Privacy policy

1. Introduction

Please read this Privacy Policy (“Privacy Policy”) before using our Service including the Website, Widget and API (as defined below), referred to collectively as the “Service”. This Privacy Policy governs the types of information and data we collect and how we use and share this information. Your access to and use of the Service are available for your use only on the condition that you agree to the Terms of Service available under the following address: https://staging.chathero.ai/terms (“Terms of Service”) which include the terms of the Privacy Policy set forth below. Chathero (“Company”) operates the Service.We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service.

2. Data protection officer

The person responsible for data processing on our online offer within the meaning of the General Data Protection Regulation (DSGVO) is:

Chathero UG represented by the managing director Martin Burst Elsässersstr. 24 81677 München

Contact details of our company data protection officer: info@chathero.ai

3. Data collection when visiting our online offer

Already the visit of our internet pages (without registration) leads on our server automatically to the anonymized collection of the following data:

  • shortened IP address,
  • date/time/time zone of access,
  • access status,
  • access type,
  • protocol type,
  • type and number of pages accessed on our site,
  • name and size of the accessed files,
  • source website,
  • web browser used,
  • operating system used

4. Contact forms

On our website, we have provided an online form that you can use to contact us electronically. The form requires your first and last name, e-mail address and telephone number. We need this information to process your request. In addition, it is also possible to contact us by e-mail at any time. Contacting us is always voluntary.

We process this data exclusively for the purpose of responding to your request or for the desired contact with you and the associated technical administration. The legal basis for this processing is Art. 6(1)(b) DSGVO, because we need the aforementioned data to initiate, implement or terminate a contractual relationship with you.

Your inquiry is received by our internal customer service.

We do not transfer your requests to third countries or organizations outside the EU.

After processing your request, we delete the data relating to your contact immediately, but no later than seven days after completion of the request. This storage period may conflict with legal retention periods, e.g. if your inquiry is related to a contract or warranty or guarantee processing. In this case, we store your inquiry beyond the expiration of seven days only for the purpose of fulfilling the statutory retention obligations (Art. 6(1)(c) DSGVO). In this case, we will delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. Upon expiry of this retention period, we will delete this data immediately without you having to request us to do so.

The aforementioned non-personal information is automatically collected through the ordinary operation of our Internet services. A combination of this usage data about the visit of our pages with the personal data provided via the registration mask does not take place. For us, any personal reference to the usage data is excluded.

We use the above data for the purpose of troubleshooting, to compile statistics and to measure the activities on the website, with the aim of increasing the usefulness of our offer for you. This also constitutes a legitimate interest, so that data processing is justified under Art. 6(1)(f) DSGVO.

Only our IT administrator has access to this data for the above-mentioned purposes.

We only record the aforementioned data for the period of use; once use has ended, the data is deleted immediately, but at the latest after seven days.

Via so-called cookies and web analytics services, we receive information as soon as your web browser opens our pages. These identifiers support various service functions of our website and are automatically transmitted via your web browser to the hard drive of your computer or other mobile devices. You can prevent this function by setting your browser accordingly. In this case, however, a personalized service is not possible. In these cases, your anonymized IP address may also be transmitted to the USA. You can find more information about the cookies and web analytics tools we use below under the heading "Notes on the use of cookies and tools".

5. Contact forms data processing when registering to open a customer account

You have the option of registering as a customer on our pages. We process this data exclusively for the execution of the contract concluded with you on the use of our online offer or for the processing of purchases. This data processing is justified according to Art. 6(1)(b) DSGVO.

All information provided is voluntary. To process the order based on the purchase contract concluded with you, we require at least those data that are marked with an asterisk (*) in the registration form.

Access to this data is given internally to our customer service and marketing departments, IT only for troubleshooting or system maintenance. The accounting department receives the reports required for tax processing.

We do not transfer your inquiries to third countries or organizations outside the EU.

Deletion of your customer account is possible at any time. You can make the deletion yourself or send us a message to the above address.

After complete processing of the contract for a guest account or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved by us, about which we will inform you accordingly. If you are registered with us as a customer, we will block all details of purchases made more than three years ago in the purchase history and delete them at the latest after 10 years from the date of purchase. You can give us your consent to show you in the purchase history data on purchases made more than three years ago, but not more than 10 years ago. We will delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. Upon expiry of this retention period, we will immediately delete this data without you having to request us to do so.

6. Notes on the use of cookies

6.1 Which cookies do we use?

By type, we divide the cookies we use into the following classes: necessary cookies, function, analysis & statistics and advertising & marketing. Necessary cookies enable you to use our online offer (so-called session cookies). If this cookie is switched off, it is not possible to call up our pages. The authentication cookie gives you access to the log-in area. Without this cookie, neither registration nor access to the log-in area is possible. These session cookies are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies).

Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (so-called persistent cookies). Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. We use a so-called retargeting cookie for advertising purposes. This enables us to display advertising offers of interest to you outside of our offers on the Internet. You can find more details in the following overview of the cookies used.

Most of the cookies we use do not store any information that identifies or makes you identifiable as a person. Rather, these cookies provide us with general and anonymized information about the visitors to our online offers, the offers called up, the browsers and operating systems used, and the cities from which our visitors come. We record the IP address only in abbreviated form and in such a way that individual recognition and assignment is not possible.

In part, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6(1)(b) DSGVO for the performance of the contract with you.

Insofar as we collect data with cookies, this is done on the one hand to gain knowledge for the optimization of the functionalities and contents of our online offer. With such functional cookies, we pursue a legitimate interest (Art. 6(1)(f) DSGVO), because it allows us to technically adapt our offer to meet your needs and makes it easier for you to call up our pages. On the other hand, we use cookies to measure how successful our online advertising measures are. We can also use statistical data to identify malfunctions and to track the calculation of advertising costs to us. We only carry out this processing if you have given us your consent for the use of these cookies for analysis & statistics or for advertising & marketing (Art. 6 para. 1 letter a DSGVO). Once you have given your consent, you can revoke it at any time with effect for the future. Until the revocation, the data processing remains permissible.

6.3 Use of cookies from third-party providers on?

We sometimes work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your terminal device when you visit our online offers (third-party cookies). The information on the use of such cookies and the scope of the data collected in each case can be found in more detail below. We use some cookies or tools because they are necessary for us to provide you with our online offer. In this case, the legal basis for the processing is the usage contract concluded with you (Art. 6 (1) (b) DSGVO) or our legitimate interest, insofar as no conflicting interests are apparent and there is also no objection (Art. 6 (1) (f) DSGVO). We use all other cookies exclusively on the basis of your consent (Art. 6 para. 1 letter a DSGVO).

The cookies we use from third party providers partly lead to data processing in the USA. In this case, too, we use the cookies only with your consent (Art. 6 para. 1 letter a DSGVO). While these providers (e.g. Google, Facebook) have committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic data transfers agreed upon by the European Commission and the United States (IMPLEMENTING COMMISSION DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection afforded by the EU-US Privacy Shield (notified under document number C(2016) 4176)). In addition, these providers are registered with the U.S. Department of Commerce's Privacy Shield program. However, the European Court of Justice has declared this agreement invalid and found that the U.S. does not have a level of data protection comparable to the EU (ECJ, judgment of July 16, 2020 - C-311/18, para. 200, Facebook v. Schrems II). The laws of the U.S. give various security authorities unlimited surveillance powers, including through the use of surveillance programs that make mass collection and analysis of data possible. U.S. providers are obliged under national laws to grant the security authorities access to the data they process, even if it is processed at a foreign company. By granting consent, there is a risk that the data collected via cookies will become part of mass surveillance in the USA. No legal remedy or efficient judicial procedure is available against such surveillance in the USA.

7. Web analytics services

7.1 Google Analytics

We use the web analytics service Google Analytics in our online offer after consent has been granted. This service is in the EU, the EEA and Switzerland an offer of Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies that are stored on your computer and enable an analysis of the use of our online offer.

The information generated by the cookie about your use of our online service (including your abbreviated IP address) will be transmitted to and stored by Google on servers in the United States. Google evaluates your use of our online offer in this way in order to create statistical reports for us on the activities in our online offer and to provide us with other services associated with the use. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

We use Google Analytics in our online offer exclusively with the extension of the function "anonymize IP" for the purpose of web analysis. This setting ensures that Google Analytics deletes the last part of your IP address. This anonymization of your IP address makes it impossible to relate it directly to a person. Through the extension, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. This means that we also do not come into possession of data that allows us to draw conclusions about your person.

With Google Analytics, we also use the Universal Analytics functions. Universal Analytics allows us to analyze the activities on our online offers across devices (e.g., access via notebook and later via tablet). As a user, you are assigned a pseudonymous user ID when you log on to our website. The system recognizes your user ID when you visit our site with another device. However, we do not assign names to the pseudonymous user ID. We also do not transmit any personal data to Google. Data protection measures such as IP masking or the browser add-on are not restricted by the Universal Analytics function. You can prevent the installation of the cookie by setting your browser software accordingly.

You can also prevent the collection of data generated by the cookie and related to your use of our online services (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://support.google.com/analytics/answer/181881?hl=de.

This will prevent the collection by Google Analytics within our online offer in the future. This opt-out cookie only works in this browser and only for this domain.

If you have made one of the above deactivations, not all functions of our website may be fully available to you for use.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have concluded a contract with Google in accordance with the EU's standard data protection clauses. In addition to this, further data protection guarantees are required in accordance with the case law of the European Court of Justice, which are not currently available.

More information on the handling of user data at Google Analytics can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7.2 Linkedin Insight Tag

We use the conversion tool "LinkedIn Insight Tag" in our online offer. This is a service of the Irish-based company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and the US-based LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 (hereinafter "LinkedIn").

The LinkedIn Insight tag is a small JavaScript code snippet that we use on our website to enable detailed campaign reporting and gain valuable information about visitors to our website. It allows us to track conversions, retarget our website visitors, and gain additional information about LinkedIn members viewing our ads.

If you have given us your consent, this tool sets cookies in your web browser during your visit to our site and automatically collects the following information:

  • URL,
  • Referrer URL,
  • IP address,
  • device and browser characteristics (user agent)
  • as well as time stamp

The IP addresses are shortened or hashed. After 7 days, all data is pseudonymized. This remaining pseudonymized data is then deleted within 90 days.LinkedIn does not share any personally identifiable information with us, but only provides us with reports and communications (in which you are not identified) about website audience and ad performance.

LinkedIn also provides retargeting for website visitors, so we can use this data to display targeted ads outside of our website without identifying you. We also use data that does not identify you to improve the relevance of ads and reach LinkedIn members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings...: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend\_legal\_cookie-policy.

Users/users of LinkedIn can influence the extent to which their usage behavior may be collected when visiting our LinkedIn site at https://www.linkedin.com/psettings/advertising.

You can revoke your consent to the setting of LinkedIn Insight Tag cookies by our website at any time with effect for the future ("opt-out"). To do so, please click here. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

LinkedIn transfers user data only to countries for which there is an adequacy decision of the European Commission according to Art. 45 DSGVO or on the basis of appropriate guarantees according to Art. 46 DSGVO. The LinkedIn Corporation is certified under the EU-US Privacy Shield, but does not offer an adequate level of data protection as a result (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

8. Retargeting / Remarketing / Referral Advertising

8.1 Facebook Custom Audience Pixel

We use the visitor action pixel from Facebook (so-called Custom Audience Pixel), a service provided in the EU, EEA and Switzerland by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, and in the USA by Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025. "Custom Audiences" means the creation of a "user-defined target group". This involves a piece of Javascript code. Javascript is a scripting language used to evaluate user interactions in web browsers, apps or other applications. The use of this pixel on our pages allows us to mark and segment visitors and target them with ads. This allows us to measure the success of advertising campaigns and to track which person clicked on an ad and subsequently made a purchase. As soon as this pixel is loaded, it first transmits general, anonymized data about user behavior, the web pages accessed (URL) and the Facebook cookie, if any, to Facebook. The tracking is done via cookie, not via the pixel.

Facebook matches this data with users registered on Facebook. Thus, provided you are registered on Facebook, Facebook will associate this data with your Facebook user profile. This data processing may take place on servers in the USA. We have no influence on this data processing at Facebook. The Facebook pixel collects the following data:

Input in the browser (everything that is present in the web protocol, the so-called HTTP headers), namely IP addresses, information about the web browser, the location of the page, the document, the transmitter and the user. Pixel-specific data, namely the pixel ID and the Facebook cookie. Button click data, namely all the buttons you clicked on as a visitor to the website, the labels of these buttons and all the pages visited as a result of the button clicks. Data to measure the success of an advertising campaign, namely click on ads (so-called conversion rate), page type, purchase. Purchase details, such as email, address, quantity. You can suppress or disable the javascript functions of the retargeting pixel via your web browser. You can also set the online-based advertising by Facebook yourself at the following page:

https://www.facebook.com/ads/settings

The pixel is only used with your consent. We have also concluded a contract with Facebook between jointly responsible parties (Art. 26 DSGVO). In it, we have undertaken to instruct you accordingly.

Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 DSGVO or on the basis of appropriate guarantees in accordance with Art. 46 DSGVO. Meta Platforms Inc. is certified with all affiliated companies under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

8.2 Google Ads Manager (Ad Manager)

The Google Ad Manager is a platform for all ad formats. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The ad manager uses cookies to present you with ads that are relevant to you. In the process, a pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were called up. The cookies do not contain any personal information. The use of the ad manager only enables Google and its partner websites to display ads based on previous visits to our online offering or other websites on the Internet.

Google Ads Manager allows us to design ads interactively and dynamically in different formats (e.g., video or custom). It also allows us to manage and evaluate our ads. The cookies of the ad manager allow Google to recognize your browser. We thereby receive the information that someone has clicked on an ad and was redirected to our site. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations of our campaigns from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the framework of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

You can prevent the collection of data by the Google Ads Manager as follows:

You can prevent the storage of cookies by selecting the appropriate settings on your browser software. Information on this can be found here: https://support.google.com/ads/answer/7395996. In addition, you can prevent the collection and processing of data by the cookies by installing a browser plugin (https://support.google.com/ads/answer/7395996). Alternatively, you can deactivate Google cookies on the Digital Advertising Alliance site at the following link (http://optout.aboutads.info/?c=2#!/). If you have made one of the above deactivations, not all functions of our website may be fully available to you for use.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

8.3 Google Tag Manager

We use the Google Tag Manager in our online offer for the purpose of personalized, interest and location-based online advertising. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Tag Manager allows us to manage website tags via an interface. As a result, we do not use cookies, nor do we collect any personal data. The Tag Manager was developed specifically for advertisers and is a container with which elements (tags) from Google and other providers can be marked and managed. In this way, data can be passed to other cookies or tools. Tags can be added for conversion tracking, website analytics, and other purposes.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

We have concluded a contract with Google in accordance with the EU's standard data protection clauses.

You can find more information about Google Tag Manager here: http://www.google.de/tagmanager/use-policy.html

Further information as well as Google's privacy policy can be found at: http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/

8.4 Google Ads Remarketing

Our online offering uses the remarketing functions of Google Ads, which we use to advertise our online offering in Google search results and on the websites of third party providers. The provider in the EU, EEA and Switzerland is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, we have embedded a pixel (a code snippet, so-called remarketing tag) in our online offer, with the help of which Google sets a cookie in the browser of your end device. This cookie enables us to display interest-based advertising to you. For this purpose, a pseudonymous cookie ID is generated and the websites you have visited are analyzed.

Additional data processing only takes place if you have consented to Google linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the Internet. Information on the integration of user consent can be found here: http://www.google.com/about/company/user-consent-policy.html.

In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. You can find more information about this here: https://policies.google.com/technologies/ads?hl=de and https://support.google.com/google-ads/answer/7664943?hl=de&ref_topic=3122875.

You can permanently disable the setting of cookies for advertising preferences by downloading and installing the browser plug-in available at the following link: https://support.google.com/ads/answer/7395996.

Alternatively, you can obtain information about the setting of cookies and make settings in this regard from the Digital Advertising Alliance at the Internet address www.aboutads.info. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

We have concluded a contract with Google in accordance with the EU's standard data protection clauses. You can find more information on how Google handles user data in Google's privacy policy: https://policies.google.com/privacy?hl=de

8.5 Use of Google Ads conversion tracking

Our online offer uses the online advertising program "Google Ads" and, within the framework of Google Ads, conversion tracking. Conversion tracking is a free tool from Google that can be used to measure interactions or transactions related to our advertisements. For example, we can use the tool to evaluate whether users subscribe to our newsletters or how often clicks on our ads lead to activities on our online offering (e.g. registrations). In doing so, we can determine the usage actions that are to be evaluated (so-called conversions).

The conversion tracking works technically via the conversion tracking code (so-called "tag"), which is integrated on our online offer. The data on ad clicks is collected using cookies.

The conversion tracking is set as a cookie when you as a user click on an ad placed on Google. This cookie usually loses its validity after 30 days and is used for non-personal (anonymized) identification. If you, as a user, visit certain pages of our online offer while the cookie has not yet expired, Google and we can recognize that you originally clicked on the ad and were redirected from there to our online offer.

Google allocates certain (customer-specific) cookies to us as Ads customers. As Ads customers, we are thus not able to track the cookies on a personal basis via our online offer. Rather, we receive statistical evaluations from Google on the information that Google has obtained with the help of the conversion cookie. In doing so, we only learn the total number of users who clicked on our ads and were redirected to our online offer provided with the conversion tracking tag. However, these statistical analyses do not contain any information that can be used to identify you personally as a user.

If you do not wish to participate in conversion tracking or permanently deactivate cookies for ad specifications, you can deactivate this use in the user settings of your Internet browser. Alternatively, you can download and install the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de. In this case, your user behavior will not be recorded by the conversion tracking statistics. However, it may be that deactivating conversion tracking or cookies for ad preferences will lead to restrictions in the functions of our online offer.

It may be that Google processes your data when using conversion tracking on servers in the USA.

Google is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

We have concluded a contract with Google in accordance with the EU's standard data protection clauses. You can find more information on how Google handles user data in Google's privacy policy: https://policies.google.com/privacy?hl=de

9. Integration of social media and other services

We integrate content from our profiles in social networks and other services in our online offer. You can only access this content via our online offer if you give your consent to the display of this integrated content (Art. 6 para. 1 letter a DSGVO).

While these providers that provide social networks (e.g., Google, Facebook) have committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic data transfers agreed upon by the European Commission and the United States (IMPLEMENTING COMMISSION DECISION (EU) 2016/1250 of 12. July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the EU-U.S. Privacy Shield (notified under Docket No. C(2016) 4176)). In addition, these providers are registered with the U.S. Department of Commerce's Privacy Shield program. However, the European Court of Justice has declared this agreement invalid and found that the U.S. does not have a level of data protection comparable to the EU (ECJ, judgment of July 16, 2020 - C-311/18, para. 200, Facebook v. Schrems II). The laws of the U.S. give various security authorities unlimited surveillance powers, including through the use of surveillance programs that make mass collection and analysis of data possible. U.S. providers are obliged under national laws to grant the security authorities access to the data they process, even if it is processed at a foreign company. By granting consent, there is a risk that the data collected about visits to the social network or other service will become part of mass surveillance in the USA. No legal remedy or efficient judicial procedure is available against such surveillance in the USA.

9.1 Youtube videos

On our website, you will initially only see inactive screenshots of Youtube videos. No data transfer to Youtube takes place yet. Only when you click on this screenshot, a connection to Youtube is established via your web browser in a lightbox (an overlay that overlays the other content on our site).

YouTube is a service offered in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

9.2 ChatGPT chatbot

We use the OpenAI API to power the ChatGPT chatbot on our website. Conversations with the chatbot are processed and stored via the OpenAI API. You may provide data such as questions, commands, or other text when you interact with ChatGPT. We log these conversations for the purpose of improving the service and for analytical purposes.

We recommend that you read OpenAI's Privacy Policy for more information on how your data is handled. https://openai.com/policies/privacy-policy

9.3 WhatsApp Business API

We process your phone number and your WhatsApp profile name for the following purposes: Providing service requests. The legal basis for the processing is Art. 6 para. 1 a) DSGVO (your consent). If you would like to receive service requests from Chathero, you agree to receive it by clicking on the "Chat on WhatsApp" button on the website.

Chathero uses a service provider as a processor who supports him strictly according to instructions.

Your phone number will be transmitted to WhatsApp Ireland Limited and other companies affiliated with WhatsApp in third countries. If you consent to the sending of the prospectus, we use the instant messaging service WhatsApp to carry out the sending. I.e., a data transfer may take place to a country outside the EU that does not have an adequate level of protection and appropriate safeguards to protect your data. You can find all details about WhatsApp Business here: https://www.whatsapp.com/legal/business-data-transfer-addendum

10. Social media appearances and use of social media icons on our pages.

We do not use social plug-ins as active buttons in our online offer. We only refer to our offer in the following social networks via icons:

  • Facebook: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland;
  • YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
  • Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
  • We only display the social media icons on our site. They are designed as inactive icons

When you click on such a social media icon on our site, it is activated with your consent and a connection to these third-party providers is established via your web browser in a separate tab (tab card). These third-party providers can thereby track your visit to our pages. If you are a member of one of the social networks, you can share the content of our site with other members from your social network by activating the button.

Through your participation in social networks or by visiting or calling up our social media sites, your data may be processed outside the EU. This may give rise to risks because, for example, it may be more difficult to enforce your rights.

When you call up a social network, cookies are usually stored on your end device to record user behavior. If you have a user account on the respective network and are logged in there, your usage behavior can be stored for your user account. The social networks can analyze the usage behavior and use it for market research and advertising purposes. This may result in advertising being displayed to you within and outside the social networks. We have no influence on this.

We have no influence on the data collected and stored about you by the social networks. Through our above-mentioned social media presences, we receive evaluations of user data and can address users with interest-based advertising. If users interact with our social media presence and are logged in with a user account, we can in principle also recognize the user profile and see the content of comments or postings on our presence. This data processing therefore takes place under joint responsibility with the respective provider of the social network. For the evaluation of data in connection with our social media appearances, we have therefore concluded a joint responsibility agreement with the providers in each case (Art. 26 DSGVO). In this, we have undertaken to provide you with this information on data protection. You can find further information in the data protection provisions of the respective social networks. You can also assert the rights to which you are entitled against us. However, the provider of the social network can fulfill your rights more comprehensively because the data for use and evaluation is also stored there.

11. Your rights as a data subject

We are pleased to inform you below about the rights you have as a data subject with regard to the processing of your personal data against us.

11.1 The right to information

You have the right to request confirmation from us as to whether your personal data has been processed. If this is the case, you have the right to obtain information about the data collected, stored or used about you and about the following information:

the processing purposes; the recipients or categories of recipients to whom we have disclosed or will disclose the personal data; the storage period or the criteria for determining this period; The existence of other rights (see below); if the personal data is not collected from you, any available information about its origin; the existence of automated decision-making, including profiling, and, if applicable, more detailed information on this. You have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in the event that your data is transferred to a third country or an international organization.

11.2 Right to rectification

You have the right to request that we correct any inaccurate or incomplete personal data relating to you without undue delay.

11.3 Right to deletion

You may request that we delete your personal data without delay. We are obliged to delete your personal data immediately if one of the following reasons applies:

  • Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it.
  • You revoke the consent you have given and there is no other legal basis for the processing.
  • You object (see below) to the processing.
  • Your personal data have been processed unlawfully.
  • The erasure of your personal data is necessary for us to comply with a legal obligation under Union or Member State law.
  • We have collected the personal data on the basis of a child's consent

11.4 Right to restriction of processing

You have the right to request us to restrict processing if one of the following conditions is met:

You dispute the accuracy of the personal data. The processing of the data is unlawful and you object to the erasure of the personal data and instead request the restriction of the use of the personal data. We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; or You have objected to the processing (see below) and it is not yet clear whether our legitimate grounds outweigh yours.

11.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right against us to be informed about these recipients.

11.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that

the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and the processing is carried out with the help of automated procedures. In exercising this right, you may request that the personal data concerning you be transferred directly from us to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

11.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you on one of the following bases:

Processing of your personal data by us is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental freedoms which require the protection of your personal data. You also have the right to object to profiling based on these processing operations. If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with such direct advertising. You also have the right to object, on grounds relating to your particular situation, to processing concerning your personal data that we carry out for scientific or historical research purposes or for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

You can revoke your consent, once given, at any time with effect for the future vis-à-vis us. The revocation is possible at any time informally, e.g. by e-mail to us. However, the legality of the processing carried out until the revocation is not affected by this.

Status: September 2023