The Privacy Policy is only valid in the German language. Any translations of the Privacy Policy is for convenience purposes only.
Privacy Policy Declaration of KWICKEY GmbH
§ 1 Information on the Collection of Personal Data
(1) In the following, we provide information about the collection of personal data when using our website, when creating and using a Kwickey account, when extending a Kwickey account to include paid services (Lost and Found function), when initiating, processing, and, if applicable, reversing purchases in our online shop, and when using our website to obtain the contact information of one of our customers if you have found a movable item with a Kwickey code and read it with your device.
Personal data is all data that can be personally related to you, e.g., name, address, email addresses, user behavior.
(2) The controller according to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is IMPRINT.
(3) When you contact us by email using the address provided, the data you provide (your email address, if applicable, your name, and your telephone number) will be stored by us in order to answer your questions. The legal basis for this data processing is Art. 6 (1) (b) or (f) GDPR.
(4) We will delete the data collected in this context once storage is no longer required or restrict processing if statutory retention periods apply.
(5) If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the defined criteria for the storage period.
(6) In the context of the ongoing development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed for the need for adjustment or addition. You will be informed of any changes, in particular, on our German website at www.kwickey.com. This privacy policy is current as of May 2024.
§ 2 Your Rigights
(1) You have the right to information, rectification, erasure, restriction of processing, objection to the processing, and data portability of your personal data.
(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
§ 3 Processing of Personal Data When Visiting Our Website
(1) When you use this website for informational purposes only without registering or otherwise providing further information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. These are: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, originating website, browser, operating system and its interface, language and version of the browser software. The legal basis for this data processing is Art. 6 (1) (f) GDPR.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard disk associated with the browser you use; they allow certain information to be sent to the location that placed the cookies (here, this is us). Cookies cannot run programs or transmit viruses to your computer. They are designed to make the internet more user-friendly and effective overall.
(3) We use cookies on our websites. Cookies are small text files that are stored on your hard disk and associated with the browser you use through a characteristic string of characters. These files allow certain information to be sent to the location that placed the cookies. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They are designed to make the Internet more user-friendly and effective, and therefore more pleasant for you.
Cookies can contain data that enables recognition of the device used. However, cookies sometimes only contain information about certain settings that are not personally identifiable. However, cookies cannot directly identify a user.A distinction is made between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In terms of their function, cookies are further divided into:
The legal basis for cookies that are absolutely necessary to provide you with the service you have expressly requested is Section 25 (2) No. 2 of the German Data Protection Act (TTDSG). Any use of cookies that is not technically necessary for this purpose constitutes data processing, which is only permitted with your express and active consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) (a) GDPR.
We only use technically necessary cookies on our website. Further information about which cookies we use and how you can manage your cookie settings can be found in Section 6 of these Privacy Policy.
§ 4 Further functions and offers of the website
(1) In addition to the purely informational use of the website, we offer various services that you may use if you are interested. To do so, you will generally be required to provide additional personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) We sometimes use external service providers to process your data. These providers have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
(3) Furthermore, we may share your personal data with third parties if we offer participation in promotions, competitions, contract conclusions, or similar services together with partners. You will receive further information about this when you provide your personal data or in the description of the offer below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
§ 5 Objection or revocation against the processing of your data; transfer of data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation affects the legality of the processing of your personal data after you have expressed it to us.
(2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case, in particular, if the processing is not necessary to fulfill a contract with you, which we will explain in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and either stop or adapt the data processing or explain to you our compelling legitimate reasons for continuing the processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: info@kwickey.com
(4) We may, under certain circumstances, be subject to a specific statutory or legal obligation to provide the lawfully processed personal data to third parties, in particular public authorities. The legal basis for this is Article 6 (1) (c) GDPR.
§ 6 Further functions of this website and corresponding processing of personal data
A Use of our webshop
(1) If you wish to order from our online shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory information required for contract processing is marked separately; further information is voluntary. For payment, you must provide your payment details to our payment service provider; these third parties are each independently responsible for payment processing (see Section 6 C of this privacy policy). The legal basis for this is Article 6 (1) (b) GDPR.
(2) You can create a Kwickey account, which allows us to save your data for future purchases. When you create a Kwickey account using the corresponding function on our website, the data you provide will be stored revocably. You can delete all other data, including your Kwickey account, at any time in the customer area.
(3) Due to commercial and tax law, we are required to store your address, payment, and order data for a period of 10 years. However, after three years, we restrict processing. This means that from this point on, your data will only be used to comply with the legal obligation.
(4) To prevent unauthorized access by third parties to your personal data, in particular financial data, the connection is encrypted using SSL technology (CSR key).
B Payment service provider
We offer you the option of processing payments via the payment service provider Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. This is in line with our legitimate interest in providing an efficient and secure payment method. To fulfill the contract, we will pass on the following data to Stripe Ltd.: cardholder name, email address, customer number, order number, bank details, credit card details, credit card validity period, credit card security code (CVC), date and time of the transaction, transaction amount, name of the provider, and location. The legal basis for this data processing is Art. 6 (1) (b) and (f) GDPR. The processing of the data specified in this section is neither legally nor contractually required. However, without the transmission of your personal data, we cannot process a payment via Stripe. Stripe assumes a dual role as controller and processor in data processing activities. As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (according to Art. 6 (1) (f) GDPR) and serves the purpose of contract execution (according to Art. 6 (1) (b) GDPR). We have no influence on this process. Stripe acts as a processor to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated to comply with data protection regulations within the meaning of Art. 28 GDPR. Stripe has implemented compliance measures for international data transfers. These apply to all worldwide activities in which Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information on objection and removal options with Stripe can be found at: https://stripe.com/privacy-center/legal. We will store your data until the payment is completed. This also includes the time required for processing refunds, debt collection, and fraud prevention. Otherwise, the information in Section 6A (3) of this Notice applies.
D Our Newsletter
(1) With your consent, you can subscribe to our newsletter, which will inform you about our current, interesting offers. The advertised goods and services are listed in the consent form.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any possible misuse of your personal data.
(3) The only mandatory information required to receive the newsletter is your email address. Providing additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) (a) GDPR.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by sending an email to info@kwickey.com.
(5) We would like to point out that when we send the newsletter we evaluate your user behavior. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluation, we link the data mentioned in paragraph (3) and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and use this to determine your personal interests. We link this data to actions you perform on our website. You can object to this tracking at any time by unsubscribing from the newsletter in accordance with paragraph (4). The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.
E Use of meta tools (Facebook and Instagram)
For the services we offer, we use the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The services include "Facebook" and "Instagram" (hereinafter collectively referred to as "social media page"), both operated by Facebook Ireland Ltd. We would like to point out that you use the social media page and its functions at your own risk. This applies in particular to the interactive functions (e.g. commenting, sharing, rating). Facebook processes personal data relating to your account, your IP address and the devices you use; cookies are used for data collection. These are small files that are stored on your devices. Facebook describes in general terms what information Facebook receives and how this information is used in its data usage guidelines. There you will also find information about contacting Facebook, the options for opting out and the options for setting up advertisements. The data usage guidelines are available under the following link: Facebook: http://de-de.facebook.com/about/privacy Instagram: https://help.instagram.com/519522125107875 The information can be used by Facebook to inform us as the operator of the Facebook pages. to provide statistical information such as gender and age distribution on the use of the social media page. Furthermore, Facebook can show you additional information or advertisements based on your preferences. Further information on this is available from Facebook at the following link: http://de-de.facebook.com/help/pages/insights. The data collected about you in this context will be processed by Facebook Ltd. and may be transferred to countries outside the European Union. If you visit one of our social media presences (e.g., Instagram), such a visit will trigger the processing of your personal data. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network regarding data processing and we also influence the data processing. Where possible, we have concluded agreements with the operators of the social networks on joint responsibility in accordance with Art. 26 GDPR, in particular the Page Controller Addendum from Facebook Ireland. Ltd. You can generally assert your rights under Section 2 both against us and against the operator of the respective social network (e.g. Facebook).
Please note that, despite our joint responsibility with the operators of social networks under Art. 26 GDPR, we do not have full influence over the data processing of individual social networks. The corporate policy of the respective provider has a significant impact on our options. In the event of the assertion of data subject rights, we can only forward these requests to the operator of the social network. Facebook does not conclusively and clearly state how Facebook uses the data from visits to social media pages for its own purposes, to what extent activities on the social media page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the social media page is passed on to third parties, and this is not known to us. When you access a social media page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about its users' devices (for example, as part of the "login notification" function); This may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, there will be a cookie with your Facebook ID on your device. This enables Facebook to track that you visited this page and how you used it. This also applies to all other Facebook pages. Using Facebook buttons integrated into websites, Facebook can record your visits to these websites and assign them to your Facebook / Instagram profile. Based on this data, content or advertising can be offered that is tailored to you. If you want to avoid this, you should log out of Facebook / Instagram or deactivate the "stay logged in" function, delete the cookies on your device and close and restart your browser. This way, Facebook information that can be used to directly identify you will be deleted. This allows you to use our social media page without your Facebook / Instagram ID being revealed. When you access interactive features on the site (like, comment, share, message, etc.), a Facebook or Instagram login screen appears. After logging in, you will be recognized by Facebook as a specific user. Alternatively, you can use a different browser than usual to visit our social media page.
The legal basis for the use of the social media page is Art. 6 (1) (f) GDPR.
F Use of TikTok
The social media application TikTok is an international video portal. It is used for lip-syncing music videos and other short video clips. TikTok is operated by the Chinese company ByteDance. TikTok's privacy policy forms the basis on which TikTok processes all data collected from users or provided by users. According to the privacy policy, TikTok Technology Limited ("TikTok Ireland") and TikTok Information Technologies UK Limited ("TikTok UK") are responsible for the processing of personal data. In the privacy policy, "TikTok," "we," or "us" are often referred to as such. If you have given your consent to receive advertising, TikTok will use your data to show you personalized advertising. The personalized advertising that TikTok shows you is based on your consent. Furthermore, TiKTok processes user data on the basis of a contract (Art. 6 (1) Sentence 1 Letter b GDPR), as a result of a balancing of interests (Art. 6 (1) Sentence 1 Letter f GDPR), or to fulfill legal obligations (Art. 6 (1) Sentence 1 Letter c GDPR). Users can revoke their consent, and processing based on a balancing of interests can be objected to in accordance with Art. 21 GDPR. For details, please see TikTok's privacy policy and terms of use (link below). TikTok processes personal data for various purposes, including providing its services, notifying users of changes to the services, providing support to users, enabling users to share user content with other users, developing new services, or fulfilling legal obligations. TikTok collects, among other things, the following data about its users: profile data, user content and usage data, location data, and information about contacts/friends. For more information about how your data is used and which data is processed, please see TikTok's privacy policy and terms of use (link below). TikTok retains user data for as long as necessary to provide the service to users, to fulfill its contractual obligations, and to exercise its rights with respect to the information in question. If user information is no longer needed to provide the service, TikTok will retain user data only for as long as TikTok has a legitimate business purpose for storing that data. If a user requests that their TikTok account be deleted, it will initially be deactivated for a few weeks. Afterward, the account will be deleted. At the same time, users' personal data related to the in-app messaging function will also be deleted. Messages you have sent to other users of the TikTok service will remain stored on their devices.
In its privacy policy (link see below), TikTok also points out any longer deletion or retention periods. TikTok offers its users the opportunity to control and manage their own user data (personal data) via the settings options. TikTok also offers its users automated information services that provide information about how your data is processed. Within the framework of the legal requirements, you also have the right to have your data deleted and corrected and can object to the use of your data or have its use restricted, as well as revoke your consent at any time. Please note that TikTok's terms of use and privacy policy are subject to change at any time. Please therefore check regularly to ensure that these texts are up-to-date. The DSV Group assumes no liability for the timeliness, accuracy, or completeness of the information provided, which refers to TikTok's terms of use and privacy policy. This privacy policy serves to provide the information required under Articles 12 et seq. of the GDPR to the extent that the companies of the DSV Group use TikTok services by embedding videos on one of our websites or TikTok is used by our employees for customers.Terms of Use: https://www.tiktok.com/legal/terms-of-use?lang=dePrivacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de#section-1For users who have questions about TikTok's privacy policy or would like to contact TikTok's data protection officer, TikTok provides a contact form, which can be accessed via the privacy policy.
G Use of Trackboxx
We use the web analysis service Trackboxx on out Website. The provider is Mr. Christian Pust, Humboldtstraße 9, 38820 Halberstadt, Germany. We use it to statistically evaluate visitor Access and analyze the use of our website. The data is stored anonymously on a server in Germany for this purpose and is subject to the requirements of the GDPR. We do not use cookies or store any personal data. Instead, your IP address is used to generate a code that is then assigned to an anonymous user ID while you are on our website. This data cannot be assigned to a specific person and is encrypted with a code that changes daily. It is therefore not possible to "recognize" you when you visit our website again. Cross-site tracking, linking of the data with other sources, or forwarding of the information to third parties does not take place. The legal basis for the processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the needs-based design and optimization of our website. If you still do not want to help improve our site, you can control this at any time using the "Do Not Track" function in your browser. We've compiled links here to explain how this works for the most common browser types:
H Use of Host Europe
We host our website with "Host Europe." The provider is Host Europe GmbH, Hansestraße 111, 51149, Cologne. When you visit our website, Host Europe records various log files, including your IP address. Details can be found in Host Europe's privacy policy: https://www.hosteurope.de/AGB/Datenschutzerklaerung/. Host Europe's use of data is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
I Integration of Amazon CloudFront
We use the Amazon CloudFront CDN content delivery network. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter AWS). Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the content delivery network. This enables us to increase the global accessibility and performance of our website. The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (the basis is Art. 6 (1) (f) GDPR). Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. Further information about Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf. AWS is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is committed to adhering to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOWQAA4&status=Active.
J Intergration of Cloudflare
We use the Content Delivery Network (CDN) from Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. With the CDN, our website content, such as scripts and stylesheets, is delivered to you more quickly via a network of regionally distributed servers. For this purpose, the browser you use must connect to Cloudflare's servers. This allows Cloudflare to know that our website was accessed via your IP address. The data collected in this process is used only for the aforementioned purpose and to maintain the functionality and security of the CDN. This use is based on the website operator's legitimate interest in the fast and secure provision and optimization of the online service, in accordance with Art. 6 (1) (f) GDPR. Further information can be found in Cloudflare's privacy policy:
https://www.cloudflare.com/security-policy.
K Integration of Adobe Fonts
This site uses Adobe Fonts, provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland), for the consistent display of fonts. The Adobe Fonts are installed locally. There is no connection to Google servers. Further information about Adobe Fonts can be found at
https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
L Integration of MailerLite
Our email communication is handled by "MailerLite" (operated by MailerLite Inc., 548 Market St, PMB 98174, San Francisco, CA 94104-5401, USA; subsidiary in the European Union: MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland). Your email address and your input data (e.g., texts) are stored on MailerLite's servers, among others, in the USA. Data processing and/or data transfer therefore also takes place outside the European Union, Andorra, Argentina, Canada (only for commercial organizations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, and the United Kingdom. However, an adequacy decision (Art. 45 GDPR) from the European Commission regarding data transfer only exists for these countries, with the exception of the countries of the European Union, which are already classified as secure. Therefore, data transfer to other countries is at least not explicitly permitted. Although an adequacy decision also exists for the USA, the EU-US Data Privacy Framework (DPF, https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj), this does not classify every data transfer to the USA as safe, but only the transfer of data to US companies or organizations that have a valid DPF certification. Since MailerLite Inc. does not have such certification, we must ensure in other ways that the recipient's personal data is adequately protected. This can be done through the use of standard data protection clauses (Article 46 GDPR), through an obligation to comply with codes of conduct that have been declared generally applicable by the Commission, or through the certification of the processing operation. The standard contractual clauses issued by the European Commission can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj. MailerLite uses the aforementioned information to send and evaluate emails on our behalf. Furthermore, MailerLite may use this data to optimize or improve its own services, e.g., to technically optimize the delivery and presentation of newsletters. MailerLite does not use the data of our email recipients to contact them directly. MailerLite is only used with your consent (Art. 6 I S. 1 a GDPR). You can view MailerLite's privacy policy at
https://www.mailerlite.com/legal/privacy-policy.
M Integration of Google Maps
This website uses the Google Maps map service. Provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Google Maps is used in the interest of an attractive presentation of our online offerings and to make the locations we specify on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If corresponding consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on how user data is handled can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de. Google is certified according to the "EU-US Data Privacy Framework" (DPF). The Data Protection Framework (DPF) is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the Data Protection Framework (DPF) is committed to complying with these data protection standards. Further information is available from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
N Integration of Xano
This website uses "Xano." This is a service provided by Xano Inc., 20700 Ventura Blvd. Ste 210, Woodland Hills, CA 91364. This is a database service that we use as a backend builder and database. Data processing and/or data transfer therefore also takes place outside the European Union, Andorra, Argentina, Canada (only for commercial organizations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, and the United Kingdom. However, only for these countries, with the exception of the European Union countries, which are already classified as safe, has an adequacy decision (Article 45 GDPR) been issued by the European Commission regarding data transfer. Therefore, data transfer to other countries is at least not explicitly permitted. Although an adequacy decision also exists for the USA, the EU-US Data Privacy Framework (DPF, https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj), this does not classify every data transfer to the USA as safe, but only the transfer of data to US companies or organizations that have a valid DPF certification. Since Xano does not have such certification, we must ensure in other ways that the personal data is adequately protected by the recipient. This can be done through the use of standard data protection clauses (Article 46 GDPR), through an obligation to comply with codes of conduct that have been declared generally applicable by the Commission, or through the certification of the processing operation. The standard contractual clauses issued by the European Commission can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/ojXano uses cookies to personalize and analyze your user experience and improve the service. These cookies are only set with your consent. You can revoke and manage your consent at any time using our Cookie Consent Tool. The legal basis for processing is Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as it concerns access to information on the user's device or the storage of cookies within the meaning of the TTDSG. Furthermore, the use of Xano is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the correct display of our designs in the app's frontend. Xano also processes data in the USA. Further information on data processing can be found at:
https://legal.xano.com/privacy-policy.