Privacy Policy

Please note that the German version of this privacy policy is the original and is authoritative in case of any interpretation issues. Translations are provided for informational purposes only and are not legally binding.

Date: July 3rd, 2026

The protection of your personal data is very important to us, which is why we would like to list all the information about the processing and storage of your data when you visit our website and in our company.

In order to be able to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG 2021).

RESPONSIBLE BODY

chatarmin.com GmbH

Johannesgasse 23/5

1010 Vienna

Austria

Contact: [email protected]

You can find more information in the imprint.

All employees are obliged to maintain confidentiality and to handle your data properly and to enter it correctly into our data processing systems.

DATA PROTECTION OFFICER

Data Protection Officer: SCALELINE Datenschutz - Mag.a iur. Elisa Drescher

E-mail: [email protected]

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption process on our website. Your data is transmitted over the internet from your computer to our computer and vice versa using what is known as TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the internet. You can usually recognise "TLS" by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

These are

  • IP address of the user,
  • Date and time of access,
  • Type of request,
  • Customer information such as type and version,
  • Operating system of the user (device, OS version of the device),
  • Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup. The data collected is stored in server log files that your browser automatically transmits to us in encrypted form. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

For the provision of files and media content on our website, we use the services of Amazon Web Services EMEA SARL, 5 Rue Plaetis, L-2338 Luxembourg. We have concluded a data processing agreement with Amazon Web Services EMEA SARL in accordance with Art. 28 GDPR, which ensures that Amazon only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. The files are stored and delivered exclusively on servers in Frankfurt am Main, Germany (region eu-central-1). No transfer to third countries takes place. The legal basis for the processing is our legitimate interest in a reliable and high-performance provision of our website content (Art. 6 para. 1 lit. f GDPR). Further information can be found in Amazon's privacy policy: https://aws.amazon.com/privacy/

For the management and delivery of the content of our website, we use the content management system Sanity of the provider Sanity Inc., 548 Market St, San Francisco, CA 94104, USA. We have concluded a data processing agreement with Sanity in accordance with Art. 28 GDPR, which ensures that Sanity Inc. only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. As Sanity, Inc. is a US company, data may be transferred to the USA. The transfer is based on standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR. The legal basis for the processing is our legitimate interest in the efficient management and provision of our website content (Art. 6 para. 1 lit. f GDPR). Further information can be found in Sanity's privacy policy: https://www.sanity.io/legal/privacy

2. ENQUIRIES VIA THE CHAT BY CHATARMIN.COM AND USE OF ARMINCX

For direct and uncomplicated contact, we offer you the option of sending us a message via chatarmin. By clicking on "Start Chat" you will be redirected to WhatsApp Business and can start the chat with us from there. Furthermore, we use our own service armin.cx on social media.

Data processing in this context is based on the legal basis of contract fulfilment or contract initiation in accordance with Art. 6 para. 1 lit. b) GDPR. The chat via WhatsApp or armin.cx is not intended for you to exchange sensitive data such as health data, data on religious affiliation or data on ethnic origin. Please do not send us this sensitive data.

It goes without saying that we will treat any personal data you provide to us in the context of enquiries as confidential. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

In the context of the use of WhatsApp, WhatsApp Ireland Limited is the recipient of your data and processor in accordance with Art. 28 GDPR. WhatsApp is a product of the Meta Companies (formerly Facebook Inc.). In the context of Messenger, your data will also be transferred to third countries outside the European Union for which no adequacy decision exists. The legal basis for the transfer of data to third countries such as the USA in the context of use are standard contractual clauses pursuant to Art. 46 para. 1 lit. c) GDPR.

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries in response to our replies.

3. REGISTER FOR CHATARMIN AND USER ACCOUNT

A user account is required to use chatarmin, which can be created by providing an email address and a password. In this context, we store the IP address and the time of the respective user action on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR when you register, log in or use your user account. We do this to prevent misuse and unauthorised use, which is in our and the users' interests. In principle, we do not pass this data on to third parties unless it is necessary to enforce our claims or required by law.

Within the user account, we store information about your company (telephone number, address, e-mail address, team members and their roles), contact details of your customers (telephone numbers, campaigns, ...). This data is stored exclusively for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

We store your data for the duration of the contract. In the event of cancellation, you are obliged to back up your data in good time.

4. BOOKING APPOINTMENTS

For booking appointments on our website, we use the service iClosed of You Scale LLC (Closed), based in San Francisco, USA. iClosed is an AI-supported appointment booking and sales scheduling tool that interested parties can use to arrange a meeting with us directly.

The integration of iClosed and the booking of appointments only takes place after your express consent (Art. 6 para. 1 lit. a) GDPR). Only after your consent via our cookie consent tool is the iClosed widget loaded and a connection to the iClosed servers established.

As part of the booking process, personal data such as your name, your e-mail address and other information you provide in the booking form is transmitted to iClosed and processed there in the context of order processing in accordance with Art. 28 GDPR. The legal basis for the appointment booking and reminder is your consent pursuant to Art. 6 para. 1 lit. a) GDPR, which can be revoked at any time. As You Scale LLC is a US company, data may be transferred to the USA. The transfer is based on standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c) GDPR. A data processing agreement pursuant to Art. 28 GDPR exists between us and iClosed.

You can revoke your consent at any time with effect for the future by adjusting your cookie settings. Further information can be found in the iClosed privacy policy: https://www.iclosed.io/privacy-policy

5. WHITEPAPER DOWNLOAD

If you download our whitepaper, we process the personal data you enter in the form (first name, last name, shop URL and WhatsApp number) exclusively on the basis of your express consent pursuant to Art. 6 para. 1 lit. a) GDPR.

By submitting the form, you consent to us using your data to provide you with the requested whitepaper and to inform you about our products, services and relevant content via WhatsApp and other channels. Your WhatsApp number is processed via our Chatarmin platform for the purpose of direct communication via WhatsApp Business.

Your consent is voluntary and can be revoked at any time with effect for the future without any disadvantages for you. You can revoke your consent at any time via the unsubscribe link in our messages or by informally notifying us. After revocation, your data will no longer be processed for marketing purposes.

Your data will not be passed on to third parties unless this is technically necessary for the provision of the whitepaper or for carrying out the communication.

6. USE OF WEB ANALYSIS TOOLS AND COOKIES

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via the browser when you visit a website. This serves to recognise the website visitor. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

Cookies themselves do not contain any personal data about users, they are only used to uniquely identify what our customers find interesting and useful on our website. We also use so-called "web beacons" (small graphic images, also known as "pixel tags" or "clear GIFs") on our website. They are used together with cookies to track general user behaviour on the website.

The legal basis for the processing of personal data using cookies and other technologies is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you give us via the so-called "consent banner" as soon as you visit our website for the first time.

We use cookies for the following purposes:

  • Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
  • External services: For the integration of externally hosted videos.

The data processed by necessary cookies is required for the purposes listed below to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our so-called "Cookie Consent Tool" to set which cookie categories you would like to consent to when visiting our website.

Once cookies have been saved, you can delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.

As part of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialised service providers, in particular from the online marketing sector. These process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All companies listed as providers in our cookie notice act as so-called processors.

To obtain the consents required under data protection law, we use the cookie consent technology of "Cookiebot" by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

It serves to obtain the legally required consents for the use of cookies and other data processing subject to consent. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest lies in the legally compliant documentation and verifiability of consents in order to fulfil accountability obligations. No personal data is stored.

SALESVIEWER

On this website, data is collected and stored for marketing, market research and optimisation purposes using SalesViewer® technology from SalesViewer® GmbH, based in Bochum, Germany, on the basis of the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR).

For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent future collection by SalesViewer® within this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again. Furthermore, a data processing agreement in accordance with Art. 28 GDPR exists with SalesViewer GmbH.

The data stored in the context of SalesViewer® will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing its deletion.

INTEGRATION OF LOOM VIDEOS

We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos does not automatically result in the third-party provider's content being reloaded, we only display locally stored preview images of the videos in a first step. This means that the third-party provider does not receive any information.

Only after clicking on the preview image is content from the third-party provider loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view the certification of Loom Inc. (Atlassian, Inc.) here.

Provider of the video service:

Loom Inc.

If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the preview images.

USE OF MICROSOFT CLARITY

With your consent in accordance with Art. 6 para. 1 lit. a) GDPR, we use Microsoft Clarity, a service provided by Microsoft Ireland Operations Limited, on our website. Data transfers to Microsoft Corporation, based in the USA, are carried out on the basis of the adequacy decision for the USA, which you can view here. Clarity analyses the performance of our website in anonymous form. This provides us with so-called heat maps, for example. Heat maps show us which parts of our website are particularly popular and help us to better tailor our website to the needs of our users. This is also the purpose of the processing. The storage period for the collected data can be found in the information provided in the cookie banner. Microsoft processes the data in accordance with our instructions and on our behalf. We have concluded a corresponding data processing agreement with Microsoft. Further information on Microsoft Clarity can be found at https://clarity.microsoft.com

CLOUDFLARE WEB ANALYTICS

To analyse the performance of our website, we use the service Cloudflare Web Analytics of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. We have concluded a data processing agreement with Cloudflare in accordance with Art. 28 GDPR, which ensures that Cloudflare, Inc. only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Cloudflare Web Analytics collects anonymised usage data such as page views, dwell time and technical device information without setting cookies or tracking individual users across websites. The processing is based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR, which can be revoked at any time.

As Cloudflare, Inc. is a US company, data may be transferred to the USA. Cloudflare participates in the EU-US Data Privacy Framework, ensuring an adequate level of data protection. Further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

LINKEDIN INSIGHT TAG

As part of the use of the conversion tracking tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited, based in Ireland, we process personal data jointly with LinkedIn in accordance with Art. 26 GDPR, provided that you have given your consent via the consent banner. The agreement on joint responsibility underlying the cooperation with LinkedIn can be accessed here. LinkedIn is an American company based in California. Personal data is also processed in the USA. For the USA, there is currently an adequacy decision and valid certification under the Data Privacy Framework for LinkedIn Corporation.

The LinkedIn Insight Tag collects data about your use of our website. LinkedIn does not share personal data with the website owner, but provides reports and notifications (in which you are not identified) about the website audience and ad performance. LinkedIn also offers retargeting for website visitors, allowing the website owner to use this data to display targeted advertising outside of their website without identifying the member. LinkedIn uses the data, which according to LinkedIn does not identify you, to improve the relevance of ads and reach members across devices. You can find out more about the LinkedIn Insight Tag directly on LinkedIn. LinkedIn also uses the data for its own advertising purposes and for the advertising purposes of third parties in accordance with the LinkedIn Data Policy. There you will also find further information on how you can exercise your data subject rights described below with regard to your data processed by LinkedIn directly against LinkedIn. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Facebook Pixel

As part of the use of the so-called Facebook pixel, cookies are set on our website with your consent (see cookies with provider or name "Facebook"). In addition to us, Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook), is jointly responsible for the data processing associated with the pixel in accordance with Article 26 GDPR. You can access the agreement on which the cooperation with Facebook is based here. The pixel collects data about your use of our website and compares it with Facebook's data in order to show you customised advertising from us on Facebook's websites. Facebook also uses the data for its own advertising purposes and for third-party advertising purposes in accordance with the Facebook Data Policy. This also contains further information on how you can assert your data subject rights as described below directly against Facebook with regard to your data processed by Facebook.

_fbp .chatarmin.com 3 months Marketing This cookie is set by Facebook to display adverts either on Facebook or on a digital platform supported by Facebook advertising after visiting the website.
lastExternalReferrerTime Meta Platforms, Inc. Persistent Marketing Local Storage: Determines how the user reached the website by registering their last URL address.
lastExternalReferrer Meta Platforms, Inc. Persistent Marketing Local Storage: Determines how the user reached the website by registering their last URL address.

Use of Google Analytics

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) ("Google").

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable the use of the website by the user to be analysed. The information obtained by the cookies about your usage behaviour of this website is usually transferred to a Google server in the USA and stored there. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view Google's certification here.

We have made the setting to anonymise your IP address. IP address anonymisation is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The anonymised IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.

You can see the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via the cookie banner. The user and event data will be deleted after 14 months. The "Reset user data on new activity" function is activated. This means that your data will not be deleted if you visit the site again before the retention period expires.

We use Google Ads with your consent in accordance with Art. 6 para. 1 lit. a) GDPR to show you adverts on websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and other third-party providers.

Our purpose is to show you adverts that are of interest to you and to make our website more interesting for you. With conversion tracking, we can determine how successful the individual advertising measures are. To do this, we use cookies that can be used to measure certain parameters for measuring reach, such as the display of adverts or clicks by users. If users reach our website via a Google advert, Google Ads stores a cookie on the corresponding end device. We only receive aggregated evaluations of user behaviour, on the basis of which we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media.

You can find more information on cookies in the cookie list above.

You can find more information on data protection for Google services at: https://policies.google.com/privacy

Google Enhanced Conversion

As part of Google Ads, we use what is known as enhanced conversion tracking (Google Enhanced Conversion Tracking). This requires consent in accordance with Art. 6 para. 1 lit. a) GDPR.

What does enhanced conversions mean? Enhanced conversions are a function that supplements existing conversion tags. In this context, conversion data collected on our website is sent to Google in encrypted form. When a conversion is carried out on a website, in most cases the data of the person concerned, such as a name, e-mail address or telephone number, is collected. These are recorded and hashed in conversion tracking tags. For this purpose, the data is encrypted by Google using a one-way hash algorithm SHA256. The hash values of the data are then transferred to Google and used to improve our conversion measurement. This means that if you click on an advert placed by Google, a cookie is set for enhanced conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. More information about Google Ads and Google Enhanced Conversion Tracking at https://ads.google.com/intl/en/home/privacy/solutions/enhanced-conversions-for-web/

_ga_* .chatarmin.com 13 months Statistics Used by Google Analytics to collect data on the number of visits a user makes to the website and the dates of the first and last visit.
_ga .chatarmin.com 13 months Statistics Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gcl_au .chatarmin.com 3 months Marketing Saves and tracks conversions

INTEGRATION OF YOUTUBE VIDEOS AND MAP SERVICES

We embed videos on our websites that are not stored on our servers. To ensure that accessing our websites with embedded videos and maps does not automatically result in the third-party provider's content being reloaded, we only display locally stored preview images of the maps in a first step. This means that the third-party provider does not receive any information.

Only after clicking on the preview image or upon granting consent via the cookie consent banner is content from the third-party provider loaded. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR, provided that you have previously given your consent by clicking on the preview image. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view the certification of Google (YouTube) here.

Provider of the video service: Google Ireland Limited/Google LLC (USA) ("YouTube")

Revocation of consent: If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the preview images or revoke your consent for the reloading via the cookie consent banner.

DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS

1. Fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)

The purposes of data processing arise from the implementation of pre-contractual measures and the fulfilment of obligations arising from the concluded contract.

Furthermore, we receive contact details of contact persons in the company who are interested in our services from so-called recommenders and tipsters. These recommenders and tipsters are the origin of your data (Art. 14 para. 2 lit. f) GDPR). For this purpose, we process the following personal data of contact persons: your title, your first and last name, your business email address and, if provided, your business telephone number. The legal basis for this data processing is the initiation of a contract.

CRM

We store and use contact details and information (e.g. business communication histories) that we receive from customers and interested parties in order to process and initiate the business relationship. Processing is carried out on the basis of (pre-)contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR. The provider is Pipedrive OÜ, based in Estonia, with whom we have concluded a data processing agreement in accordance with Art. 28 GDPR. In addition, data protection agreements such as SCC exist between Pipedrive OÜ and Pipedrive's subcontractors insofar as data is transferred to third countries.

Our Pipedrive CRM also stores contact details of contact persons that we receive from specialised third-party providers for lead generation. We collect this data to optimise our sales activities on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. You can object to this data processing at any time.

Specifically, we use the services of the following companies

  • Lusha Systems Inc., based in the USA – Data is transferred on the basis of concluded standard contractual clauses. Further information: https://www.lusha.com/

  • Clay Labs Inc., based in the USA – Data is transferred on the basis of concluded standard contractual clauses. Further information: https://privacy.clay.com/policies

Notion and Notion AI

We use the Notion platform from Notion Labs, Inc., based in the USA, for internal organisation, documentation and collaboration. We also use the Notion AI function. This is an AI-supported extension that is used, among other things, for the automated generation, structuring and summarisation of content.

Insofar as personal data is processed in the context of this use, this is done on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, in particular in increasing the efficiency of internal processes, improving the organisation of collaboration and using modern technologies. The purpose of the processing is to optimise internal workflows, store information in a structured manner and, when using Notion AI, to support the processing and analysis of text-based content.

In the course of use, personal data may be transferred to Notion's (sub)service providers in the USA. The data transfer is based on a concluded data processing agreement in accordance with Art. 28 GDPR and a valid certification of Notion Labs, Inc. under the EU-U.S. Data Privacy Framework (DPF) in accordance with Art. 45 GDPR.

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, insofar as this is based on Art. 6 para. 1 lit. f GDPR (Art. 21 para. 1 GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms.

b) Processing our contracts with customers

To process our contracts, we process master data such as your first and last name, your billing address and your billing and payment data. Payments can also be processed via the payment service provider "STRIPE". We provide this payment method as an additional option to enable simple processing for our customers, e.g. for recurring direct debits. This corresponds to our legitimate interest in offering an efficient and secure payment method and is based on the legal basis pursuant to Art. 6 para. 1 lit. f) GDPR. In this context, we also pass on data to the payment service provider insofar as this is necessary for the fulfilment of the contract (Art. 6 para. 1 lit. b) GDPR). Processing via the payment provider is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via this payment provider. You then have the option of choosing a different payment method.

More information about STRIPE: Stripe Payments Europe, based in Ireland. Data protection at Stripe: https://stripe.com/privacy

AUTOMATED INTERNAL WORKFLOWS

As part of our business relationship, we use automated internal workflows to process recurring tasks efficiently and consistently. These include in particular: the automated assignment of appointments and communication to the correct contact person or organisation in our CRM system, the automated assignment of incoming payments to the respective order or contract, the automated dispatch of payment reminders for overdue invoices and the automated creation of individual payment links for your order.

The legal basis is the fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR and, in addition, our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in efficient, consistent processing.

As part of the automated workflows, we use the processor Make (Celonis Inc.). Make is an automation platform for the technical execution of the described workflows. Celonis Inc. is certified under the Data Privacy Framework.

The data processed in the context of these workflows is stored for the duration of the business relationship and beyond that for as long as statutory retention obligations require; thereafter, it is deleted or anonymised.

CREATION OF TRANSCRIPTIONS AND MINUTES OF ONLINE CONFERENCES

To document online conferences, create transcripts and efficiently record minutes of conferences, we use the Read.AI service provided by Read AI, Inc., based in the USA, with whom we have a data processing agreement and standard contractual clauses.

How can I recognise the use of Read.AI?

A participant with the name "Read.ai Notetaker" or a similar name may indicate that the tool is being used. It appears as a separate participant in the meeting.

What data is processed?

The minutes are created using artificial intelligence (AI). The following data is stored:

User content:

  • Transcriptions, summaries, audio and video recordings
  • Sound bites and any derivatives such as: AI assistant responses
  • Text summaries
  • Extracted audio/video sound bite clips
  • Links/URLs that provide access to these derivatives or the original content

User metadata:

  • Calendar metadata
  • Emails and names of meeting participants
  • Usage logs
  • User settings/configuration.

All user data, including transcripts, recordings, calendar events, emails and settings, is encrypted end-to-end with 256-bit AES encryption for stored data and TLS 1.2 encryption for data in transit, according to Read AI. For more information, please visit https://support.read.ai/hc/en-us/articles/25702259763091-Security-Privacy-Overview#h_01HP4KSHG36RK9J1JQSV0GCZ64

How is data processed?

Transcripts are created by transcribing the audio files of the live video conferences. The transcripts are stored for the duration of the collaboration and thereafter for the duration of the statutory retention periods. The transcripts are then deleted or completely anonymised. All recordings are automatically deleted by the system after one year.

We obtain your consent for the data processing described above by sending you an invitation to the appointment and by your acceptance of the appointment in accordance with Art. 6 para. 1 lit. a) GDPR before Read AI is used for the first time. You can revoke this consent at any time with effect for the future. If you do not want a recording and transcription, please reply to the invitation email and no minutes will be created with Read AI. If you do not provide your data, we will create a manual conversation log.

The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfilment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations and data processing in the context of requests from authorities.

3. For the fulfilment of our legitimate interests (Art. 6 para. 1 lit. f GDPR)

We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data provided by you beyond the actual fulfilment of the contract with business partners. The legitimate interests here are in particular the selection of suitable business partners, the fulfilment of compliance measures, the assertion of legal claims, the defence against liability claims, the prevention of criminal offences and the settlement of claims resulting from the business relationship.

4. Who receives the personal data you provide?

As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is ensured by contract.

5. Storage period

The personal data will be stored for as long as is necessary to fulfil the above-mentioned purposes.

6. Data processing to document compliance with the GDPR

Insofar as your data is processed on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to prove, within the framework of the accountability obligation incumbent on us in accordance with Art. 5 para. 2 GDPR, that you have consented to the data processing in question.

If you assert data subject rights against us under the GDPR, we will also process and store your data in order to be able to prove, as part of our accountability obligations pursuant to Art. 5 para. 2 GDPR, that we have complied with the GDPR when processing your enquiry.

INFORMATION ON DATA PROCESSING IN THE CONTEXT OF VIDEO CONFERENCES VIA GOOGLE MEET

We use the Google Meet tool from Google Ireland Limited to organise telephone conferences, online meetings and video conferences. You will receive access to the agreed appointments via a link provided by e-mail. You can enter the video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the transmission of your video. You are muted by default and you must manually enable your microphone if you wish. If you switch on your camera and/or microphone, this data will be processed during the meeting.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, e-mail address, profile picture)
  • Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, client version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, your personal data may be processed. This also depends specifically on your use, such as use of the chat or the whiteboard. We explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organisation of virtual communication.

Recipients

The provider Google necessarily receives knowledge of the above-mentioned data insofar as this is contractually regulated within the framework of our data processing agreement in accordance with Art. 28 GDPR. There are no other recipients.

We cannot rule out the possibility that data may also be routed via internet servers located outside the EU or the EEA. Google LLC holds a valid certification under the Data Privacy Act as an adequacy decision for the USA.

You are not obliged to communicate with us via Google Meet. Alternatively, you can also communicate by e-mail or telephone.

We generally delete personal data when there is no need for further storage.

OPERATION OF SOCIAL MEDIA PRESENCES

We maintain the following social media presences:

LinkedIn: https://www.linkedin.com/company/chatarmin-com/

YouTube: https://www.youtube.com/@chatarmin

Instagram: https://www.instagram.com/chatarmin/

TikTok: https://www.tiktok.com/@chatarmin.company

X: https://x.com/chatarmin

In addition to the accounts listed here, selected employees of chatarmin.com GmbH maintain profiles on LinkedIn.

"LinkedIn" is operated by the European subsidiary LinkedIn Ireland Unlimited Company, registered in Ireland. The parent company LinkedIn Inc. is headquartered in the USA.

Data processing by us:

We use the Wonderlink service of Seyffert mit Himmelspach GmbH, Boppstraße 10, 10967 Berlin, Germany, to provide a central overview page with links to our online offerings.

When you access our Wonderlink page, technical information is processed by Wonderlink, in particular the IP address, information on the device and browser used, and usage data in connection with the use of the links provided. The processing is carried out to provide the page, to ensure the security and stability of the service and to analyse usage. The use of Wonderlink is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in providing a user-friendly and clear overview of our online offerings.

Further information on data processing by Wonderlink can be found in the provider's privacy policy at https://www.wonderlink.de/datenschutz

b. Maintaining the above-mentioned social media pages and placing ads ("adverts")

The personal data entered on social media pages, such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place adverts ("Ads") via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

c. Page Insights

The social media platforms provide anonymised statistics and insights that help us gain knowledge about the types of actions people take on our page (so-called "Page Insights"). These Page Insights are created based on certain information about people who have visited our page.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our pages.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint controllership, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

Instagram: https://www.facebook.com/legal/terms/page_controller_addendum

TikTok: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address.

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy

Instagram: https://help.instagram.com/155833707900388

TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en

X: https://x.com/en/privacy

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries have been granted a so-called adequacy decision by the European Commission. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certifications under the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram), LinkedIn and Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can hardly influence the web tracking methods of the social media platform. For example, we cannot switch them off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

DATA PROCESSING IN THE CONTEXT OF APPLICATION PROCEDURES

You can send us your application documents by e-mail for the purpose of receiving and managing the application and thus for the purpose of (possibly) establishing an employment relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. As part of the application process, we only collect the data from you that is necessary to establish the employment relationship with us.

Within our company, only those persons involved in the decision-making process will have access to your personal data. We store your data in applicant management software provided by our processor JOIN Solutions GmbH, based in Germany. We have concluded a data processing agreement with Join Solutions GmbH in accordance with Art. 28 GDPR.

If your application is successful, your personal data will be stored for the duration of your employment relationship. After termination of the employment relationship, your tax-relevant data will be archived in accordance with the statutory retention periods. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

RIGHTS OF DATA SUBJECTS

In accordance with Art. 15 para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the interests of the data subject in objecting.

If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint can be lodged with a supervisory authority in the EU member state of your place of residence, place of work or place of the alleged infringement.

Contact details of the competent data protection authority in Austria: [email protected]

NO AUTOMATED DECISION-MAKING

We do not carry out automated decision-making or profiling.

PROVISION

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

This data protection notice was created in cooperation with the consulting firm SCALELINE. The legal texts are subject to copyright.