Privacy policy
With this data protection declaration, we would like to inform you in accordance with Art. 13 of the General Data Protection Regulation (GDPR) about how our company processes personal data, as well as inform you about your rights. The processing of your personal data by us is carried out in compliance with the GDPR, as well as all other applicable data protection regulations. The terms used, such as "user", are to be understood as gender-neutral.
I. Name and contact details of the responsible person
Pink Internet GmbH
Boxhagener Strasse 71E
10245 Berlin
E-mail: hello@femtasy.com
Contact details of the data protection officer: datenschutz@femtasy.com
II. Definitions
This privacy policy uses the terms of the GDPR.
III. Categories of personal data
We collect and process the following personal data about you: (i) inventory data and contact information (e.g. names and contact addresses), if you provide us with your contact information, (ii) contract data (e.g. services used or tariffs), if a contract exists, (iii) usage data (e.g. the web pages visited on our online offer, interest in our products), (iv) content data (e.g. entries in the contact form or user profile), if you provide us with content, (v) payment information, (vi) as well as personal data on education and professional experience for application procedures, (vii) date of birth and marital status.
IV. Processing purposes
We process your data for one or more of the following purposes:
- for the contact you have requested,
- to process or initiate contracts with you,
- for advertising purposes ,
- for statistical evaluations and analysis, and/or
- for the security of our website (log files);
V. Legal basis of the data processing
Your data is processed in accordance with the following legal bases: your consent in accordance with Art. 6 Para. 1 lit. a) GDPR or, if applicable, Art. 9 Para. 2 lit. a) GDPR, for the performance of a contract with you in accordance with Art. 6 Para. 1 lit. b) GDPR, for the fulfilment of legal obligations in accordance with Art. 6 Para. 1 lit. c) GDPR or for a legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR.
The legal basis for processing your data in accordance with the stated processing purposes is:
- Contact: If you wish to contact us, for example via an e-mail message or through our contact form, the legal basis is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in fully processing your contact. Since you are contacting us, we assume that there are no interests on your part that conflict with our processing of your request. If the contact is aimed at the conclusion of a contract or the fulfilment of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. If consent has been given, the legal basis for the processing of the contact is Art. 6 para. 1 lit. a) GDPRor, if applicable, Art. 9 para. 2 lit. a) GDPR.
- Contracts: The legal basis for the processing of your personal data for the execution or initiation of contracts is Art. 6 para. 1 lit. b) GDPR. This includes the processing of your user account data, unless another described processing purpose (and the corresponding legal basis) applies and is relevant. In the context of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action: This storage is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, as well as the interest of the users in protection against misuse and other unauthorised use cases. If we process sensitive data for the performance of the contract, the legal basis for the processing is your consent in accordance with Art. 9 (2) a) GDPR. In addition, we also process your data in accordance with the statutory provisions, such as those arising from tax law. This type of processing is lawful according to Art. 6 para 1 lit. c) GDPR. In the case of applications that do not lead to a contractual relationship, we have a legitimate interest, pursuant to Art. 6 (1) (f) GDPR, to keep track of the application data for a limited period of time in order to enforce our legal claims or defend ourselves against lawsuits.
- Advertising purposes: We process your personal data for advertising purposes if we have your consent pursuant to Art. 6 (1) a) GDPR. This is, among other things, the case of newsletters. When sending our newsletter, technical success measurements take place, for example, to track whether, when and from which IP address messages were read. In some cases, the processing of your personal data may take place due to our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in advertising our products, for example if you are an existing customer of our company (see also recital 47 GDPR and § 7 UWG). In these cases, we process usage and content data for advertising purposes in a user profile, for example, in order to display product information to the user based on the services used to date.
- Statistical evaluations and analysis: We process your personal data for statistical evaluations and analysis of our website (for example, via cookies and other technologies) as well as our services if we have your consent pursuant to Art. 6 (1) a) GDPR. Due to the necessity of accounting, an indirect statistical evaluation of your personal data could occur due to a legal obligation (Art. 6 para. 1 lit. c) GDPR). Furthermore, a processing of your data could take place for the purpose of statistical evaluation of the key figures of our economic activity. This represents a legitimate interest of our company according to Art. 6 para. 1 lit. f) GDPR, as it enables us to carry out financial planning and allocate economic resources.
- Security of our website: Each time our website is accessed, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored are the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. These log file data records are evaluated in order to protect our website against attacks, to find and correct errors and to control the utilisation of servers. This is also our legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
VI. Legitimate interests
Unless otherwise stated in this privacy policy and if we base the processing of your personal data on legitimate interests pursuant to Art. 6 (1) lit. f) GDPR, such interests are the protection against misuse, the enforcement of our legal claims, the adaptation of our offer and the processing of enquiries that arise.
VII. Data sources
We obtain the data from you (including via the devices you use) and you only. If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it is from publicly available sources.
VIII. Recipients or categories of recipients of the personal data
When processing your data, we work together with service providers who have access to your data. Possible recipients of your personal data are: (i) software companies that enable us to provide our services, help us to improve them and/or serve us for marketing purposes (for example, to send newsletters, emails, manage customer contacts or applications); (ii) public bodies and administrations, insofar as we are legally obliged to do so; (iii) payment service providers; (iv) hosting providers; (v) social media platforms; (vi) service companies, such as tax advisors or lawyers.
For the purpose of fulfilling the contract, we may also transfer your personal data to anyone to whom we assign rights arising from the contractual relationship with you.
Some of the recipients of your personal data are:
Algolia
We use Algolia to optimize our internal search function. Personal data may be disclosed in the process. We use the aforementioned services to optimize our search results.
https://www.algolia.com/policies/privacy/
Chargebee
We use Chargebee to process payments. Personal data may be passed on in the process. We use the above services to sell our services online.
https://www.chargebee.com/privacy/
Facebook & Instagram
We integrate content from Facebook on our website. Personal data may be passed on in the process. The integration of content serves us for analysis, optimisation and advertising purposes. We also operate a profile on Facebook and Instagram.
https://www.facebook.com/about/privacy
https://help.instagram.com/519522125107875
Google Ireland Limited
We include Google services on our website to (i) analyse the use of our website, (ii) manage tags, (iii) and for other analysis, optimisation and advertising purposes. In doing so, personal data may be passed on to Google. We use the aforementioned services to (i) understand the use of our website and (ii) to manage analysis tools (Google Tag Manager).
https://policies.google.com/privacy?hl=de
Hotjar
We integrate services from Hotjar on our website. In doing so, personal data may be passed on to Hotjar. We use these services to analyse the use of our website.
https://www.hotjar.com/legal/policies/privacy/
insic GmbH
We use technology from insic GmbH, Bei der Doppeleiche 3, 22926 Ahrensburg ("insic") to carry out the age verification. The integration of insic takes place via a server call within the EU.
https://insic.de/datenschutzbestimmungen
Klaviyo
We integrate services from Klaviyo on our website. Personal data may be passed on in the process. The integration of Klaviyo is used for analysis, optimisation and advertising purposes.
https://www.klaviyo.com/legal/privacy-policy
Linkster
We use the services of Linkster GmbH. Personal data may be passed on in the process. We use the aforementioned services to measure and visualise insights into partnerships and advertising channels. This is a function to measure the efficiency of the corresponding advertising measures.
https://linkster.co/privacy-policy/
Matomo
We use the services of Matomo (InnoCraft Ltd). Personal data may be passed on in the process. We use these services to analyse the use of our website.
https://matomo.org/matomo-cloud-privacy-policy/
PayPal
We use PayPal to process payments. Personal data may be passed on in the process. We use the above services to sell our services online.
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
We integrate content from Pinterest on our website in order to display personalised advertisements on this platform and to carry out a corresponding measurement of success. Personal data may be passed on in the process.
https://policy.pinterest.com/de/privacy-policy
Segment
We integrate services from Segment on our website. Personal data may be passed on in the process. The integration of Segment is used for analysis, optimisation and advertising purposes.
https://www.twilio.com/legal/privacy
Snapchat
We integrate content from Snapchat on our website. Personal data may be passed on in the process. The integration of content is used for analysis, optimisation and advertising purposes.
https://www.snap.com/en-US/privacy/privacy-center
Stripe
We use Stripe to process payments. Personal data may be passed on in the process. We use the above services to sell our services online.
Taboola
We include content from Taboola on our website. Personal data may be passed on in the process. The integration of content is used for analysis, optimisation and advertising purposes.
https://www.taboola.com/policies/privacy-policy
Typeform
We use services from Typeform to manage forms. Personal data may be passed on in the process. We use these services to provide complete and user-friendly products and processes.
https://admin.typeform.com/to/dwk6gt(select "Privacy Policy")
IX. International data transfers
There is a transfer of data to third countries outside the European Union or the European Economic Area. Information we collect from you could be processed in the United States or other third countries. Some third countries, such as the United States, have not currently received an adequacy decision from the European Union under Article 45 of the GDPR, which means that your data may not receive the same level of protection there as it does under the GDPR.
International data transfers usually take place on the basis of contractual or other regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request. In doing so, we rely on the provisions set out in Article 49 of the GDPR or, where applicable, on safeguards pursuant to Article 46 of the GDPR. We and our processors aim to apply appropriate safeguards to protect the privacy and security of your personal data. Therefore, we only process your personal data in accordance with the practices described in our Privacy Policy.
X. Storage period
We store your personal data only as long as it is necessary to achieve the purpose of processing. We store your data if you have consented to the processing at most until you revoke your consent, if we need the data to perform a contract at most as long as the contractual relationship with you exists, if we use the data on the basis of a legitimate interest at most as long as your interest in deletion or anonymisation does not prevail.
In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. In these cases, the data is deleted when a storage or retention period prescribed by the aforementioned standards expires. Among others, the provisions of the HGB and the AO apply.
We store applicant documents for a period of six months if the application does not lead to an employment relationship and no further storage has been agreed. This period results from possible lawsuits against the responsible person according to the General Equal Treatment Act (AGG).
We store server log files for a maximum of seven days.
XI. Your rights
As a data subject, you may have the right under applicable data protection law to:
Information, in accordance with Art. 15 of the GDPR,
Rectification, in accordance with Art. 16 of the GDPR,
Data erasure ("right to be forgotten"), in accordance with Art. 17 of the GDPR,
Limitation of processing, pursuant to Art. 18 GDPR,
Data portability, in accordance with Art. 20 GDPR and/or
Objection to the processing, pursuant to Article 21 of the GDPR.
Information on the right to object pursuant to Art. 21 (4) GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Revocation of consent
You also have the right to withdraw consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
XII. Right of appeal to a supervisory authority
Pursuant to Article 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR or other data protection provisions. This right of appeal is without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information
Address: Alt-Moabit 59-61, 10555 Berlin
Telephone: +49 (0) 30 13889-0
Fax: +49 (0) 30 2155050
E-mail: mailbox@datenschutz-berlin.de
XIII. Requirement or obligation to provide data
Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal requirements or contractual regulations. Failure to provide required personal data generally results in a contract not being able to be concluded and/or in us not being able to provide a requested service. Our employees will clarify on a case-by-case basis whether the provision of personal data is required by law or contract or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.
XIV Automated decisions
We do not use automated decision-making mechanisms, including profiling, that have legal effect on the data subject or similarly significantly affect the data subject.
XV. Data security
We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. The security measures include in particular the encrypted transmission of data between your browser and our server.
XVI Cookies and similar technologies
Our website uses cookies and similar technologies.
Similar technologies are technical aids that enable, for example, the identification of visitors and users or the evaluation of the use of our website without being a cookie, such as tracking pixels or LocalStorage.
Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. Cookies contain a characteristic string of characters that can uniquely identify the browser when the website is called up again, and are stored on your end device either temporarily for the duration of a session (session cookies), for a certain period of time (temporary cookies) or permanently (permanent cookies).
Session cookies are automatically deleted at the end of your visit. Temporary cookies are deleted after a certain period of time. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies and similar technologies from third-party companies may also be stored or triggered on your terminal device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies to store information about the source from which a user has come to our website).
Technically necessary cookies and technologies are those without which our website cannot function and be used. This category only includes cookies and technologies that provide basic functionality, display and security features of the website or consent to technically unnecessary cookies and technologies (cookie banners). Technically necessary cookies and technologies can be set without the user's consent.
Non-essential cookies and technologies are all cookies and technologies that are not necessary for the pure functionality, presentation and security of the website. This includes function cookies, which for example enable a customer chat, and in particular such cookies and technologies that serve the collection and processing of personal data of the user, such as statistics, performance, marketing and analysis cookies. Non-essential cookies and technologies (for example, cookies for marketing, advertising, statistical, performance or analytics purposes) require your prior, informed consent.
We request your consent via our cookie banner when you visit our website. If you consent to the use of cookies and technologies, we and, if applicable, third parties process the data collected via this on the basis of your consent, Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. You can revoke your consent at any time via our website function "Manage consent preferences" with effect for the future. In this case, the use of the cookies and technologies concerned will be stopped by us immediately. The lawfulness of the processing carried out on the basis of your consent until your revocation remains unaffected by this.
The legal basis for the processing of personal data when technically necessary cookies and technologies are used is the legitimate interest of the website operator in a technically error-free, secure and visually appealing provision of the website and its functions, Art. 6 para. 1 lit. f GDPR. The legal basis for the storage and the processing of personal data in the case of the use of technically unnecessary first-party cookies and in the case of the use of any third-party cookies is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TTDSG.
You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Depending on the browser used, you may also be able to set your browser so that you are informed about the setting of cookies, that cookies are only permitted in individual cases, that the acceptance of cookies is excluded for certain cases or in general and/or that cookies are automatically deleted when the browser is closed. Cookies that have already been stored can also be deleted at any time via the browser settings. However, if cookies are deactivated for the website, it may no longer be possible to use all the functions of the website to their full extent.
Insofar as cookies and similar technologies are used by third-party companies or for purposes requiring consent, you will be informed separately about the respective processing activities, purposes and bases within the scope of this data protection declaration and through our cookie policy about the cookies used in each case, how they work and how long they are stored.
We use the services of CookieHub. Personal data may be disclosed in the process. We use these services to allow you to refuse or accept our cookies.
https://www.cookiehub.com/privacy-policy
XVII Use of Social Media Plug-Ins
We also advertise our presence on the following social networks on our website:
- Instagram - Social network of Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA "Facebook")"), which is operated in Europe by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).
- Tik Tok - social network of ByteDance Ltd. (Room 503 5F Building 2 43 North Third Ring West Road Beijing, 100086 China), which is operated in Europe by TikTok Germany GmbH (Stralauer Allee 2 10245, Berlin, Germany).
The integration takes place via a text link or a linked graphic of the network. The use of these links prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media application is called up. The user is only forwarded to the service of the social network by clicking on the corresponding link.
After the user has been forwarded, information about the user is collected by the social network. It cannot be ruled out that the data collected in this way will be processed in the USA. The responsible party has no influence on the processing that takes place under the responsibility of the respective social network.
The data processed in this context is initially personal data such as IP address, date, time and page visited. If the user is also logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information may be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out of his/her account before clicking on the graphic link provided on our website. In addition, it is possible to configure the respective user account accordingly.
The legal basis for the integration of the links on our website is our legitimate interest in the promotion and visibility of our social media presences, Art. 6 para. 1 lit. f GDPR. A conflicting interest on your part is not apparent.
Please note: If you click on the respective link, you will be redirected to the website of the relevant social network. As a result of this redirection, your personal data may be transferred to servers in the USA despite the fact that any network subsidiaries are located in Europe. The United States of America is currently classified as an unsafe third country, i.e. as a third country with regard to which neither an adequacy decision pursuant to Article 45 of the GDPR exists nor a comparable level of protection can be assumed. With the transmission of your data, both the network operator and, if applicable, US authorities have access to the transmitted data.
The respective network operator may link your data with other data, such as your personal accounts, the usage data of other devices and all other data that the respective network operator has about you, and may also pass on your personal data to third parties. In addition, U.S. authorities may gain access and process your data without notice or notification to you (during and even after the processing is completed) or without providing you with comparable legal remedies and data subject rights. Unfortunately, we have no influence on the processing by the respective network operator and US authorities.
Further information on the respective data protection provisions of the social networks can be found under the following links.
- Instagram: https://privacycenter.instagram.com/policy
- Tik Tok: https://www.tiktok.com/legal/page/eea/privacy-policy/en
XVIII Status of this Privacy Policy & Changes
We reserve the right to change this privacy policy at any time with effect for the future.
Status: 29 March 2023
