Data policy


The web app talkingco.de is a service provided by Dr. Lukas Twardon. I take the protection of your data seriously. I treat personal data as confidential and in accordance with the law. This data policy explains what happens to your data when you use the web app or visit the website.


Data controller

The data controller according to Art. 4(7) EU General Data Protection Regulation (GDPR) is

Dr. Lukas Twardon
Dammwiese 23
33613 Bielefeld
Germany

Phone: +49 521 94594201
E-Mail: mail@talkingco.de


How your data is processed

When you use talkingco.de, data collection is minimized. The web app collects and processes data from its users when necessary to provide the service. In addition, personal data may be processed if the data processing is necessary for financing, securing, or improving the service, or if required by law, or if you give your consent. Some of the data are stored permanently until you delete them. Other data will be stored on the server only for a limited period of time and then automatically deleted (see How long your data is stored on the server).


Accounts

Accounts on talkingco.de consist of a valid email address and a password. When you sign up for a subscription, you will also receive a customer ID. The password is not stored in plain text, but only as a hash value on the server. The email address is used in connection with various app functions, in particular, for verification of the account, password recovery, to send you the customer ID, to inform you about changes to the terms of use (if necessary), or in case of violation of the terms of use. The email address will also be shared with the service provider Stripe for payment and billing purposes when you sign up for a subscription (see Payment and billing information). If you do not have an active subscription (anymore), you can delete your account at any time on the account management page.


Content you create

Registered users can create their own AR holograms on talkingco.de. For this purpose, the following data are stored on the server: The uploaded and processed hologram video, an ID for code creation, the time it was created, an internal name, a web link with call-to-action (if specified), and the number of views (PRO and ENTERPRISE members only). The AR holograms can be viewed by all users who scan the respective code.


Payment and billing information

For payment processing and invoicing, I cooperate with the payment service provider Stripe (Stripe, Inc. or Stripe Payments Europe Limited). When you sign up for a subscription, your email address is shared with Stripe. All other information you provide on the payment site will be collected by Stripe. I have very limited control over how Stripe processes your data. For data transfers to the U.S., Stripe relies on model contract clauses which have been approved by the European Commission as a means of ensuring adequate protection when transferring data outside of the EU. For more information, please visit https://stripe.com/privacy. Invoices are subject to a statutory retention period of up to 10 years.


Log files and session data

The website talkingco.de is hosted by an external service provider (Hetzner Online GmbH) whose certified data centers are located exclusively within the EU. In the hoster's log files, the anonymized IP address of the user, the browser used (if transmitted), the operating system used, and the time of the request are stored. In order to ensure data protection-compliant processing, a data processing agreement (DPA) has been concluded with the hoster. In addition to the hoster's log files, session data are stored, in particular, the ID of the logged-in account, a session ID, and the time and frequency of server requests.


How long your data is stored on the server

The table below provides an overview of how long the data detailed above are stored on the server. Also, backups of the data are created and stored for 14 days.

Type of data Duration
Accounts permanently or until deleted by the user
AR holograms permanently or until deleted by the user
Invoices 10 years
Log files permanently
Session data until logout or up to 2 days

Cookies

Cookies are small text files that are temporarily stored on your device when you visit a website and enable the identification of the web browser when you visit it again. The talkingco.de web app only uses the following strictly necessary cookies: a session cookie, a cookie to save your language settings, a cookie that saves whether you have given permission to use the camera, and a cookie that saves whether an unsupported browser should be used.


Encrypted transmission

All data are transmitted via HTTPS which uses TLS encryption. This means that data sent from your device to the server or vice versa cannot be read by third parties.


App permissions

The web app requires permission to use the camera (to scan codes, display, and create AR holograms) and to record audio (to create AR holograms) in the user's web browser. You grant these permissions at runtime. The camera images and audio recordings never leave your device unless you explicitly upload them.


Email communication

When you send a message to mail@talkingco.de, it may be stored in order to process it, to improve the service and support, or to contact you.


Social media pages

The data controller according to the GDPR for the Pinterest, Youtube, and Facebook pages of talkingco.de is the respective provider, i.e., Pinterest Europe Limited, Google Ireland Limited, or Facebook Ireland Limited, together with me. Data processing in connection with the social media pages is carried out in accordance with Art. 6(1) f GDPR based on my legitimate interest in communication and public relations. Your data (e.g., comments, postings, likes, pictures, or videos) are published by the respective provider. I do not use this data for other purposes. I may share your posts on the respective platform if this feature is available. I also reserve the right to delete content from my social media pages if possible and necessary. Pinterest, Youtube, and Facebook use cookies and similar technologies. For data transfers to the U.S., the providers rely on model contract clauses which have been approved by the European Commission as a means of ensuring adequate protection when transferring data outside of the EU. I have very limited control over how Youtube and Facebook process your data. For more information, please visit https://policy.pinterest.com/privacy-policy, https://policies.google.com/privacy, or https://facebook.com/privacy/explanation.


Your rights

According to the EU General Data Protection Regulation (GDPR), you have the following rights as a data subject:


Changes to the data policy

I reserve the right to change this data policy. The current version is always available on the website.

Last modified: 07/04/2023