Reviews and Evaluation Procedures

​

We participate in review and evaluation procedures to assess, optimize, and promote

our services. When users rate us via the relevant review platforms or procedures, or

provide feedback by other means, the general terms and conditions and privacy policies

of the respective providers also apply. Usually, submitting a review requires registration

with the relevant provider.

To ensure that the individuals submitting reviews have actually used our services, and

with the consent of our customers, we transmit the necessary data regarding the

customer and the service used to the respective review platform (including name, email

address, and order or item number). This data is used solely to verify the authenticity of

the user.

Types of data processed: Contract data (e.g., subject matter of the contract, duration,

customer category); usage data (e.g., page views and duration, click paths, usage

intensity and frequency, device types and operating systems used, interactions with

content and features); meta, communication and procedural data (e.g., IP addresses,

timestamps, identification numbers, involved parties).

Data subjects: Service recipients and clients, users (e.g., website visitors, users of

online services).

Purposes of processing: Feedback (e.g., collecting feedback via online form);

marketing.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processes, procedures, and services:

Google Customer Reviews: Service for collecting and/or displaying customer

satisfaction and opinions.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Website: https://www.google.com

Privacy policy: https://policies.google.com/privacy

Data transfer basis: Data Privacy Framework (DPF)

Further info: During the collection of customer reviews, an identification number and

timestamp for the transaction, as well as the customer’s email address, country of

residence, and review content are processed (when review requests are sent directly to

customers). Further information: https://business.safety.google/adsservices/.

Data Processing Terms: https://business.safety.google/adscontrollerterms

​

Social Media Presence

​

We maintain online presences on social media platforms and, in this context, process

user data to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This may

pose risks for users, for example by making it more diAicult to enforce their rights.

User data is typically processed for market research and advertising purposes within

social networks. For instance, user behavior and resulting interests may be used to

create usage profiles. These profiles may be used to display ads both within and outside

the networks that appear to match the users’ interests. Cookies are typically stored on

users' devices to record their usage behavior and preferences. Additionally, data may be

stored in usage profiles across devices (especially if users are logged in to the respective

platforms).

For detailed information on the respective forms of processing and the opt-out options,

please refer to the privacy policies and notices of the respective platform providers.

In case of access requests or other data subject rights, we recommend contacting the

providers directly, as only they have access to user data and can take direct action. If

needed, you may contact us for assistance.

Types of data processed: Contact data (e.g., postal and email addresses or phone

numbers); content data (e.g., textual or visual messages and contributions, authorship

information, timestamps); usage data (e.g., page views and duration, click paths, usage

intensity and frequency, device types and OS, interactions with content and functions).

Data subjects: Users (e.g., website visitors, online service users).

Purposes of processing: Communication, feedback (e.g., collecting feedback via

online form), public relations.

Retention and deletion: In accordance with "General Information on Data Storage and

Deletion."

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

​

Further Notes on Specific Platforms

​

Instagram: Social network enabling photo and video sharing, commenting, messaging,

following profiles/pages.

Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Website: https://www.instagram.com

Privacy policy: https://privacycenter.instagram.com/policy/

Data transfer basis: Data Privacy Framework (DPF)

Facebook Pages: We are jointly responsible with Meta Platforms Ireland Limited for the

collection (but not the further processing) of data from visitors to our Facebook page

("Fanpage").

This includes information on user activity and content interactions, as well as device

information (IP addresses, OS, browser type, language, cookie data). Facebook also

provides “Page Insights” to give us analytical insights on user interactions.

Joint responsibility limited to: Data collection and transmission to Meta Platforms

Ireland Ltd. Further processing is solely the responsibility of Meta.

Provider: Meta Platforms Ireland Limited

Privacy policy: https://www.facebook.com/privacy/policy/

Page Insights

Agreement: https://www.facebook.com/legal/terms/page_controller_addendum

Data transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses

(SCCs): https://www.facebook.com/legal/EU_data_transfer_addendum

Facebook Groups: We use Facebook’s "Groups" feature to host interest-based

communities. We process personal data for group use and moderation (e.g., name,

group membership status, posted content, join/leave time). Facebook also processes

user data for analytics ("Group Insights").

Provider: Meta Platforms Ireland Limited

Privacy policy: https://www.facebook.com/privacy/policy/

Data transfer basis: Data Privacy Framework (DPF)

Facebook Events: We use Facebook’s "Events" feature to promote and manage events.

We process personal data such as name, participation status, and posted content for

event page moderation and communication. Facebook provides "Event Insights" for

analytics.

Provider: Meta Platforms Ireland Limited

Privacy policy: https://www.facebook.com/privacy/policy/

Data transfer basis: Data Privacy Framework (DPF)

​

Changes and Updates

​

We kindly ask you to regularly review the content of our Privacy Policy. We update the

Privacy Policy as soon as changes in the data processing activities we carry out make

this necessary. We will inform you if any changes require cooperation from your side

(e.g., renewed consent) or any other form of individual notification.

If we provide addresses and contact information of companies and organizations in this

Privacy Policy, please be aware that such details may change over time. We therefore

ask you to verify the information before reaching out.

 

Definitions of Terms

​

This section provides an overview of the terminology used in this Privacy Policy. Where

legal definitions exist, those are applicable. The following explanations are intended to

aid understanding.

• Master Data:

Master data includes essential information necessary for identifying and

managing contractual partners, user accounts, profiles, and similar

assignments. This data may include personal and demographic details such as

names, contact information (addresses, phone numbers, email addresses),

dates of birth, and specific identifiers (e.g., user IDs). Master data forms the basis

for any formal interaction between individuals and services, institutions, or

systems by enabling clear identification and communication.

• Content Data:

Content data includes information generated during the creation, editing, and

publication of various types of content. This may include text, images, videos,

audio files, and other multimedia content published on diAerent platforms and

media. Content data also encompasses metadata that provides additional

context, such as tags, descriptions, author information, and publication dates.

• Contact Data:

Contact data consists of essential information required to communicate with

individuals or organizations. This includes, among other things, phone numbers,

postal addresses, email addresses, and communication channels such as social

media handles and instant messaging identifiers.

• Artificial Intelligence (AI):

The purpose of processing data through Artificial Intelligence (AI) includes

automated analysis and processing of user data to detect patterns, make

predictions, and improve the eAiciency and quality of our services. This involves

collecting, cleaning, and structuring the data, training and applying AI models, as

well as continuously reviewing and optimizing results. Data is processed only

with the user's consent or based on legal authorization.

• Meta, Communication, and Procedural Data:

These categories include information about how data is processed, transmitted,

and managed.

o Metadata refers to data about data, describing the context, origin, and

structure of other data. Examples include file size, creation date,

document author, and change history.

o Communication data tracks exchanges between users over various

channels such as emails, call logs, social media messages, and chat

histories, including involved parties, timestamps, and transmission paths.

o Procedural data describes processes and workflows within systems or

organizations, including workflow documentation, transaction logs,

activity logs, and audit trails used for monitoring and verification.

• Usage Data:

Usage data refers to information about how users interact with digital products,

services, or platforms. This includes how users navigate applications, which

features they prefer, how long they spend on certain pages, and what paths they

follow. Usage data can also include frequency of use, activity timestamps, IP

addresses, device information, and location data. These insights are crucial for

analyzing user behavior, optimizing user experience, personalizing content,

improving services, and identifying trends, preferences, or issues within digital

offerings.

• Personal Data:

"Personal data" refers to any information relating to an identified or identifiable

natural person ("data subject"). A person is considered identifiable if they can be

identified, directly or indirectly, especially by reference to an identifier such as a

name, identification number, location data, online identifier (e.g., cookie), or one

or more specific factors related to their physical, physiological, genetic, mental,

economic, cultural, or social identity.

• Log Data:

Log data consists of information about events or activities recorded within a

system or network. This typically includes timestamps, IP addresses, user

actions, error messages, and other operational details. Log data is often used for

troubleshooting system issues, security monitoring, and compiling performance

reports.

• Controller:

A "controller" is a natural or legal person, public authority, agency, or other body

which alone or jointly with others determines the purposes and means of the

processing of personal data.

• Processing:

"Processing" refers to any operation or set of operations performed on personal

data, whether or not by automated means. This broad term includes virtually all

handling of data, such as collection, evaluation, storage, transmission, or

deletion.

• Contract Data:

Contract data includes specific information related to the formalization of an

agreement between two or more parties. It documents the terms under which

services or products are provided, exchanged, or sold. Contract data is essential

for managing and fulfilling contractual obligations and includes identification of

the parties involved, as well as terms such as start and end dates, service or

product types, pricing, payment terms, cancellation rights, renewal options, and

specific clauses. It serves as a legal foundation for the relationship and is critical

for resolving rights, obligations, and disputes.

• Payment Data:

Payment data includes all information necessary for executing financial

transactions between buyers and sellers. It is crucial for e-commerce, online

banking, and other financial operations. This may include credit card numbers,

bank details, transaction amounts, transaction data, verification numbers, and

billing information. Payment data may also include payment status,

chargebacks, authorizations, and fees.