Privacy Policy

The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter AWS).

When you visit our website, your personal data is processed on AWS servers. Personal data may also be transferred to AWS's parent company in the USA. The data transfer to the USA is based on the EU standard contractual clauses. Further information can be found in the privacy policy of AWS.

AWS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards.

We use the content delivery network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").

Amazon CloudFront CDN is a globally distributed content delivery network. The information transfer between your browser and our website is technically routed via the content delivery network. This enables us to increase the worldwide accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our web offering in a manner that is as error-free and secure as possible (Art. 6(1)(f) GDPR).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Further information about Amazon CloudFront CDN can be found in the privacy policy of Amazon.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data by which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

The data controller responsible for data processing on this website is:

The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
• If we no longer need your personal data but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
• If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

If, after the conclusion of a paid contract, there is an obligation to transmit your payment data (e.g. account number for a direct debit authorization) to us, this data is required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Registration is required in order to use our services. It is open to all persons of legal age. We use the data entered for this purpose only for the purpose of using the respective service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. As part of the registration, we collect and process the following personal data:

• First and last name
• Email address

If you use paid offerings, we additionally collect your billing data.

For important changes, for example to the scope of the offering or in the case of technically necessary changes, we use the email address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, where applicable, for initiating further contracts (Art. 6(1)(b) GDPR).

The data collected during registration is stored by us as long as you are registered on this website and is subsequently deleted. Statutory retention periods remain unaffected.

Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function), or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Which cookies and services are used on this website can be found in this privacy policy.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and the optimization of its website – for this purpose, the server log files must be collected.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for the data storage no longer applies (e.g. after your inquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

If you contact us by email or phone, your inquiry, including all personal data resulting from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact inquiries will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for the data storage no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

If you link your account with external social media platforms (e.g. Facebook, Instagram, LinkedIn, TikTok), we access certain data from these networks with your consent in order to provide the offered functions (e.g. creating, scheduling, and publishing posts, analytics, interacting with comments and messages). Depending on the provider, this may include in particular the following data:

• Profile and account information (e.g. username, profile picture, follower counts)
• Content (e.g. posts, images, videos, messages, comments), including content uploaded by you or content you create or schedule via our services
• Metadata on posts or messages (e.g. date/time, location, likes, shares, comments)
• Statistics and analytics information provided by the respective social network

We collect, store, and process this data exclusively for the implementation and optimization of the respective service (Art. 6(1)(b) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR). Which specific data is transmitted in each individual case depends on the respective settings and permissions you have granted in the social media account.

You have the right to request the erasure of your personal data stored by us, provided that no statutory retention obligations or other legal reasons prevent the erasure. The following data can be deleted at your request:

• Personal profile data (name, email address)
• Linked social media accounts and associated data
• Content created or uploaded by you
• Payment and billing information (after expiry of statutory retention periods)
• Usage and interaction data
• Communication history with our customer service

To request the deletion of your data, you have the following options:

• By email: Send us an email to datenschutz@knowyourchat.de with the subject "Data Deletion" and your contact details. For unambiguous identification, please also include the email address registered with us.
• In writing: You can also send your request for data deletion by post to the following address:

  KNOWYOURCHAT GmbH

  Data Protection Officer

  Coburger Straße 7

  Geb. 2

  96472 Rödental

After receipt of your erasure request, we will:

• Verify your identity to ensure that only authorized persons have access to the data
• Send you a confirmation of receipt of your erasure request within 30 days
• Identify and mark your personal data in our systems
• Carry out the deletion of your data within a maximum of 90 days after confirmation of your erasure request
• Send you a final confirmation once the deletion has been completed

Please note that certain data must be retained for a period of up to 10 years due to legal requirements (in particular retention obligations under commercial and tax law). This data will be deleted automatically after expiry of the statutory retention periods.

You can also have your data deleted directly via your Facebook settings:

1. Go to your Facebook settings for apps and websites
2. Select KNOWYOURCHAT from the list
3. Click "Remove" and confirm the data deletion option

If you have connected our app with your Meta accounts (Facebook, Instagram) and wish to have your data deleted, we will carry out the following steps in accordance with Meta's requirements:

• We delete all data received directly from Meta from our active systems, including user IDs, access tokens, and profile data
• We disconnect the link between your KNOWYOURCHAT account and your Meta accounts
• We delete all data received via the Meta API, including analytics and usage data
• We ensure that all data processing partners acting on behalf of KNOWYOURCHAT also delete this data

Please note that the deletion of your data at KNOWYOURCHAT has no effect on your Meta accounts themselves. To completely delete your data at Meta, you must contact Meta directly or make the corresponding settings in your Meta accounts.

For questions on the subject of data deletion, or if you need support with your deletion request, you can contact our data protection officer at any time:

We strive to process all inquiries as quickly as possible and to support you as best as possible in exercising your rights.

We collect, process, and use personal customer and contract data for the establishment, structuring, and amendment of our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

The collected customer data is deleted upon completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with the payment processing.

No further transfer of data takes place, or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

We integrate payment services of third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6(1)(b) GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient, and secure as possible (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for the data processing; consent can be revoked at any time with effect for the future.

We use Stripe as a payment service provider on this website. The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe"). The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

On this website, we use the Webmetic service of Webmetic GmbH to identify anonymous company visits to our website and to tailor our offering more closely to demand. In doing so, the IP address of your device is transmitted to Webmetic and matched against a company database in order to identify – where possible – the company to which the visit can be attributed. Webmetic expressly does not identify individual natural persons.

The data processed includes in particular: IP address (only temporarily for company matching), pages visited, time spent on the site, referrer, browser and device information. According to its own statements, Webmetic operates without cookies; no cookies are set and no information on your device is accessed, so Section 25(1) TDDDG does not apply.

The legal basis for the processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in tailoring our web offering to demand and in identifying business customers who visit our website (B2B sales). Pursuant to Art. 21(1) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation. You can submit your objection informally by email to datenschutz@knowyourchat.de.

The transfer of data to Webmetic takes place within the scope of data processing on our behalf pursuant to Art. 28 GDPR. The server location is Germany. Further information can be found in the privacy policy of Webmetic.