spreekit privacy policy

1 Introduction
In the following we inform you about the collection of personal data during use
● our website https://showroom.app/
● our profiles in social media.
Personal data are all data that can be related to a specific natural person, e.g. B. your name or your IP address.

1.1. contact details
The person responsible in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is spreekit GmbH, Besselstrasse 14, 10969 Berlin. We are legally represented by Tim Stautmeister & Thién D. Nguyen.
Our data protection officer is heyData UG (limited liability), Gormannstr. 14, 10119 Berlin, www.heydata.eu, email: info@heydata.de.

1.2. Scope of data processing, processing purposes and legal bases
The scope of the processing of the data, processing purposes and legal bases are detailed below. The following can be considered as the legal basis for data processing:
● Art. 6 para. 1 sentence 1 it. a GDPR serves as the legal basis for processing operations for which we obtain consent.
● Article 6 (1) sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. if a website visitor purchases a product from us or we perform a service for him. This legal basis also applies to processing that is required for pre-contractual measures, such as inquiries about our products or services.
● Art. 6 Paragraph 1 Clause 1 lit. c GDPR applies if we are fulfilling a legal obligation with the processing of personal data, as can be the case, for example, in tax law.
● Art. 6 Para. 1 S. 1 lit. f GDPR serves as the legal basis if we can invoke legitimate interests in processing personal data, e.g. for cookies that are necessary for the technical operation of our website.

1.3. Data processing outside the EEA
Insofar as we transmit data to service providers or other third parties outside the EEA, the security of the data when it is passed on, if available (e.g. for Canada and Israel), is guaranteed by adequacy decisions by the EU Commission (Art. 45 Par. 3 GDPR).
If there is no adequacy decision (e.g. for the USA), the legal basis for the transfer of data is as a rule, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 Para. 2 lit. b GDPR, they guarantee the security of the data transfer. Many of the providers have given contractual guarantees that go beyond the standard contractual clauses and that protect the data beyond the standard contractual clauses. These are, for example, guarantees with regard to the encryption of the data or with regard to a third party obligation to notify the data subject if law enforcement agencies want to access data.
The transfer of data to third parties in the United Kingdom of Great Britain and Northern Ireland is currently based on the transitional provisions in the trade and cooperation agreement between the European Union and the United Kingdom.

1.4. Storage period
Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, ie the data will be blocked and not processed for other purposes. This applies, for example, to data that we have to keep for commercial or tax law reasons.
1.5. Rights of the persons affected
Affected parties have the following rights vis-à-vis us with regard to their personal data:
● right to information,
● Right to correction or deletion,
● right to restriction of processing,
● Right to object to processing,
● right to data portability,
● Right to withdraw consent at any time.
Affected parties also have the right to complain to a data protection supervisory authority about the processing of their personal data.

1.6. Obligation to provide data
Customers, interested parties or third parties only need to provide us with personal data in the context of a business relationship or other relationship that is necessary for the establishment, implementation and termination of the business relationship or other relationship or that we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of a contract or the provision of a service or we will no longer be able to carry out an existing contract or other relationship.
Mandatory information is marked as such.

1.7. No automatic decision-making in individual cases
In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and implement a business relationship or any other relationship. If we use this procedure in individual cases, we will inform you separately, provided this is required by law.

1.8. contact
When you contact us, e.g. by e-mail or telephone, the data communicated to us (e.g. names and e-mail addresses) will be saved by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 Para. 1 S. 1 lit.f GDPR) to answer inquiries addressed to us. We delete the data that arises in this context after the storage is no longer required, or we restrict the processing if there are statutory retention requirements.

1.9. Customer surveys
From time to time we conduct customer surveys in order to get to know our customers and their wishes better. In doing so, we collect the requested data. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 Para. 1 S. 1 lit f GDPR. We delete the data when the results of the surveys have been evaluated.

2. Data processing on our website
2.1. Use of the website for information purposes
When using the website for informational purposes, i.e. when page visitors do not provide us with separate information, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 Para. 1 S. 1 lit.f GDPR.
These data are:
● IP address
● Date and time of the request
● Time zone difference to Greenwich Mean Time (GMT)
● Content of the request (specific page)
● Access status / HTTP status code
● Amount of data transferred in each case
● Website from which the request came
● Browser
● Operating system and its interface
● Language and version of the browser software.
This data is also stored in log files. They will be deleted when it is no longer necessary to save them, at the latest after 14 days.

2.2. Web hosting and providing the website
Our website is hosted on the basis of an order processing agreement (Art. 28 GDPR) Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel (data protection declaration: https://de.wix.com/about/privacy). The provider processes the personal data transmitted via the website, e.g. content, usage, meta / communication data or contact data. It is our legitimate interest to provide a website so that the legal basis for data processing is Art. 6 Para. 1 S. 1 lit.f GDPR.
We use Firebase as a content delivery network that helps make our website available. The provider is Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. The provider processes the personal data transmitted via the website, e.g. content, usage, meta / communication data or contact data. It is our legitimate interest to provide a website so that the legal basis for data processing is Art. 6 Para. 1 S. 1 lit.f GDPR.

2.3. contact form
When you contact us via the contact form on our website, we save the data requested there and the content of the message.
The legal basis for processing is our legitimate interest in answering inquiries addressed to us. The legal basis for processing is therefore Article 6 Paragraph 1 Sentence 1 Letter f GDPR.
We delete the data that arises in this context after the storage is no longer required, or we restrict the processing if there are statutory retention requirements.

2.4. Third party tools
2.4.1. Google Analytics
If the site visitor has given their consent, we use Google Analytics, a web analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland ("Google") on the basis of an order processing contract (Art. 28 GDPR). The service uses cookies. The cookies generate information about the use of the website by site visitors, including the pages accessed, the achievement of "website goals" (e.g. contact requests and newsletter registrations), the behavior on the pages (e.g. clicks, scrolling behavior and length of stay), the approximate location (country and city), the IP address of the site visitor (in abbreviated form so that no clear assignment is possible), technical information such as browser, Internet provider, device and screen resolution and the source of the visit (i.e. via which website or which advertising medium a page visitor came to us). These are usually transferred to a Google server in the USA and stored there. The legal basis for processing is the consent of the site visitor (Art. 6 Para. 1 S. 1 lit. a GDPR). Site visitors can revoke their consent at any time by contacting us using the contact details given above. The revocation does not affect the legality of the processing until the revocation.
Google uses this information to evaluate the use of our website by site visitors for us, to compile reports on the activities on this website and to provide us with additional services related to the use of this website and the internet. In doing so, pseudonymised usage profiles of the site visitors can be created from the data. Google does not combine the IP address transmitted by the visitor's browser with other data.
Further information on the use of data by Google can be found in Google's data protection declaration (https://policies.google.com/privacy). The personal data of the site visitors are deleted or anonymized after 14 months. The security of the data transfer to the USA is guaranteed by the standard data protection clauses adopted by the EU Commission (Art. 46 Para. 2 lit. c GDPR), which we have agreed with Google.

3. Data processing on social media platforms
We are represented in social media networks to present our company and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. For this purpose, the network operators store information on usage behavior in cookies on the user's computer. In addition, it cannot be ruled out that the operators will combine this information with other data. Further information and instructions on how users can object to processing by the website operator can be found in the data protection declarations of the respective operator listed below. It is also possible that the operators or their servers are located in non-EU countries so that they process data there. This can result in risks for users, for example because the enforcement of their rights is made more difficult or government agencies take access to the data.
When users of the networks contact us via our company profiles, we process the data communicated to us in order to answer the inquiries. This is our legitimate interest, so that the legal basis is Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR.

3.1. Facebook
We maintain a company profile on Facebook. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. One way to object to data processing is through settings for advertisements: https://www.facebook.com/settings?tab=ads.
On the basis of an agreement with Facebook within the meaning of Art. 26 GDPR, we are jointly responsible for processing the data of visitors to our profile. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Affected parties can exercise their rights both vis-à-vis us and Facebook. However, according to our agreement with Facebook, we are obliged to forward inquiries to Facebook. Those affected receive faster feedback if they contact Facebook directly.

3.2. Instagram
We maintain a company profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

3.3. LinkedIn
We maintain a company profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https: // https: //www.linkedin.com/legal/privacy-policy? _L = de_DE. One way to object to data processing is through the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4. Changes to this data protection declaration
We reserve the right to change this data protection declaration with effect for the future. A current version is always available here.

5. Questions and Comments
If you have any questions or comments regarding this data protection declaration, please do not hesitate to contact us using the contact details given above.

Besselstrasse 14

10969 Berlin
Germany

Managing Directors: Tim Stautmeister & Thién D. Nguyen

Registered at District Court Charlottenburg (Berlin)
Commercial register number: HRB 221784 B