Data policy
The web app talkingco.de is a service provided by Dr. Lukas Twardon. I take the protection of your data seriously. I treat personal data as confidential and in accordance with the law. This data policy explains what happens to your data when you use the web app or visit the website.
Data controller
The data controller according to Art. 4(7) EU General Data Protection Regulation (GDPR) is
Dr. Lukas Twardon
Dammwiese 23
33613 Bielefeld
Germany
Phone: +49 521 94594201
E-Mail: mail@talkingco.de
How your data is processed
When you use talkingco.de, data collection is minimized. The web app collects and processes data from its users when necessary to provide the service. In addition, personal data may be processed if the data processing is necessary for financing, securing, or improving the service, or if required by law, or if you give your consent. Some of the data are stored permanently until you delete them. Other data will be stored on the server only for a limited period of time and then automatically deleted (see How long your data is stored on the server).
Accounts
Accounts on talkingco.de consist of a valid email address and a password. When you sign up for a subscription, you will also receive a customer ID. The password is not stored in plain text, but only as a hash value on the server. The email address is used in connection with various app functions, in particular, for verification of the account, password recovery, to send you the customer ID, to inform you about changes to the terms of use (if necessary), or in case of violation of the terms of use. The email address will also be shared with the service provider Stripe for payment and billing purposes when you sign up for a subscription (see Payment and billing information). If you do not have an active subscription (anymore), you can delete your account at any time on the account management page.
Content you create
Registered users can create their own AR holograms on talkingco.de. For this purpose, the following data are stored on the server: The uploaded and processed hologram video, an ID for code creation, the time it was created, an internal name, a web link with call-to-action (if specified), and the number of views (PRO and ENTERPRISE members only). The AR holograms can be viewed by all users who scan the respective code.
Payment and billing information
For payment processing and invoicing, I cooperate with the payment service provider Stripe (Stripe, Inc. or Stripe Payments Europe Limited). When you sign up for a subscription, your email address is shared with Stripe. All other information you provide on the payment site will be collected by Stripe. I have very limited control over how Stripe processes your data. For data transfers to the U.S., Stripe relies on model contract clauses which have been approved by the European Commission as a means of ensuring adequate protection when transferring data outside of the EU. For more information, please visit https://stripe.com/privacy. Invoices are subject to a statutory retention period of up to 10 years.
Log files and session data
The website talkingco.de is hosted by an external service provider (Hetzner Online GmbH) whose certified data centers are located exclusively within the EU. In the hoster's log files, the anonymized IP address of the user, the browser used (if transmitted), the operating system used, and the time of the request are stored. In order to ensure data protection-compliant processing, a data processing agreement (DPA) has been concluded with the hoster. In addition to the hoster's log files, session data are stored, in particular, the ID of the logged-in account, a session ID, and the time and frequency of server requests.
How long your data is stored on the server
The table below provides an overview of how long the data detailed above are stored on the server. Also, backups of the data are created and stored for 14 days.
Type of data | Duration |
---|---|
Accounts | permanently or until deleted by the user |
AR holograms | permanently or until deleted by the user |
Invoices | 10 years |
Log files | permanently |
Session data | until logout or up to 2 days |
Cookies
Cookies are small text files that are temporarily stored on your device when you visit a website and enable the identification of the web browser when you visit it again. The talkingco.de web app only uses the following strictly necessary cookies: a session cookie, a cookie to save your language settings, a cookie that saves whether you have given permission to use the camera, and a cookie that saves whether an unsupported browser should be used.
Encrypted transmission
All data are transmitted via HTTPS which uses TLS encryption. This means that data sent from your device to the server or vice versa cannot be read by third parties.
App permissions
The web app requires permission to use the camera (to scan codes, display, and create AR holograms) and to record audio (to create AR holograms) in the user's web browser. You grant these permissions at runtime. The camera images and audio recordings never leave your device unless you explicitly upload them.
Email communication
When you send a message to mail@talkingco.de, it may be stored in order to process it, to improve the service and support, or to contact you.
Social media pages
The data controller according to the GDPR for the Pinterest, Youtube, and Facebook pages of talkingco.de is the respective provider, i.e., Pinterest Europe Limited, Google Ireland Limited, or Facebook Ireland Limited, together with me. Data processing in connection with the social media pages is carried out in accordance with Art. 6(1) f GDPR based on my legitimate interest in communication and public relations. Your data (e.g., comments, postings, likes, pictures, or videos) are published by the respective provider. I do not use this data for other purposes. I may share your posts on the respective platform if this feature is available. I also reserve the right to delete content from my social media pages if possible and necessary. Pinterest, Youtube, and Facebook use cookies and similar technologies. For data transfers to the U.S., the providers rely on model contract clauses which have been approved by the European Commission as a means of ensuring adequate protection when transferring data outside of the EU. I have very limited control over how Youtube and Facebook process your data. For more information, please visit https://policy.pinterest.com/privacy-policy, https://policies.google.com/privacy, or https://facebook.com/privacy/explanation.
Your rights
According to the EU General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Right of access: You have the right to obtain from me as the controller access to personal data concerning you and further information as per Art. 15 GDPR.
- Right to rectification: You have the right to obtain from me the rectification or completion of personal data concerning you that is inaccurate or incomplete.
- Right to erasure: You have the right to obtain from me the erasure of personal data concerning you if one of the grounds referred to in Art. 17 GDPR applies.
- Right to restriction of processing: You have the right to obtain from me restriction of processing if one of the conditions referred to in Art.18 GDPR applies.
- Right to be informed: You have the right to obtain from me the communication of any rectification, erasure, or restriction of processing of personal data concerning you to each recipient to whom personal data have been disclosed, unless this is impossible or involves disproportionate effort. You also have the right to obtain from me information about these recipients.
- Right to withdraw your consent: You have the right to withdraw your consent to the processing of your personal data at any time.
- Right to data portability: You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller.
- Right to object: You have the right to object at any time to the processing of personal data concerning you which is based on Art. 6(1) e or f GDPR.
- Right to object to automated processing You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
Changes to the data policy
I reserve the right to change this data policy. The current version is always available on the website.
Last modified: 07/04/2023