Privacy Policy | empirio.ai

Legal basis for our services and basic information on the use and transfer of data

The information in this privacy policy serves to clarify the purpose, scope and nature of the processing of your personal data within our entire online offering and all associated websites, including their functions and content (hereinafter collectively referred to as "website" or "online offering"). This declaration applies to all platforms and devices (e.g. mobile devices or desktop PCs) on which our online offering is used or executed, regardless of the domains or systems used. This information is provided in accordance with Art. 13 GDPR. The terms used, such as "personal data" or their "processing", are explained in the definitions in Art. 4 of the General Data Protection Regulation (GDPR).Personal user data processed within this online offering includes, for example, personal data (such as customer names and contact data), as well as data on usage and customer entries within our online offering (e.g. details of a online-survey).The terms used, such as "user", "customer" or "service provider", are to be understood as gender-neutral. All personal user data is processed in compliance with the relevant data protection regulations. The basis for this is the existence of a legal authorisation and the consent of the user. If the data processing is necessary for the provision of our contractual services (e.g. order processing) or the online service (e.g. to ensure and comply with legal regulations), or also due to our legitimate interest (e.g. for the security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, analysis to optimise the security and efficiency of our operations, incl. profiling for advertising and marketing purposes, collection of reach and access data and third-party services), we will use the data within the scope of legal permission. Art. 6 para. 1 lit. a. and Art. 7 GDPR form the legal basis for the consents, Art. 6 para. 1 lit. b. GDPR serves as the legal basis for processing for the performance of contracts and services. The legal basis for the processing of data for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for the processing of data for the protection of our legitimate interests is Art. 6 para. 1 lit. f. GDPR.Distinction between Website Visitors, Members and Survey ParticipantsWe process different categories of personal data depending on the group of individuals concerned. To ensure transparency and help you understand which information is relevant to you, we distinguish between the following categories:Website Visitors You visit the website without registering or creating a user account.Members You have created a user account with empirio and/or create your own online surveys (so-called “survey creators”).Survey Participants You have received a survey created using empirio’s online services and/or have participated in such a survey.Where website visitors, members and survey participants are referred to collectively, they are referred to as “users”.What data do we generally process?For the purpose of providing our contractual and service-related offerings, we process member data (e.g. name, address and contact details), data relating to concluded contracts (e.g. services used, information on payment and billing) in accordance with Art. 6(1)(b) GDPR, as well as user inputs within our online services (e.g. responses in surveys created using empirio).The mandatory information required to create a user account is communicated to users during the registration process. User accounts are not indexed by search engines, as they are not publicly accessible. Data relating to terminated user accounts is deleted unless retention is required due to statutory commercial or tax obligations (Art. 6(1)(c) GDPR). Upon termination, users are responsible for securing their data prior to the end of the contract. We are entitled to permanently delete all data stored for the user during the term of the contract.To protect against misuse or unauthorized use and to safeguard our legitimate interests, we store the IP address and timestamp at the time of registration, subsequent logins and when users make use of our online services.As a general rule, this data is not disclosed to third parties. Exceptions apply where disclosure is necessary for the assertion of our legal claims or where we are legally obliged to do so pursuant to Art. 6(1)(c) GDPR.For marketing purposes, we may create a user profile based on usage data (e.g. visits to our websites) and content data (e.g. entries in forms or information provided in the user account) in order to display product information and offers that may be of interest to the user.Data processed by user category Website VisitorsAs a website visitor, we process the following data:<ul><li>Usage data (e.g. activities performed on the website)</li><li>Contact information (e.g. when you provide your email address via a contact form)</li><li>Access data and logs (server log files) to monitor misuse and ensure technical stability</li><li>Cookies</li><li>Device and browser data (e.g. information about your device, IP address, operating system)</li></ul>MembersIn addition to the data processed for website visitors, we process the following data for members:<ul><li>User account data (to use empirio’s services, a user account is required; at a minimum, first name, last name and email address are required)</li><li>Billing and payment data (where you make a payment to empirio, we process the data necessary for billing purposes)</li><li>Survey content created using empirio (e.g. questions and answers), which is processed in order to make the data available to you for further analysis</li></ul>Survey ParticipantsIn addition to the data processed for website visitors, we process the following data for survey participants:<ul><li>Responses to surveys created using empirio, which are processed for the purpose of analysis</li><li>The deletion of survey data is the responsibility of the respective survey creator (see Section 16). Where we process survey responses on behalf of the survey creator, the survey creator acts as the controller and empirio acts as the processor within the meaning of Art. 28 GDPR. Data subject rights are primarily to be exercised against the survey creator; we will support the survey creator in fulfilling such requests.</li></ul>

Disclosure of data to third parties and third-party providers

Data is only passed on to third parties within the framework of legal requirements. It only takes place if this is necessary for the purpose/fulfilment of the contract (in accordance with Art. 6 para. 1 lit. b) GDPR), or on the basis of legitimate interests in our economic and effective business operations (in accordance with Art. 6 para. 1 lit. f. GDPR). In order to comply with legal requirements and to protect personal data, we also take appropriate legal, technical and organisational measures when using subcontractors. If third-party services, tools or other means are used and the named registered office of this provider is located in a third country, a data transfer to this country is also likely. The GDPR is an EU regulation and applies to all member states anyway. Data is only transferred to countries outside the EU or the European Economic Area with legal authorisation, user consent or an adequate level of data protection in the respective third country. We identify these third-party providers in the following sections.Our websites and our e-mail service are hosted by Vercel Inc.(440 N Barranca Ave #4133, Covina, CA 91723, USA), Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855 Luxemburg), METAVISION GmbH (Untere Bachgasse 15, 93047 Regensburg, Deutschland) und Supabase, Inc., 65 Chulia Street #38-02/03, OCBC Centre, Singapore 049513 gehostet (so-called "hosters"). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hosting service provider.

Measures for protection and security

In order to protect the data processed by us against accidental or intentional manipulation, destruction, loss or access by unauthorised persons, and to comply with the provisions of data protection laws, we take technical, organisational and contractual security precautions in accordance with the state of the art. Check whether we use https The encrypted transmission of data between our server and your browser is one of the security measures used.

Fulfilment of contractual services

In order to fulfil our contractual and service obligations, we process inventory data (e.g. name and address as well as user contact data) and data on concluded contracts (e.g. services used, information on payment and shipping) in accordance with Art. 6 para. 1 lit b. GDPR. The mandatory information required to create a user account is provided to users during the registration process. It is not possible for search engines to index user accounts as they are not public. Data from cancelled user accounts will be deleted unless storage is necessary for commercial or tax law reasons (in accordance with Art. 6 para. 1 lit. c GDPR). In the event of cancellation, users are responsible for backing up their data before the end of the contract. We are authorised to irretrievably delete all user data stored during the term of the contract. To protect against misuse or unauthorised use and to safeguard our legitimate interests, we store the IP address and time of registration, re-registration and use of our online services by the user. In principle, this data is not passed on to third parties, with the exception of the pursuit of our claims or a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR. For advertising purposes, we create a user profile based on usage data (e.g. visits to our websites or specific product interests) and content data (entries in forms or details in the customer account) in order to be able to display product information and offers of interest to the user.

Contact by the user

To process user enquiries (by e-mail or contact form), the user's details are processed in accordance with Art. 6 para. 1 lit. b) GDPR. Our enquiry organisation (customer relationship management) may store the user's details under certain circumstances.

Online presence in social media

With consent within the meaning of Art. 6 para. 1 lit. a. GDPR, we maintain online presences on social networks and platforms. We use these to communicate with customers, interested parties and users and to provide information about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. If this privacy policy does not specify any further data processing, the data of users who communicate with us or interact with our content will be processed.

Measurement of reach and use of cookies

Cookies are small files that are stored on users' data carriers. We mainly use cookies (session cookies), which are deleted from the respective storage medium at the end of the browser session. Session cookies are required, for example, to enable shopping basket functions or the storage of your entries across several pages. However, we also use cookies that remain on the user's hard drive. This makes it possible to automatically recognise the user on a return visit and the preferred entries and settings. These cookies are stored on the hard drive for a period of one month to 10 years and delete themselves after the specified time. These cookies are primarily used to make the online offering more user-friendly, secure and effective. We also inform users within this privacy policy about the use of cookies in the context of pseudonymised reach measurement. If users wish to avoid the storage of cookies, this option can be deactivated in the browser settings. Cookies that have already been saved can also be deleted there, but the exclusion of cookies can lead to functional restrictions of our online offer. You can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://optout.networkadvertising.org">https://optout.networkadvertising.org</a><a target="_blank" rel="noopener" class="text-primary underline" href="https://optout.networkadvertising.org/"> </a>, the European website <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.youronlinechoices.com/uk/your-ad-choices">https://www.youronlinechoices.com/uk/your-ad-choices</a><a target="_blank" rel="noopener" class="text-primary underline" href="https://www.youronlinechoices.com/uk/your-ad-choices/"> </a>and also the US website <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.aboutads.info/choices">https://www.aboutads.info/choices</a>.

Collection of access data and records (log files)

For each access to our servers, we collect corresponding data (so-called server log files), including date and time, data volume, name of the website accessed, success message about the access, the operating system including browser type and version, the previously visited website, the IP address and the provider, in our legitimate interest within the meaning of (Art. 6 para. 1 lit. f. GDPR). For security reasons, the log file information is stored for a maximum of seven days to investigate fraud or misuse and then deleted. If certain data is required for evidentiary purposes, deletion will be postponed until the incident has been finally clarified.

Deployment and use of Google Analytics

Limited use of Google AnalyticsGoogle Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For the optimisation, analysis and economic operation of our online offer, we use Google Analytics in our own interest within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we use Google Analytics, but only in a very limited form. Data is only collected in anonymised form for statistical purposes. Google itself does not set any cookies and no data is used for advertising purposes. As a rule, Google truncates the IP address of the user within the EU or the EEA (activated IP anonymisation).Full use of Google AnalyticsFurthermore, with the user's consent (Art. 6 para. 1 lit. a.), we also use the full functionality of Google Analytics. In some cases, this uses cookies to analyse information about the use of the online offering by users. Google creates reports on our behalf about the use of our online offering. For this purpose and for other services on our behalf, information about the activities of users within our website is collected. This information can also be used to create pseudonymised user profiles.We use Google Analytics to display adverts placed by Google's advertising services (and its partners) only to those users who have certain characteristics (interest in certain topics or products, so-called remarketing). By using "remarketing audiences", we ensure that the corresponding adverts are not annoying and correspond to the potential interest of the user.Users can prevent the collection and processing of user data by downloading and installing the browser plugin available at this link: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://tools.google.com/dlpage/gaoptout?hl=en">https://tools.google.com/dlpage/gaoptout?hl=en</a> The storage of cookies can also be prevented by settings in the respective browsers or by withdrawing consent in our Consent Manager. At the beginning of this privacy policy, you can adjust your consent by opening the Consent Manager and making the appropriate settings. Further information on setting and objection options as well as data collection by Google can be found directly at Google: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://policies.google.com/technologies/partner-sites?hl=en">https://policies.google.com/technologies/partner-sites?hl=en</a><a target="_blank" rel="noopener" class="text-primary underline" href="https://policies.google.com/technologies/partner-sites?hl=en"> </a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://policies.google.com/technologies/ads">https://policies.google.com/technologies/ads</a>, you can also view and edit your ad settings here, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://myadcenter.google.com/personalizationoff?sasb=true&ref=ad-settings">https://myadcenter.google.com/personalizationoff?sasb=true&ref=ad-settings</a>.

Google Signals

With the separate consent of the user within the meaning of (Art. 6 para. 1 lit. a.), we use the Google Signal services that enable Google Analytics to measure cross-device interactions with our content.

Deployment and use of Google Re/marketing services

With the consent of the user within the meaning of (Art. 6 para. 1 lit. a. GDPR), we use the marketing and remarketing services ("Google Marketing Services" for short) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").We use Google Marketing Services to display adverts for and on our website in a more targeted manner, with the aim of presenting users primarily with adverts that are of potential interest to them. If, for example, adverts are displayed for products that the user was interested in on previous pages, this is referred to as "remarketing". On all websites (ours and others) on which Google marketing services are activated, a code from Google is executed immediately when the page is called up and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. As a result, an individual cookie (or comparable technology) is stored on the user's device. These can be set by various domains, including <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://doubleclick.net">doubleclick.net</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://googlesyndication.com">googlesyndication.com</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://admeld.com">admeld.com</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://google.com">google.com</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://invitemedia.com">invitemedia.com</a> or <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://googleadservices.com">googleadservices.com</a>. The stored file contains data on the websites visited by the user and which offers they have shown interest in. In addition, technical information about the operating system, the browser used, the duration of the visit, referring websites and use of the online offer is stored. As a rule, Google truncates the IP address of the user within the EU or the EEA (activated IP anonymisation). The IP address is not merged with other user data. Google may also combine user information with information from other sources. Accordingly, adverts that match the user's interest profile may also appear on our online offering.As part of the Google marketing service, all user data is processed pseudonymously. This means that neither the user's name nor e-mail address is stored. All relevant data is only stored as a user profile in relation to cookies. Adverts are therefore not person-dependent, but exclusively cookie-dependent. If the user has given Google permission, the data can also be processed without pseudonymisation.The integration of third-party adverts takes place, for example, on the basis of Google's "DoubleClick" or "AdSense". Both programmes use cookies that enable Google and its partner websites to place advertisements based on the user's website visits.You can deactivate interest-based advertising by Google marketing services by using the setting and opt-out options provided by Google: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://myadcenter.google.com/personalizationoff?hl=en&sasb=true&ref=ad-settings">https://myadcenter.google.com/personalizationoff?hl=en&sasb=true&ref=ad-settings</a>. You can adjust your consent at the beginning of this privacy policy by opening the Consent Manager and making the appropriate settings. The overview page <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.google.com/policies/technologies/ads">https://www.google.com/policies/technologies/ads</a><a target="_blank" rel="noopener" class="text-primary underline" href="https://www.google.com/policies/technologies/ads"> </a>from Google provides you with further information on the use of data for marketing purposes. The Google privacy policy can be <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.google.com/policies/privacy">https://www.google.com/policies/privacy</a>.

Google Tag Manager

In our legitimate interest within the meaning of (Art. 6 para. 1 lit. f. GDPR), we use the Google Tag Manager service to control and operate the website content. This is a tag management service that is provided on a cookie-less domain and supports us in the area of consent management as well as the integration of various third-party providers. This service is essential for the operation of the site.

Tag Manager Server

We also use Google Tag Manager Server, which enables us to combine external data communications. This service is operated on European Google Cloud servers, primarily based in Germany. This cloud server provider is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. Further information on data processing can be found at <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://cloud.google.com/terms/data-processing-terms">https://cloud.google.com/terms/data-processing-terms</a>

Google Customer Match

Purpose and legal basis: To improve measurement, our online conversions and optimisation of campaign control, we use the Google Customer Match Lists service on our website, an analysis service of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland: "Google"). By using Google Customer Match Lists, self-collected data provided by users of the website can be processed as hash values and assigned to the corresponding Google accounts of the customer in which the user was logged in when an interaction with the advert took place. The data collected in this way helps us to address visitors more effectively, to track conversions that would otherwise not have been recorded and to optimise our offer. Name, e-mail addresses, telephone numbers, addresses and identifiers provided by the customer may be collected.We would like to point out that it cannot be ruled out that data may be transferred to the USA. No level of data protection comparable to that in the EU can be guaranteed in the USA. For example, US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 49 para. 1 subpara. 1 lit. a GDPR (consent).You can revoke your consent at any time with effect for the future by accessing the consent settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.Further information and Google's privacy policy can be found at: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://business.safety.google/intl/de_ALL/compliance/#?modal_active=noneRecipients">https://business.safety.google/intl/de_ALL/compliance/#?modal_active=noneRecipients</a> (categories): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Integration and use of Facebook marketing services

With the consent of the user within the meaning of (Art. 6 para. 1 lit. a. GDPR), we use the so-called "Facebook pixel" for our online offer, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). We use the Facebook pixel to display our adverts only to those Facebook users who have also shown an interest in our online offering, certain products or topics. We also want to use the Facebook pixel to ensure that our adverts on Facebook correspond to the potential interest of users and are not annoying. The Facebook pixel enables us to determine the effectiveness of our Facebook ads and to compile statistics on how many users visit our online offering via an advert.When one of our websites is accessed, the Facebook pixel is automatically integrated into the page and a cookie can be stored on the user's device. If the user is logged in to Facebook during this time or logs in later, the visit to our online offering is also saved in the corresponding Facebook profile. The data collected is anonymised and does not allow us to draw any conclusions about the user's identity. However, Facebook itself stores and processes the data, which means that Facebook's own use for advertising or market research purposes is also possible through the connection to the respective Facebook profile. If it is necessary for us to synchronise the data with Facebook, it is first encrypted within the browser and only then sent by us to Facebook via a secure connection.The scope and processing of the data are set out in Facebook's data usage policy. You can also find basic information on Facebook adverts at: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.facebook.com/policy.php">https://www.facebook.com/policy.php</a>. Further information on Facebook Pixel and how it works can be found in Facebook's help section: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.facebook.com/business/help/651294705016616">https://www.facebook.com/business/help/651294705016616</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.facebook.com/policy.php">https://www.facebook.com/policy.php</a>. In the context of use, personal data is transmitted to Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. There is no adequacy decision by the European Commission. Data is transferred on the basis of the EU standard contractual clauses. It is possible to object to the collection of data by the Facebook pixel and to the use of your data to display Facebook ads. To do this, visit the page set up by Facebook and follow the instructions on the settings for usage-based advertising: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.facebook.com/settings?tab=ads">https://www.facebook.com/settings?tab=ads</a>. All settings are platform-independent, so the application works on all end devices (e.g. mobile or desktop devices). You can view and change whether the collection of your data using the Facebook pixel is activated on our website in our Consent Manager. Furthermore, you can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://optout.networkadvertising.org">https://optout.networkadvertising.org</a>, the European website <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.youronlinechoices.com/uk/your-ad-choices">https://www.youronlinechoices.com/uk/your-ad-choices</a> and also the US website <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.aboutads.info/choices">https://www.aboutads.info/choices</a>.

Customer feedback and Trustpilot

To improve our service (the "Purpose"), we collect customer feedback, for which we work with an external company, Trustpilot A/S ("Trustpilot").Customers may be asked to rate our service on our website. If you would like to receive a review invitation from Trustpilot by e-mail, you must agree to receive and transmit your name, e-mail address and order number to Trustpilot.If you would like to find out more about how Trustpilot processes your data, you can view the company's privacy policy <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms">here</a>.

Use of the e-mail dispatch and newsletter offer

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. Registration and subscription to our newsletter are carried out in a so-called double opt-in procedure. This means that after registering with <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://empirio.ai">empirio.ai</a>, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are saved. If there is a double opt-in for the <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="http://empirio.ai">empirio.ai</a> account, the newsletter can also be subscribed to via a single opt-in in the login area. This serves to prevent misuse of the services or the data subject's e-mail address.The data will not be passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter and transactional e-mails. Subscription to the newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link in every newsletter for this purpose. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. Use of BrevoDescription and purpose: We use Brevo to send newsletters and transactional e-mails. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Brevo is used, among other things, to organise and analyse the sending of newsletters and transactional e-mails. The data you enter for the purpose of subscribing to the newsletter is stored on Brevo's servers in Germany. If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with Brevo contain a so-called tracking pixel, which connects to the Brevo servers when the e-mail is opened. This allows us to determine whether a newsletter message has been opened. We can also use Brevo to determine whether and which links in the newsletter message are clicked on. All links in the e-mail are so-called tracking links with which your clicks can be counted.Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.Recipient: The recipient of the data is Sendinblue GmbH. We have concluded an order processing contract with Brevo, in which we oblige Brevo to protect our customers' data and not to pass it on to third parties.Transmission to third countries: Data is not transferred to third countries.Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from Brevo's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses etc. for the member area) remain unaffected by this.Cancellation option: You have the option of cancelling your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.Further data protection information: For more information, please refer to Brevo's data security information at: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.brevo.com/legal/privacypolicy/">https://www.brevo.com/legal/privacypolicy/</a>.

Integration of third-party services and content

Our online offering also includes content from third-party providers. In our legitimate interest (within the meaning of Art. 6 para. 1 lit. f. GDPR). For the content and its presentation (e.g. videos or fonts), it is necessary for the third-party providers to recognise the user's IP address. This is essential for sending the content to the browser. When selecting third-party providers, we ensure that we only use providers that only use the IP address to deliver the content. Third-party providers may also use web beacons or pixel tags to collect data for statistical and marketing purposes. This allows, for example, information about visitors to the website to be analysed. All data can be stored pseudonymised in cookies on the device used by the user. This data includes technical information on the operating system and browser as well as data on the use of the website. This data can also be combined with data from other sources. Below you will find an overview of the third-party providers integrated by us, including links to the corresponding data protection declarations. These also contain further information on objection options and opt-out options, if these are possible.If the user uses payment services from third-party providers (e.g. PayPal or Stripe), the data protection information and terms and conditions of the respective third-party provider apply.Company: PayPal (Europe) S.à r.l. et Cie, S.C.A. Street: 22-24 Boulevard Royal Postcode City: 2449 Luxembourg Country: Luxembourg Privacy Policy: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://www.paypal.com/myaccount/privacy/privacyhub">https://www.paypal.com/myaccount/privacy/privacyhub</a> Company: Stripe, Inc., Street: 510 Townsend Street Postcode city: 94103 San Francisco, CA Country: USA Privacy Policy: <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="https://stripe.com/privacy">https://stripe.com/privacy</a>

Use of AI-based services

As part of our services, we use AI-based technologies provided by specialized third-party providers to deliver certain functionalities, in particular for the analysis, structuring, processing, or generation of texts and content.For this purpose, we use, among others, the services of the following providers:<ul><li>OpenAI OpCo, LLC, USA</li><li>Groq, Inc., USA</li></ul>When using these AI-based features, content may be processed depending on how users interact with the services. Such content may include personal data. Processing is carried out exclusively for the purpose of providing the respective function within our services.The integration of these AI service providers is based either on:<ul><li>the performance of contractual obligations towards our users (Art. 6(1)(b) GDPR), or</li><li>our legitimate interest in providing modern, efficient, and high-performance functionalities (Art. 6(1)(f) GDPR).</li></ul>Where personal data is processed, this is done exclusively on the basis of appropriate contractual arrangements. We ensure that the AI service providers used do not process personal data for their own training or improvement purposes, but solely for the purpose of providing the requested service.As these providers are located in a third country outside the European Union, personal data may be transferred to such countries. Any such transfer takes place only in compliance with the requirements of Art. 44 et seq. GDPR, in particular on the basis of appropriate safeguards such as EU Standard Contractual Clauses or, where applicable, an adequacy decision.We recommend that no sensitive data (e.g. health data) be entered into free-text fields unless this is strictly necessary.

Personal rights of users

Upon request, every user can obtain information about their personal data stored by us. In addition, users have the right to have incorrect data corrected and to restrict the processing and deletion of their personal data. The right to data portability can also be asserted. A complaint can be lodged with the competent supervisory authority at any time. Any consent given by the user can be revoked at any time, with future effect only.

Data deletion

Personal data that is not subject to statutory retention obligations is deleted as soon as it is no longer required for the purpose for which it was collected. User accounts and survey data are deleted within 7 days after deletion by the user. Until that time, the data is retained as a backup, for example to allow the recovery of content that was deleted unintentionally.Where deletion is not possible due to statutory requirements or other legally permissible purposes, the processing of the data is restricted. In such cases, the data is blocked from further processing for purposes other than those required by law.Retention takes place in accordance with Section 257(1) of the German Commercial Code (Handelsgesetzbuch – HGB) for a period of 6 years (e.g. commercial books, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting records), and in accordance with Section 147(1) of the German Fiscal Code (Abgabenordnung – AO) for a period of 10 years (e.g. books, records, management reports, accounting records, commercial and business correspondence, tax-relevant documents).Data collected via Google Analytics is fully anonymized after 50 months. Data collected via the Facebook Pixel is stored without a predefined retention period.

Right to object and other rights

If the user has given their consent to the processing of their personal data for one or more specific purposes, they have the right to withdraw their consent with effect for the future. In particular, the user has the right to object to the processing of personal data within the scope of legitimate interests at any time free of charge with effect for the future. An e-mail to <a target="_blank" rel="noopener noreferrer nofollow" class="text-primary underline" href="mailto:info@empirio.ai">info@empirio.ai</a> or to the above-mentioned postal address is sufficient for this purpose. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. A competent authority is, for example, the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hanover. However, the user can also choose a different one.

Obligation to provide data

The provision of the following data is mandatory (mandatory information):<ul><li>Fulfilment of the contract</li></ul>The provision of the following data is mandatory for the conclusion of a contract (mandatory information)<ul><li>First name and surname</li><li>The following data must be provided in order to use the newsletter:</li></ul>The following data must be provided in order to use the newsletter:<ul><li>E-mail address</li></ul>All other information is not required for the conclusion of the contract and is therefore voluntary. If the mandatory information required for the conclusion of the contract is not provided, no contract will be concluded. Failure to provide the voluntary information has no influence on the conclusion of the contract.Use of the contact form or other contact:The provision of the following data is mandatory for processing an enquiry via the contact form (mandatory information):<ul><li>Name</li><li>E-mail address</li></ul>All other information is not required for processing a contact enquiry and is therefore voluntary. If the mandatory information required for processing a contact enquiry is not provided, the enquiry will not be processed. Failure to provide the voluntary information has no influence on the processing of the contact enquiry. There is no obligation to provide data for the processing of any other enquiry.Automated decision-making:Automated decision-making, including profiling, does not take place.

Updating the privacy policy

We reserve the right to amend this privacy policy in the event of changes to the legal situation or changes to our services or data processing. However, this only applies with regard to declarations on data processing. If user consent is required or if parts of the privacy policy contain provisions of the contractual relationship with the users, changes are only possible with the consent of the users. We ask users to regularly obtain independent information about the content of the privacy policy.Note: These Privacy Notices are provided in German and English. In case of discrepancies or interpretation issues, the German version shall prevail.