Privacy Policy

The protection of your data is our highest priority. In the following, we inform you about the most important aspects of how we process your data.

Our online services can generally be used without disclosing your identity. However, we would like to point out that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Who is responsible?

The entity responsible for data processing on this website is:

The responsible entity is the natural (or legal) person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

What data do we process?

We distinguish between contact data, information provided during the ordering process / in forms, and usage and behavioral data.

• Contact data and logins - Email address and/or phone number as well as your name, which you provide voluntarily. By providing this information, you agree to personal contact from us that is not for marketing purposes (e.g., newsletter).

• Information in the ordering process / in forms - Information you provide for an inquiry or order, such as (company) names, address, email address, and phone number, as well as additional information required by tax/legal regulations.

• Usage and behavioral data - Data that is automatically generated when using our online service (such as your IP address), as well as additional behavioral data that we store in anonymized form. We use first-party cookies after login with bound consent, which do not enable tracking beyond our site. When not logged in, only technically necessary cookies are set and website users are treated anonymously. Cookies are stored based on our legitimate interests to improve our services.

We process your data exclusively on the basis of legal regulations (GDPR, TKG 2003). We have implemented technical and organizational measures to comply with data protection regulations.

We protect your identity by not linking your information to our statistical analyses and only passing on your information in anonymized form.

Here are some additional explanations.

Server Log Files and Collection of General Information

The provider of our website automatically collects and stores information in server log files, which your browser automatically transmits to us.

This includes the time of the request, the shortened and thus anonymized IP address of the requester, the HTTP method and version used, the URL accessed, the HTTP response status, the number of bytes delivered, the referrer (the URL of the page that linked to the accessed page), and the user agent (information about the browser and operating system version used).

This data cannot be attributed to specific persons. This data is not merged with other data sources.

We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

Behavioral Data

For the continuous improvement of our online service, we use PostHog Cloud (EU) from PostHog, Inc. (with data storage in Europe) for statistical purposes. Furthermore, PostHog enables tracking of user behavior in the form of a timeline and conducting surveys using embedded forms.

PostHog anonymizes data that could allow conclusions about your identity (such as email address or order number) directly in the browser. This ensures that no sensitive data reaches us or third-party providers.

Beyond non-invasive tracking, we record "conversions," i.e., successful purchases, and reserve the right to send these events to our advertising partners.

Use of Cookies and Opt-Out Options

Cookies are small text files stored on your device. They cause no harm and contain no viruses. Cookies help make our offering more user-friendly, effective, and secure.

You can adjust your browser settings so that you:

• Are informed about the setting of cookies
• Allow cookies only in individual cases
• Exclude the acceptance of cookies for certain cases or generally
• Activate the automatic deletion of cookies when closing the browser

You can find more information about cookie settings at Verbraucherzentrale.de with detailed explanations and instructions for deactivation. Also at youronlinechoices.eu for preference management options.

Note: Deactivating cookies may limit the functionality of this website.

We use cookies that are necessary for the operation of the website. They enable basic functions such as:

• Session management
• Login status
• Improving user experience (e.g., storing language settings)
• Security-relevant functions

These cookies cannot be deactivated in your system settings.

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) GDPR.

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the change in the browser's address line from "http://" to "https://" and the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Security and Encryption

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

All data is stored and processed exclusively in encrypted form, particularly with our hosting partners Amazon Web Services (data processing in the EU) and Hetzner (data processing in Germany).

How is data used?

In the following paragraphs, we describe in which cases and why we process your personal data.

Login and User Account

When you log in to our website, your email address is managed by our servers, and a technically necessary cookie is stored on your device. This cookie serves to identify your account and improve the user experience.

Additionally, you can voluntarily provide your name in your user account. This name is used in anonymized form in our statistics.

When using Social Login (e.g., Google or Apple), authentication and data management are handled by the respective service provider. You will be redirected to the third-party provider, and your data will be transferred to our servers after authentication and stored there as part of user management. Please note the privacy policies of the third-party providers used. More on this in the following paragraph.

Social Login and Authentication

We offer you the option to log in to our service using your existing Google account ("Social Login"). This function serves to simplify the login process and avoids the need to create a separate user account.

Data processing for Social Login:

• When using Social Login, basic data from your Google account is transmitted:
  • Email address
  • Name
  • Google profile ID (for unique identification)
• Authentication occurs directly through Google
• We have no access to your Google password
• No additional profile information or contacts from your Google account are read

Legal basis:

• Data processing occurs based on Art. 6(1)(b) GDPR (contract fulfillment)
• The use of Social Login is voluntary; alternatively, you can register directly with us

Privacy notices:

• Google is a US company and is subject to the above-mentioned restrictions on data transfer to the USA
• Google's Privacy Policy additionally applies
• Google may receive information about your use of our service
• You can remove the connection at any time in your account settings

When you use Social Login, you will be asked for your consent to transmit the mentioned data before your first login. You can revoke this consent at any time with future effect by removing the connection in your account settings.

Contact with Us

When you contact us via form on the website or by email, your provided data will be stored for at least six months for the purpose of processing the request and in case of follow-up questions. If our correspondence leads to a business transaction, we are obligated to retain it beyond this period in accordance with our retention obligations.

This data is not shared without your consent.

When accessing our servers, data is stored for security purposes that may allow identification (such as IP address, date, time, and pages viewed). No personal evaluation takes place. These anonymous datasets may be evaluated for statistical purposes. We use your personal information exclusively for orders and inquiries and only within our company. We do not share this data with third parties without your explicit consent.

Data processing occurs on the basis of Art. 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for implementing pre-contractual measures. In all other cases, processing is based on Art. 6(1)(f) GDPR (our legitimate interest in effectively processing requests directed to us).

Orders & Offer Forms

We will primarily use the information you have provided in the ordering process or in offer forms for the actual ordering process. This means we store the data for the duration of the order to provide services and issue invoices.

If necessary, we forward your data to our service providers to be able to provide the services or to issue you an invoice.

Furthermore, we create internal statistical evaluations to maintain our quality promises. We handle your data carefully and will never share it with third parties.

Advertising & Advertising Partners

We reserve the right to share individual events, such as the first website visit and purchase completions, with our advertising partners without personal data. Our advertising partners are listed further below.

We only do this with your explicit consent during your first website visit. Our goal is to better tailor advertising to our target group and measure the success of our advertising campaigns.

Protection of Minors

Our services are not intended for persons under 16 years of age. We do not knowingly process personal data of minors under 16 years without verifiable consent from their legal guardians.

Consent

The use of some of our services requires your explicit consent. You can revoke this consent at any time:

• Remove Social Login connection in your account settings
• Deactivate tracking consent for your account by withdrawing your consent
• Deactivate advertising tracking for your account by withdrawing your consent

An email to hi[ät]mapstudio.ai is sufficient for any revocation.

Legal Basis for Data Processing

We process your data based on the following legal grounds of the GDPR:

• Art. 6(1)(a): Your consent
• Art. 6(1)(b): Fulfillment of a contract
• Art. 6(1)(c): Legal obligation
• Art. 6(1)(f): Legitimate interests The specific legal basis is documented for each processing operation.

Which Third Parties Receive Data?

Third-Party Content

We integrate third-party content to offer you additional services and features in connection with your order. When you use these offers, the contract is usually made directly with the service provider. Therefore, you either enter your data directly on the respective third-party sites, or we transfer the data when you activate corresponding services through selection. The following offers are integrated into the website and have been (partially) adapted to appear visually uniform:

• Stripe Elements & Checkout for processing credit card payments and other payment options, as well as collecting address data for invoicing.

Our online offering contains links to other websites. We have no influence over whether their operators comply with data protection regulations.

Information to Third Parties

We generally do not provide information to third parties, including lawyers. Instead, we refer them to the relevant investigative authorities.

International Data Transfer

We only transfer your data to countries outside the EU/EEA (third countries) if:

• this is necessary for contract fulfillment
• you have explicitly consented
• appropriate guarantees exist (EU Standard Contractual Clauses)

All data transfers occur under strict security precautions and encryption.

Data Transfer to the USA

Certain third parties we work with process data in the USA, among other places. We point out that according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the lawfulness and security of data processing.

For example, US companies are obligated to release personal data to security authorities without you as the data subject being able to take legal action against this. It therefore cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no influence over these processing activities.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway) or for data transfer there, the third parties use so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA).

Through these clauses, the third parties commit to maintaining European data protection standards when processing your relevant data, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The use of third parties outside the EU occurs on the basis of Art. 6(1) GDPR, and the legitimate interest is specified for the processors and third parties.

Cooperation with Processors and Third Parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit it to them, or otherwise grant them access to the data, this only occurs on the basis of legal permission (e.g., if transmission of data to third parties, such as payment service providers, is required for contract fulfillment pursuant to Art. 6(1)(b) GDPR), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "data processing agreement," this occurs on the basis of Art. 28 GDPR.

The following third-party services, which could have access to personal data, are used to provide our services:

All third-party providers are subject to our instructions and are contractually prohibited from sharing or reselling data.

Social Media Presence on LinkedIn

We maintain a company page on the social media platform LinkedIn. When you visit our LinkedIn page or interact with our content, data is processed by LinkedIn. The data processing by LinkedIn occurs outside our sphere of influence.

Data processing by LinkedIn:

• Usage data and interactions with our content
• Device information and browser details
• IP address and location data
• Profile data for interactions (likes, comments, shares)

Purpose of LinkedIn presence:

• Corporate communication and marketing
• Information about our products and services
• Interaction with users and interested parties
• Industry news and professional exchange

Legal notices:

• Data processing occurs on the basis of Art. 6(1)(f) GDPR (legitimate interest)
• LinkedIn is a US company and is subject to the above-mentioned restrictions on data transfer to the USA
• LinkedIn's Privacy Policy applies
• LinkedIn may use your data for its own purposes, such as advertising and market research

You can adjust or restrict the processing of your data by LinkedIn in your LinkedIn account settings.

What Rights Do I Have?

You generally have the rights to information, correction, deletion, restriction, data portability, revocation, and objection. Use the contact details provided on this page for this purpose.

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any way, you can complain to the supervisory authority. In Germany, this is the Federal Data Protection Commissioner (federal level) or the data protection authority in the respective federal state.

Your Data Protection Rights in Detail

You have the following rights regarding your personal data:

1. Right to information (Art. 15 GDPR)

   • Processing purposes
   • Data categories
   • Recipients or categories of recipients
   • Planned storage duration

2. Right to rectification (Art. 16 GDPR)

   • Correction of incorrect data
   • Completion of incomplete data

3. Right to erasure (Art. 17 GDPR)

   • When processing purpose ceases
   • When consent is withdrawn
   • In case of unlawful processing

4. Right to restriction (Art. 18 GDPR)

   • When accuracy is contested
   • In case of unlawful processing

5. Right to data portability (Art. 20 GDPR)

   • Export of your data in machine-readable format
   • Transfer to other controllers

To exercise your rights, contact us at hi[ät]mapstudio.ai. We will process your request within three months.

Data Deletion and Storage Duration

Personal data collected by us will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or fulfillment of a contract.

Storage Periods in Detail

• Server log files: 6 months
• Contact requests: minimum 6 months, in case of business conclusion according to legal retention requirement (usually 10 years)
• User account data: Until account deletion
• Invoice data: 10 years (legal retention requirement)
• Tracking data: 24 months

If no specific storage duration has been specified, personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Longer storage only occurs if:

• provided for by European or national legislators in EU regulations, laws, or other provisions
• required for fulfilling a legal obligation
• required for asserting, exercising, or defending legal claims

Changes to Our Privacy Policy

We reserve the right to occasionally adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

The protection of your data is important to us! For questions, suggestions, or comments regarding data protection or security, please contact us by email at hi[at]mapstudio.ai.

Last updated: October 30, 2024