Data Protection at a Glance

1. General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the topic of data protection, please refer to our privacy policy provided below this text.

Data Collection on This Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This can include data that you enter into a contact form, for example.
Other data is collected automatically or after your consent when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of the page request). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of processing your personal data under certain circumstances. Furthermore, you have a right to complain to the competent supervisory authority.
If you have any questions regarding data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

Your browsing behavior may be statistically analyzed when visiting this website. This is done primarily with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host or hosts. This may mainly involve IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access, and other data generated through a website.

The external hosting is for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) lit. f GDPR). If consent has been requested, processing only takes place based on Art. 6 (1) lit. a GDPR and § 25 (1) TDDGG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in the sense of the TDDGG. The consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following host(s):

SCAPES GmbH
Georgenstr. 119
87079 Munich

Order Processing

We have concluded a contract for order processing (AVV) for the use of the aforementioned service. This is a contract required by data protection regulations, which ensures that this processes the personal data of our website visitors only according to our instructions and in accordance with the GDPR.

Cloudflare

We use the "Cloudflare" service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").
Cloudflare provides a globally distributed content delivery network with DNS. In doing so, the technical information transfer between your browser and our website is routed through Cloudflare's network. This allows Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the internet. In this context, Cloudflare may also use cookies or other technologies to recognize internet users, which are only used for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our web offering as error-free and securely as possible (Art. 6 (1) lit. f GDPR).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details and further information on safety and data protection at Cloudflare, please find here:
https://www.cloudflare.com/privacypolicy/
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards. For further information, please contact the provider:
https://www.dataprivacyframework.gov/participant/5666

Order Processing

We have concluded a contract for order processing (AVV) for the use of the aforementioned service. This is a contract required by data protection regulations, which ensures that this processes the personal data of our website visitors only according to our instructions and in accordance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains which data we collect, how we use it, and for what purpose.
We would like to point out that data transmission over the internet (e.g., when communicating via email) can have security gaps. A complete protection of the data against access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:
smao GmbH
Glogauer Str. 5
10999 Berlin
Germany
Telephone: +491726001504
Email: business@smao.ai
The responsible body is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a specifically longer storage duration is stated in this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate deletion request or revoke consent to data processing, your data will be deleted – unless we have other legally permissible reasons for the storage (e.g., tax or commercial retention periods). In the latter case, deletion will occur after these reasons no longer apply.

General Notes on the Legal Bases of Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR (if special categories of data are processed). In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place based on Art. 49 (1) lit. a GDPR.
If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing also takes place based on § 25 (1) TDDDG. The consent can be revoked at any time.
If your data is necessary for the fulfillment of a contract or for carrying out pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR.
Furthermore, we process your data if it is required to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR.
Data processing may also take place on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR.
The respective legal bases applicable in each individual case will be informed in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer:
heyData GmbH
Schützenstraße 5
10117 Berlin
Germany
Telephone: [Phone number of the data protection officer]
Email: datenschutz@heydata.eu

Recipients of Personal Data

As part of our business operations, we work with various external parties. This sometimes also requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer according to Art. 6 (1) lit. f GDPR, or if any other legal basis allows this. When engaging processors, we only pass on the personal data of our customers based on a valid contract for order processing. In the case of joint processing, a contract for joint processing is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke a consent that you have already given at any time. The legality of the data processing that has taken place up to the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and Against Direct Advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
The respective legal basis upon which processing is based can be found in this privacy policy.
IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS RELATED TO SUCH DIRECT ADVERTISING.
IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ART. 21 (2) GDPR).

Right to Complain to the Competent Supervisory Authority

In the event of violations of the GDPR, affected individuals have the right to complain to a supervisory authority, particularly in the member state of their usual residence, their workplace, or the location of the suspected infringement. The right to complain is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only occur to the extent technically feasible.

Information, Correction, and Deletion

You have the right, within the framework of the applicable legal provisions, to obtain information free of charge about your stored personal data, its origin and recipients as well as the purpose of data processing and, if applicable, a right to correction or deletion of this data at any time.
You can contact us at any time regarding this and further questions about personal data.

Right to Restrict Processing

You have the right to request the restriction of processing your personal data. You can contact us at any time regarding this. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing your data.

• If the processing of your personal data has been unlawful, you may request the restriction of data processing instead of deletion.

• If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.

• If you have lodged an objection under Art. 21 (1) GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing your data.
  If you have restricted the processing of your data, this may only be processed – apart from its storage – with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a member state.

SSL and TLS Encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and a lock symbol is displayed.
If SSL/TLS encryption is activated, the data transmitted to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our internet pages use so-called "cookies." Cookies are small data packets that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after you finish visiting, while persistent cookies remain stored until you delete them yourself or a deletion occurs automatically by your browser.
Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies). The latter enable, for example, the integration of payment services.
Cookies serve different functions: Some are technically necessary since certain website functions would not work without them (e.g., shopping cart function or video display), while others are used for evaluating user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, the provision of desired functions (e.g., shopping cart function), or for optimizing the website (e.g., measuring web audiences) are stored based on Art. 6 (1) lit. f GDPR – unless another legal basis is stated. The website operator has a legitimate interest in storing these necessary cookies. If consent for the storage of cookies has been requested, processing is carried out solely on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of the website may be restricted.
Which cookies and services are used on this website can be found in this privacy policy.

Consent with Usercentrics

This website uses the consent technology from Usercentrics to obtain your consent for the storage of certain cookies or the use of certain technologies and to document this in compliance with data protection regulations. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/
When you enter our website, the following personal data is transmitted to Usercentrics:
– Your consent(s) or the revocation of your consent(s)
– Your IP address
– Information about your browser
– Information about your device
– Time of your visit
– Geolocation
In addition, Usercentrics saves a cookie in your browser to assign the given consents or their revocation. This data is stored until you request its deletion, delete the cookie yourself, or the purpose no longer exists. Mandatory legal retention periods remain unaffected.
The Usercentrics banner on this website was configured using eRecht24 – recognizable by the eRecht24 logo in the banner. For this purpose, a connection to the image server of eRecht24 is established, during which your IP address (in anonymized form) is also transmitted. The image server is located in Germany.
The use of Usercentrics is for obtaining the legally required consents. The legal basis is Art. 6 (1) lit. c GDPR.

Order Processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This contract ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Requests via Email, Phone, or Fax

If you contact us via email, phone, or fax, your request along with all resulting personal data (e.g., name, request) will be stored and processed for the purpose of handling it. This data will not be disclosed without your consent.
The processing is based on Art. 6 (1) lit. b GDPR, provided your request is related to a contract or is necessary for the execution of pre-contractual measures. In all other cases, processing is based on our legitimate interest (Art. 6 (1) lit. f GDPR) or your consent (Art. 6 (1) lit. a GDPR, if obtained; this can be revoked at any time).
The data transmitted to us will remain until you request its deletion, revoke your consent, or the purpose ceases (e.g., after the processing is completed).

Meetergo

We have integrated Meetergo on this website. The provider is Meetergo GmbH, Hauptstr. 44, 40789 Monheim am Rhein.
Meetergo enables online appointment scheduling. For this, we process personal master data, communication data (e.g., phone, email), content data for the contact (title, area of interest, comment), usage behavior, IP address, referrer URL, and access time.
The legal basis is Art. 6 (1) lit. f GDPR. If consent exists, processing occurs solely on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; the consent can be revoked at any time.
For further details, please refer to the provider's privacy policy at: https://meetergo.com/datenschutz/

Order Processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service, which ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

5. Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager allows us to integrate tracking or statistics tools and other technologies on our website. It does not create user profiles, store cookies, or perform its own analyses – it only serves to manage the integrated tools. However, it does capture your IP address, which may also be transmitted to the parent company of Google in the USA.
The use occurs on the basis of Art. 6 (1) lit. f GDPR; if consent has been obtained, processing is based on Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG (the consent can be revoked at any time).
The company is certified under the "EU-US Data Privacy Framework" (DPF). Further information can be found at: https://www.dataprivacyframework.gov/participant/5780

Plausible Analytics

We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, VÄstriku tn 2, 50403 Tartu, Estonia.
With this tool, we analyze the behavior of our website visitors. Among other things, the data collected includes page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. HTTP request and IP address are stored in a hash for 24 hours, allowing recognition within this period – however, direct identification does not occur.
If consent has been obtained, the use occurs solely on the basis of Art. 6 (1) lit. a GDPR and § 25 TDDDG; otherwise, on the basis of Art. 6 (1) lit. f GDPR.

Order Processing

We have concluded an AVV for the use of the service, which ensures that the data of our website visitors are processed only according to our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads – an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows advertisements to be displayed in the Google search engine or on third-party websites based on search terms (keyword targeting) as well as user data such as location and interests (audience targeting).
The use occurs on the basis of your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; consent can be revoked at any time).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission (details: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/).
The company is certified under the "EU-US Data Privacy Framework" (DPF); for more information: https://www.dataprivacyframework.gov/participant/5780

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With this tool, Google and we can see if users have performed specific actions on the website (e.g., clicks on buttons, viewed or purchased products). No personally identifiable information is transmitted to us, only aggregated data.
The use occurs on the basis of your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; consent can be revoked at any time).
More information can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=de
The company has a DPF certification; details: https://www.dataprivacyframework.gov/participant/5780

Meta Pixel (formerly Facebook Pixel)

This website uses the Meta Pixel for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The pixel can track actions of page visitors when they are directed to the website by clicking on a Meta advertisement. This assesses the effectiveness of advertisements for statistical purposes and to optimize future measures.
The data collected is anonymous; we cannot trace it back to individual users. However, Meta stores and processes this data, allowing for identification with user profiles (on Facebook or Instagram) – according to the Meta Data Usage Policy (https://de-de.facebook.com/about/privacy/).
The use occurs on the basis of your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; consent can be revoked at any time).
If personal data is collected and transmitted to Meta using the pixel, we and Meta are jointly responsible for such processing (Art. 26 GDPR). The joint responsibility relates solely to the collection and transmission of the data; subsequent processing by Meta is not our responsibility. The details are regulated by an agreement on joint processing, which can be viewed at: https://www.facebook.com/legal/controller_addendum
The data transfer to the USA is based on standard contractual clauses (details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381).
Further notes can be found in Meta's privacy policy (https://de-de.facebook.com/about/privacy/).
You can also disable the remarketing function "Custom Audiences" via https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen – an account with Facebook is required for this.
If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta via http://www.youronlinechoices.com/de/praferenzmanagement/.
The company has a DPF certification; details: https://www.dataprivacyframework.gov/participant/4452

Meta Conversion API

We have integrated the Meta Conversion API. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the Conversion API, we capture interactions of website visitors (e.g., time of the request, accessed webpage, IP address, user agent, and possibly other specific data such as purchased products, cart value, and currency) and transmit these to Meta to improve advertising performance on Facebook and Instagram.
The use occurs on the basis of your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; consent can be revoked at any time).
If personal data is collected in this way and transmitted to Meta, we and Meta are jointly responsible (Art. 26 GDPR); the details are regulated by an agreement on joint processing (https://www.facebook.com/legal/controller_addendum).
The data transfer to the USA is based on standard contractual clauses (see https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381).

Meta Custom Audiences

We use Meta Custom Audiences. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you use our websites, apps, or offers, we collect your personal data. If you consent to the use of Meta Custom Audiences, this data will be transmitted to Meta to display targeted advertising. Additionally, these data can be used to define target groups (Lookalike Audiences).
Meta processes the data as a processor for us; details can be found in the relevant usage agreement at: https://www.facebook.com/legal/terms/customaudience
The use occurs on the basis of your consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG; consent can be revoked at any time).
The data transfer to the USA is based on standard contractual clauses (see https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing).
The company has a DPF certification; details: https://www.dataprivacyframework.gov/participant/4452

6. Plugins and Tools

YouTube with Extended Privacy

This website embeds videos from YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When visiting a page that has YouTube videos embedded, a connection to the YouTube servers is established, notifying YouTube of which of our pages you have visited. If you are logged in to your YouTube account, your browsing behavior can be assigned directly to your profile – you can prevent this by logging out.
We use YouTube in extended privacy mode. This means that videos played in this mode are not used to personalize browsing on YouTube. Ads in this mode are also not personalized. No cookies are set; however, so-called local storage elements may be stored in the browser, which function similarly to cookies.
Further details can be found at: https://support.google.com/youtube/answer/171780
After activating a YouTube video, additional data processing operations may be triggered, over which we have no influence.
The use occurs in the interest of an appealing presentation of our online offers and is based on our legitimate interest (Art. 6 (1) lit. f GDPR). If consent has been obtained, the processing occurs solely on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG (consent can be revoked at any time).
For more information about YouTube data protection, please refer to their privacy policy at: https://policies.google.com/privacy?hl=de
The company has a DPF certification; details: https://www.dataprivacyframework.gov/participant/5780

Google Fonts (Local Hosting)

This page uses Google Fonts for a uniform presentation of fonts. The fonts are installed locally, so there is no connection to Google's servers.
Further information can be found at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de