top of page

Privacy policy

(Last updated: 5 December 2025) 

This Privacy Notice explains how personal data is processed by SmartAIs GmbH when you visit our website www.smartais.de (“Website”) or use our app (hereinafter “App”). 

“Personal data” means any information relating to an identified or identifiable natural person (data subject), such as name, address, telephone number, date of birth, email address or IP address. Information that cannot be associated with a specific person, for example due to anonymisation, does not qualify as personal data. 

1. Controller 

The controller responsible for the processing of personal data on the Website and in the App within the meaning of the General Data Protection Regulation (GDPR) is: 

SmartAIs GmbH 

 Munich Urban Colab 

 Freddie-Mercury-Straße 5 

 80797 Munich 

 Germany 

For data protection enquiries or to exercise your data subject rights, please contact: privacy@smartais.de

2. Data Protection Officer 

Our Data Protection Officer is: 

Kertos GmbH 

 Brienner Straße 41 

 80333 Munich 

 Germany 

Email: dsb@kertos.io 

 

3. Data Processing on Our Website 

3.1 Provision and Use of the Website 

Purpose of processing: We collect and use personal data of our users only to the extent necessary for technical reasons in order to provide a functional Website and our content and services or information. When you access and use our Website, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. 

The following information is collected without your intervention and stored until it is automatically deleted: 

  • IP address of the requesting computer 

  • Date and time of access 

  • Name and URL of the retrieved file 

  • Website from which the access is made (referrer URL) 

  • Browser used, and where applicable the operating system of your computer as well as the name of your access provider 
     

We process the above-mentioned data for the following purposes: 

  • Ensuring a smooth connection to the Website 

  • Ensuring a comfortable use of our Website 

  • For IT security purposes 
     

Legal basis: Article 6 (1) (f) GDPR serves as the legal basis. The processing of the above-mentioned data is necessary to provide a Website and to enable secure and convenient use, and thus serves the legitimate interests of our company. 
 

Storage period: The collected data will be deleted as soon as it is no longer required for the operation of the Website, at the latest after 30 days, unless a statutory retention obligation applies. 

 

Third Parties 

Google Cloud 

To display the Website, we use cloud servers provided by Google Cloud, offered by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). By using Google Cloud, the following personal data are processed: 

  • Your IP address 

  • Date and time of the request 

  • Domain of the Website 

  • Browser type used 

The data processing is required to provide you with the requested Website. The legal basis is Article 6 (1) (f) GDPR, whereby our legitimate interest lies in providing the technical infrastructure, as it would otherwise not be possible to operate the Website. 

The service provider is based in the EU. A server location in Germany has also been selected. Nevertheless, it cannot be ruled out that data may also be transferred to the USA. For data transfers to the USA, there is an adequacy decision by the European Commission, the EU-U.S. Data Privacy Framework. Google is certified under this framework, so such transfers are based on Article 45 GDPR. Further information on data protection at Google Cloud can be found at: https://cloud.google.com/privacy?hl=de 

Sentry 

We use the Sentry service on our Website, which is provided by Functional Software, Inc. d/b/a Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA. When using this service, the following data are transmitted to Sentry: 

  • IP address 

  • Device and browser information 

  • Operating system 

  • Information about errors and crashes that occur 

  • Usage statistics 

The purpose of Sentry is to monitor and improve the stability and performance of our Website. The service helps us to detect and correct technical issues quickly. The information is generally transmitted to Sentry servers in the USA and stored there. 

For data transfers to the USA, there is an adequacy decision by the European Commission, the EU-U.S. Data Privacy Framework. Sentry is certified under this framework, so such transfers are based on Article 45 GDPR. The data are stored for a maximum of 90 days and then deleted or anonymised. 

Due to the necessity of ensuring the functionality and stability of our Website, we have a legitimate interest in the use of Sentry within the meaning of Article 6 (1) (f) GDPR. 

More information about data protection at Sentry can be found at: https://sentry.io/privacy/ 

3.2 Content Delivery Network 

To speed up the loading time of our Website and to protect against Distributed Denial of Service attacks (an attack on our system by a large number of requests), we use the content delivery network “Cloudflare”, provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107 (hereinafter: “Cloudflare”). 

By using Cloudflare, the following personal data are processed: 

  • Retrieved webpage 

  • Browser type used 

  • Operating system 

  • Referrer URL 

  • IP address 

  • Requesting provider 

Processing is carried out on the basis of Article 6 (1) (f) GDPR. The processing of the above-mentioned data is necessary for the security of our Website. 

The information is generally transmitted to a Cloudflare server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the European Commission, the EU-U.S. Data Privacy Framework. Cloudflare is certified under this framework, so such transfers are based on Article 45 GDPR. 

More information on data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/ 

 

3.3 Analytics and Tracking 

Cookies are small text files that are stored on your device by your browser. Cookies do not run programmes and do not install malware. Comparable technologies include Web Storage (Local/Session Storage), fingerprinting, tags and pixels. Most browsers accept these technologies by default; however, you can adjust your settings so that usage is blocked or consent is requested. If cookies or similar technologies are blocked, certain functions of the Website may not be fully available. 

Purpose: We use tracking and analytics tools in order to continuously optimise our Website and adapt it to your needs. For this purpose, information is collected using appropriate technologies or device information is combined (device fingerprinting). 

Legal basis: Technically necessary tools for operating the Website are used on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR or for the performance of a contract or pre-contractual measures pursuant to Article 6 (1) (b) GDPR. In these cases, storage of and access to information on your device are strictly necessary and governed by Section 25 (2) TDDDG. Optional tools are used exclusively with your consent pursuant to Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. The tracking and analytics tools used, their respective purposes and the processed data are described below. 

Wix 

We use the “Wix.com” service on our Website, which is provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. When using this service, the following data are transmitted to Wix.com: 

  • IP address 

  • Browser information 

  • Duration of visit 

  • Page views 

  • Click behaviour 

The purpose of “Wix.com” is to provide us with a comprehensive platform for creating, managing and analysing our Website. The service allows us to design and optimise our online presence. In addition, Wix.com provides integrated analytics tools that help us understand visitor behaviour and improve the performance of our Website. Wix Analytics is automatically available to all Wix users and provides measurable data on all aspects of our Website. 

The information is generally transmitted to a Wix.com server in Israel and stored there. The European Commission has issued an adequacy decision for Israel; such transfers are therefore based on Article 45 GDPR. 

Using Wix Analytics, we gain insights into the times of day and days of the week when our Website is most frequently visited, how visitors reach our Website, who they are and how they interact with our Website. 

The data are stored after transmission for as long as we use the Wix.com platform. 

The legal basis for this data processing is your consent pursuant to Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. 

Further information about data protection at Wix.com can be found at: https://www.wix.com/about/privacy 

 

4. Data Processing in Our App 

4.1 Provision of the App 

Purpose of processing: 

We process your data in order to 

  • ensure the reliable operation of the App 

  • enable user-friendly access to our App 

  • maintain IT security 
     

Recipient: Amazon Web Services, Inc. (AWS), One Burlington Plaza, Burlington Road, Dublin 4, D04 RH96, Ireland. 
 

Processed data: 

  • IP address of the requesting device 

  • Method (e.g. GET, POST), date and time of the request 

  • Information on the operating system used 

  • Request information such as language, content type, content encoding, character encodings 


Legal basis: Article 6 (1) (f) GDPR. The processing of the above-mentioned data is necessary to provide the App and to ensure secure and user-friendly operation. 

Storage period: The collected data will be deleted as soon as they are no longer required for the operation of the App, at the latest after 30 days, unless a statutory retention obligation applies. 

 

Further information: https://aws.amazon.com/de/privacy/ 

 

4.2 Image Processing 

Purpose: Carrying out AI-based analysis, description and responses to user requests, in particular for scene description based on transmitted RGB images and depth data; enabling and optimising automated image and object recognition, including processing and returning of evaluations. 

 

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

 

Processed data: 

  • RGB images (e.g. user photos, screenshots) 

  • Depth data (e.g. depth maps from camera systems, LiDAR data) 

  • Odometry (3D positions) 

  • Metadata (e.g. timestamps, device used) 

  • User requests (e.g. free-text questions for scene description) 

  • Technical log data (e.g. IP address [shortened], error logs) 

 

Legal basis: Article 6 (1) (b) GDPR (performance of pre-contractual measures). 

 

Storage period: Image data used for processing purposes are stored for one month and then anonymised or deleted. 

 

Third-country transfer: Transfers to Google LLC in the USA are based on the EU-U.S. Data Privacy Framework (DPF) pursuant to Article 45 GDPR and additionally on Standard Contractual Clauses (Article 46 (2) (c) GDPR). Google is certified under the DPF; additional technical and organisational safeguards are in place. In individual cases, data may be transferred solely on the basis of your explicit consent pursuant to Article 49 (1) (a) GDPR. 

 

Further information: https://policies.google.com/privacy 

 

4.3 Information on Visual Impairment 

Purpose: In the App, you have the option to voluntarily indicate the extent to which you are able to orient yourself visually (e.g. legally blind, severely visually impaired, moderate visual impairment, no or only minor visual impairment, no information). Optionally, you can also describe the nature of your visual impairment (e.g. medical condition) in a free-text field. 

We process this information in order to 

  • better understand for which user groups our App offers the greatest added value and align our product strategy accordingly 

  • adapt the design and functions of the App (e.g. contrast, font sizes, user guidance) to different visual impairments 

  • create anonymised statistics on our user groups, which we may use, for example, when communicating with investors 

 

Processed data: 

  • Category selected by you regarding the severity of your visual impairment (e.g. legally blind, severely visually impaired, moderate visual impairment, no or only minor visual impairment, no information) 

  • Optional free-text information about the type of your visual impairment (e.g. description of the medical condition) 

This constitutes health data within the meaning of Article 9 (1) GDPR. 

Legal basis: Processing is carried out exclusively on the basis of your explicit consent pursuant to Article 6 (1) (a) in conjunction with Article 9 (2) (a) GDPR. Both the selection of a severity category and the free-text information are voluntary. You may skip the question or select “I do not wish to provide this information”; use of the App is not dependent on this. However, this information greatly helps us to further improve the product for you. 

 

Recipient: Within our company, only those departments that require this data for the purposes mentioned above (e.g. product development, data/analytics) have access. In addition, processors (e.g. hosting providers) may process the data exclusively in accordance with our instructions where necessary for the specified purposes. 

Storage period: We store your information on visual impairment as long as your user account is active or until you withdraw your consent or delete the information in the App. Optional free-text information about the type of impairment is – where possible – first converted into categories (e.g. groups of medical conditions) and then deleted in its original free-text form. Beyond this, the information is deleted or used only in anonymised form for statistical purposes. 

 

Withdrawal of consent: You may withdraw your consent at any time with effect for the future by contacting us using the contact details provided above. The lawfulness of processing up to the time of withdrawal remains unaffected. 

 

4.4 Analytics and Tracking 

Purpose: Provision of push notifications and in-app messaging. 

Recipient: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

Processed data: 

  • Contact details (e.g. email address, username) 

  • Log data (e.g. IP address, time of access) 

  • Usage and interaction data (e.g. click behaviour, app usage) 

  • Device information (e.g. operating system) 

  • Content data (e.g. form entries, messages) 
     

Legal basis: Consent pursuant to Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. 

Storage period: Processed data are stored according to the processing purpose and configuration options for between a few days and up to 14 months; instance IDs until uninstallation; crash reports for up to 180 days. 
 

Third-country transfer: Transfers to Google LLC in the USA are based on the EU-U.S. Data Privacy Framework (DPF) pursuant to Article 45 GDPR and additionally on Standard Contractual Clauses (Article 46 (2) (c) GDPR). Google is certified under the DPF; additional technical and organisational safeguards are in place. In individual cases, data may be transferred solely on the basis of your explicit consent pursuant to Article 49 (1) (a) GDPR. 

Further information: https://policies.google.com/privacy 

 

5. Contact by Email 
 

Purpose: Handling and responding to your enquiry. 
 

Processed data: 

  • Name 

  • Email address 

  • Content of your message 
     

Legal basis: Article 6 (1) (f) GDPR (legitimate interest in communicating with you). If your enquiry is aimed at the conclusion or performance of a contract, processing is based on Article 6 (1) (b) GDPR. 

Storage period: Your data are stored only for as long as necessary to fully process your enquiry. 

 

6. Social Media Online Presences 

Purpose: Communication with interested parties, providing information about products and services, and analysing the use of our online presences. 

Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 

Processed data: 

  • Demographic information (e.g. age, gender) 

  • Professional information (e.g. industry, work experience) 

  • Interaction data (e.g. likes, shares) 

  • Usage statistics (e.g. page views, video views) 

  • Content preferences (e.g. popular topics, interests) 
     

Legal basis: 

  • Article 6 (1) (b) GDPR (performance of contract and pre-contractual measures) 

  • Article 6 (1) (f) GDPR (legitimate interest in effective information and communication) 
     

Storage period: According to the data protection policies of the respective platforms. 
 

Third-country transfer: Possible transfer to the USA and other third countries, depending on the platform. 
 

Further information: 

 https://legal.linkedin.com/pages-joint-controller-addendum 

 https://www.linkedin.com/legal/privacy-policy 

Note: We have no influence over the independent data processing carried out by the platform providers. When you visit our online presences, usage data may be transmitted to the providers, who may use this data for their own purposes. Data subject rights can be exercised directly with the platform providers. 

 

7. International Data Transfers 

Personal data are primarily processed within the EU/EEA. Transfers to so-called “third countries” are carried out strictly in compliance with the provisions of the GDPR and only where appropriate safeguards are in place. Before transferring data to a service provider in a third country, the level of data protection is assessed. A transfer takes place only where sufficient protection mechanisms exist. All service providers must enter into a data processing agreement. Additional measures are required for providers outside the EEA. Pursuant to Articles 44 et seq. GDPR, a transfer is permissible if at least one of the following conditions is met: 

  • The European Commission has determined that there is an adequate level of data protection. 

  • Standard Contractual Clauses have been agreed with the recipient. 

  • Other appropriate safeguards pursuant to Article 46 GDPR are in place. 

  • One of the exceptional cases under Article 49 GDPR applies. 

 

8. Recipients 

We only disclose the personal data we collect to third parties if: 

  • you have given us your explicit consent pursuant to Article 6 (1) (a) GDPR, 

  • the disclosure is necessary for the protection of our legitimate interests or for the establishment, exercise or defence of legal claims and there is no reason to assume that your overriding legitimate interests or fundamental rights and freedoms that require the protection of personal data are outweighed (Article 6 (1) (f) GDPR), 

  • we are legally obliged to disclose the data (Article 6 (1) (c) GDPR), or 

  • this is legally permissible and necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request (Article 6 (1) (b) GDPR). 

Possible recipients are: 

  • Processors: Group companies or external service providers (e.g. in the area of technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may only process the data in accordance with our instructions. 

  • Public authorities: Government agencies and public bodies (e.g. tax authorities, public prosecutors, courts) to which we must transmit personal data, for example in order to comply with legal obligations or to protect legitimate interests. 

 

9. Data Security and Security Measures 

We are committed to treating your personal data confidentially. To prevent manipulation, loss or misuse of the data stored with us, we employ extensive technical and organisational security measures, which are regularly reviewed and adapted to technological progress. 

However, we point out that due to the structure of the internet it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – for example when transmitted by email – can be viewed by third parties. We have no technical control over this. It is your responsibility as a user to protect the data you provide against misuse, for example through encryption or other means. 

 

10. Storage Period and Deletion/Blocking of Data 

Personal data are deleted or blocked as soon as the purpose of storage ceases to apply. Storage beyond this takes place only where necessary under Union or national provisions to which the controller is subject. The data are also deleted or blocked as soon as a statutory retention period expires, unless further storage is required for the performance of a contractual relationship. 

 

11. Your Rights as a Data Subject 

With regard to your personal data, you have the following rights: 

a. Right of access (Article 15 GDPR, Section 34 BDSG): You can request information as to whether and which personal data we process, for what purpose, to which recipients or categories of recipients the data are disclosed, and how long the data are stored. 

b. Right to rectification (Article 16 GDPR): You can request the immediate rectification of inaccurate personal data or completion of incomplete personal data. 

c. Right to erasure (Article 17 GDPR): You can request the deletion of your personal data, in particular if they are no longer necessary, you have withdrawn your consent or the data have been processed unlawfully. 

d. Right to restriction of processing (Article 18 GDPR): You can request restriction of the processing of your data, for example where the accuracy of the data is contested. 

e. Right to data portability (Article 20 GDPR): You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format or – where technically feasible – to request transmission to another controller. 

f. Right to withdraw consent (Article 7 (3) GDPR): You may withdraw consent given at any time with effect for the future. The lawfulness of processing up to the time of withdrawal remains unaffected. 

 

Right to object (Article 21 GDPR): You may object at any time, on grounds relating to your particular situation, to the processing of your personal data, in particular in connection with direct marketing or any associated profiling. 

Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations. 

Change history  

NAME
Provider
Purpose
Duration
visa_1_[ID]
smartais.de
The purpose is to store an ID for temporary identification during the user session.
Session
server-session-bind
smartais.de
The purpose is to store an ID to bind the server session within the user session.
Session
mpaSessionId
smartais.de
The purpose is to store an ID for temporary management of the application session.
Session
client-session-bind
smartais.de
The purpose is to store an ID for temporary binding of the client session.
Session
svSession
smartais.de
The purpose is to store an ID for long-term user recognition and session management.
1 year 1 month
ssr-caching
smartais.de
The purpose is to store an ID to optimize the website loading speed during the session.
Session
hs
smartais.de
The purpose is to store an ID for temporary management of session data by the hosting service.
Session
bSession
smartais.de
The purpose is to store an ID to ensure continuity with the host of services.
30 Min.
fedops.logger.sessionId
smartais.de
The purpose is to store an ID for ongoing analysis and improvement of website performance.
unlimited
XSRF-TOKEN
smartais.de
The purpose is to store an ID to ensure security during the user session.
Session

Wix 

We use the “Wix.com” service on our Website, which is provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel. When using this service, the following data are transmitted to Wix.com: 

  • IP address 

  • Browser information 

  • Duration of visit 

  • Page views 

  • Click behaviour 

The purpose of “Wix.com” is to provide us with a comprehensive platform for creating, managing and analysing our Website. The service allows us to design and optimise our online presence. In addition, Wix.com provides integrated analytics tools that help us understand visitor behaviour and improve the performance of our Website. Wix Analytics is automatically available to all Wix users and provides measurable data on all aspects of our Website. 

The information is generally transmitted to a Wix.com server in Israel and stored there. The European Commission has issued an adequacy decision for Israel; such transfers are therefore based on Article 45 GDPR. 

Using Wix Analytics, we gain insights into the times of day and days of the week when our Website is most frequently visited, how visitors reach our Website, who they are and how they interact with our Website. 

The data are stored after transmission for as long as we use the Wix.com platform. 

The legal basis for this data processing is your consent pursuant to Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. 

Further information about data protection at Wix.com can be found at: https://www.wix.com/about/privacy 

 

4. Data Processing in Our App 

4. 1 Provision of the App 

Purpose of processing: 

We process your data in order to 

  • ensure the reliable operation of the App 

  • enable user-friendly access to our App 

  • maintain IT security 
     

Recipient: Amazon Web Services, Inc. (AWS), One Burlington Plaza, Burlington Road, Dublin 4, D04 RH96, Ireland. 
 

Processed data: 

  • IP address of the requesting device 

  • Method (e.g. GET, POST), date and time of the request 

  • Information on the operating system used 

  • Request information such as language, content type, content encoding, character encodings 
     

Legal basis: Article 6 (1) (f) GDPR. The processing of the above-mentioned data is necessary to provide the App and to ensure secure and user-friendly operation. 
 

Storage period: The collected data will be deleted as soon as they are no longer required for the operation of the App, at the latest after 30 days, unless a statutory retention obligation applies. 

 

Further information: https://aws.amazon.com/de/privacy/ 

 

4.2 Image Processing 

Purpose: Carrying out AI-based analysis, description and responses to user requests, in particular for scene description based on transmitted RGB images and depth data; enabling and optimising automated image and object recognition, including processing and returning of evaluations. 

 

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 


Processed data: 

  • RGB images (e.g. user photos, screenshots) 

  • Depth data (e.g. depth maps from camera systems, LiDAR data) 

  • Odometry (3D positions) 

  • Metadata (e.g. timestamps, device used) 

  • User requests (e.g. free-text questions for scene description) 

  • Technical log data (e.g. IP address [shortened], error logs) 


Legal basis: Article 6 (1) (b) GDPR (performance of pre-contractual measures). 


Storage period: Image data used for processing purposes are stored for one month and then anonymised or deleted. 


Third-country transfer: Transfers to Google LLC in the USA are based on the EU-U.S. Data Privacy Framework (DPF) pursuant to Article 45 GDPR and additionally on Standard Contractual Clauses (Article 46 (2) (c) GDPR). Google is certified under the DPF; additional technical and organisational safeguards are in place. In individual cases, data may be transferred solely on the basis of your explicit consent pursuant to Article 49 (1) (a) GDPR. 


Further information: https://policies.google.com/privacy 

 

4.3 Information on Visual Impairment 

Purpose: In the App, you have the option to voluntarily indicate the extent to which you are able to orient yourself visually (e.g. legally blind, severely visually impaired, moderate visual impairment, no or only minor visual impairment, no information). Optionally, you can also describe the nature of your visual impairment (e.g. medical condition) in a free-text field. 

We process this information in order to 

  • better understand for which user groups our App offers the greatest added value and align our product strategy accordingly 

  • adapt the design and functions of the App (e.g. contrast, font sizes, user guidance) to different visual impairments 

  • create anonymised statistics on our user groups, which we may use, for example, when communicating with investors 

 

Processed data: 

  • Category selected by you regarding the severity of your visual impairment (e.g. legally blind, severely visually impaired, moderate visual impairment, no or only minor visual impairment, no information) 

  • Optional free-text information about the type of your visual impairment (e.g. description of the medical condition) 

 

This constitutes health data within the meaning of Article 9 (1) GDPR. 

Legal basis: Processing is carried out exclusively on the basis of your explicit consent pursuant to Article 6 (1) (a) in conjunction with Article 9 (2) (a) GDPR. Both the selection of a severity category and the free-text information are voluntary. You may skip the question or select “I do not wish to provide this information”; use of the App is not dependent on this. However, this information greatly helps us to further improve the product for you. 

 

Recipient: Within our company, only those departments that require this data for the purposes mentioned above (e.g. product development, data/analytics) have access. In addition, processors (e.g. hosting providers) may process the data exclusively in accordance with our instructions where necessary for the specified purposes. 

 

Storage period: We store your information on visual impairment as long as your user account is active or until you withdraw your consent or delete the information in the App. Optional free-text information about the type of impairment is – where possible – first converted into categories (e.g. groups of medical conditions) and then deleted in its original free-text form. Beyond this, the information is deleted or used only in anonymised form for statistical purposes. 

 

Withdrawal of consent: You may withdraw your consent at any time with effect for the future by contacting us using the contact details provided above. The lawfulness of processing up to the time of withdrawal remains unaffected. 

 

4.4 Analytics and Tracking 

Purpose: Provision of push notifications and in-app messaging. 

Recipient: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

 

Processed data: 

  • Contact details (e.g. email address, username) 

  • Log data (e.g. IP address, time of access) 

  • Usage and interaction data (e.g. click behaviour, app usage) 

  • Device information (e.g. operating system) 

  • Content data (e.g. form entries, messages) 

 

Legal basis: Consent pursuant to Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. 

Storage period: Processed data are stored according to the processing purpose and configuration options for between a few days and up to 14 months; instance IDs until uninstallation; crash reports for up to 180 days. 

 

Third-country transfer: Transfers to Google LLC in the USA are based on the EU-U.S. Data Privacy Framework (DPF) pursuant to Article 45 GDPR and additionally on Standard Contractual Clauses (Article 46 (2) (c) GDPR). Google is certified under the DPF; additional technical and organisational safeguards are in place. In individual cases, data may be transferred solely on the basis of your explicit consent pursuant to Article 49 (1) (a) GDPR. 

 

Further information: https://policies.google.com/privacy 

 

5. Contact by Email 

Purpose: Handling and responding to your enquiry. 

Processed data: 

  • Name 

  • Email address 

  • Content of your message 

Legal basis: Article 6 (1) (f) GDPR (legitimate interest in communicating with you). If your enquiry is aimed at the conclusion or performance of a contract, processing is based on Article 6 (1) (b) GDPR. 

Storage period: Your data are stored only for as long as necessary to fully process your enquiry. 

 

6. Social Media Online Presences 

Purpose: Communication with interested parties, providing information about products and services, and analysing the use of our online presences. 

 

Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 

 

Processed data: 

  • Demographic information (e.g. age, gender) 

  • Professional information (e.g. industry, work experience) 

  • Interaction data (e.g. likes, shares) 

  • Usage statistics (e.g. page views, video views) 

  • Content preferences (e.g. popular topics, interests) 

 

Legal basis: 

  • Article 6 (1) (b) GDPR (performance of contract and pre-contractual measures) 

  • Article 6 (1) (f) GDPR (legitimate interest in effective information and communication) 

 

Storage period: According to the data protection policies of the respective platforms. 

Third-country transfer: Possible transfer to the USA and other third countries, depending on the platform. 

 

Further information: 

 https://legal.linkedin.com/pages-joint-controller-addendum 

 https://www.linkedin.com/legal/privacy-policy 

Note: We have no influence over the independent data processing carried out by the platform providers. When you visit our online presences, usage data may be transmitted to the providers, who may use this data for their own purposes. Data subject rights can be exercised directly with the platform providers. 

 

7. International Data Transfers 

Personal data are primarily processed within the EU/EEA. Transfers to so-called “third countries” are carried out strictly in compliance with the provisions of the GDPR and only where appropriate safeguards are in place. Before transferring data to a service provider in a third country, the level of data protection is assessed. A transfer takes place only where sufficient protection mechanisms exist. All service providers must enter into a data processing agreement. Additional measures are required for providers outside the EEA. Pursuant to Articles 44 et seq. GDPR, a transfer is permissible if at least one of the following conditions is met: 

  • The European Commission has determined that there is an adequate level of data protection. 

  • Standard Contractual Clauses have been agreed with the recipient. 

  • Other appropriate safeguards pursuant to Article 46 GDPR are in place. 

  • One of the exceptional cases under Article 49 GDPR applies. 

 

8. Recipients 

We only disclose the personal data we collect to third parties if: 

  • you have given us your explicit consent pursuant to Article 6 (1) (a) GDPR, 

  • the disclosure is necessary for the protection of our legitimate interests or for the establishment, exercise or defence of legal claims and there is no reason to assume that your overriding legitimate interests or fundamental rights and freedoms that require the protection of personal data are outweighed (Article 6 (1) (f) GDPR), 

  • we are legally obliged to disclose the data (Article 6 (1) (c) GDPR), or 

  • this is legally permissible and necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request (Article 6 (1) (b) GDPR). 

Possible recipients are: 

  • Processors: Group companies or external service providers (e.g. in the area of technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may only process the data in accordance with our instructions. 

  • Public authorities: Government agencies and public bodies (e.g. tax authorities, public prosecutors, courts) to which we must transmit personal data, for example in order to comply with legal obligations or to protect legitimate interests. 

 

9. Data Security and Security Measures 

We are committed to treating your personal data confidentially. To prevent manipulation, loss or misuse of the data stored with us, we employ extensive technical and organisational security measures, which are regularly reviewed and adapted to technological progress. 

However, we point out that due to the structure of the internet it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – for example when transmitted by email – can be viewed by third parties. We have no technical control over this. It is your responsibility as a user to protect the data you provide against misuse, for example through encryption or other means. 

 

10. Storage Period and Deletion/Blocking of Data 

Personal data are deleted or blocked as soon as the purpose of storage ceases to apply. Storage beyond this takes place only where necessary under Union or national provisions to which the controller is subject. The data are also deleted or blocked as soon as a statutory retention period expires, unless further storage is required for the performance of a contractual relationship. 

 

11. Your Rights as a Data Subject 

With regard to your personal data, you have the following rights: 

a. Right of access (Article 15 GDPR, Section 34 BDSG): You can request information as to whether and which personal data we process, for what purpose, to which recipients or categories of recipients the data are disclosed, and how long the data are stored. 

b. Right to rectification (Article 16 GDPR): You can request the immediate rectification of inaccurate personal data or completion of incomplete personal data. 

c. Right to erasure (Article 17 GDPR): You can request the deletion of your personal data, in particular if they are no longer necessary, you have withdrawn your consent or the data have been processed unlawfully. 

d. Right to restriction of processing (Article 18 GDPR): You can request restriction of the processing of your data, for example where the accuracy of the data is contested. 

e. Right to data portability (Article 20 GDPR): You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format or – where technically feasible – to request transmission to another controller. 

f. Right to withdraw consent (Article 7 (3) GDPR): You may withdraw consent given at any time with effect for the future. The lawfulness of processing up to the time of withdrawal remains unaffected. 

 

Right to object (Article 21 GDPR): You may object at any time, on grounds relating to your particular situation, to the processing of your personal data, in particular in connection with direct marketing or any associated profiling. 

 

Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations. 

Change history

Datum
Version
Grund der Änderung
05.12.2025
2.1
Addition of new processing activities
18.11.2025
2.0
Addition of Privacy Notice for the App
30.04.2025
1.0
First version of the revised Privacy Notice in the new format
bottom of page