Content Generator & Editor
AI assistant for content creation with AI editor, SEO analysis & more.
I. General Information
II. Data Controller
III. Data Protection Officer
IV. Your Rights as a Data Subject
V. Informational Use of the Website
VI. Cookies and Tracking Technologies
VII. Additional Features & Services on the Website
VIII. Contacting Us
IX. Newsletter
X. Blog Use
XI. Online Applications
XII. Registration on the Website
XIII. Server Location & Data Processing in Third Countries
XIV. Purchase & Orders
XV. Payment Service Provider (Stripe)
XVI. External Tools and Services
XVII. Use of the neuroflash App
(1) Below, we inform you about the collection of personal data when using our website.
(2) The term “personal data” refers, with reference to the definition in Art. 4 No. 1 of Regulation (EU) 2016/679 (hereinafter referred to as “General Data Protection Regulation” or “GDPR” for short), to all data that is personally referable to you. This includes, for example, name, address, email address, and user behavior. Regarding other terms, especially the terms “processing,” “controller,” “processor,” and “consent,” we refer to the legal data protection definitions of Art. 4 GDPR.
(3) For matters that affect Switzerland, even if they are initiated outside Switzerland, the Swiss Federal Act on Data Protection, hereinafter referred to as “FDPIC,” also applies. However, we use the terms of the GDPR throughout. The terms of the GDPR “personal data,” “processing,” “processor,” “special categories of data,” and data portability also mean, as far as the FDPIC applies, the terms used in the FDPIC “personal data,” “processing,” “processor,” “data transmission,” and “particularly sensitive personal data” according to the FDPIC. The legal meaning of the terms is determined by the FDPIC in this case.
(4) We generally process personal data only to the extent necessary to provide a functional website and the content and services we offer. Personal data is regularly processed only if you have given us consent within the meaning of Art. 6 para. 1 lit. a) GDPR or if the processing is permitted by legal regulations, especially by one of the legal bases mentioned in Art. 6 para. 1 lit. b) to lit. f) GDPR.
(5) Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by national or European regulations to which we are subject. In this case, the data will be blocked or deleted when the storage period prescribed in the respective regulations has expired. The latter does not apply if further storage of the data is necessary for the conclusion or fulfillment of a contract.
(6) If we use commissioned service providers for individual functions of our website or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below.
(1) The controller within the meaning of Art. 4 No. 7 GDPR, the other data protection laws applicable in the member states of the European Union and other regulations and provisions with data protection character is:
neuroflash GmbH
Managing Directors: Dr. Jonathan Taddäus Mall, Henrik Clemens Roth, Henrik Büning
Wulfsdorfer Weg 100
22359 Hamburg
Germany
Tel.: +49 40 743 040 05
Email: magicpen@neuroflash.com
Register Court: District Court Hamburg
Register Number: HRB 117450
(2) Further details about the responsible party can be found in our legal notice.
You can reach and contact our data protection officer at the following address:
Mauß Datenschutz GmbH
Neuer Wall 10
20354 Hamburg
Germany
Tel: 040 / 999 99 52-0
Email: datenschutz@datenschutzbeauftragter-hamburg.de
(1) You have the following rights against us with regard to your personal data:
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
(3) In the scope of the GDPR, you also have the right to:
(1) If you access our website without registering or providing us with information in any other way (“Informational Use”), we only collect the personal data that your web browser transmits to our server. If you want to view our website, we collect the following data, which are technically necessary for us to enable you to view our website and to guarantee stability and security: IP address, date and time of the request, time zone difference to GMT, content of the website, access status (HTTP status), requesting website, web browser, operating system, language, and version of the browser.
(2) The aforementioned data are also stored in so-called log files on our servers. This data is not stored together with other personal data from you.
(3) The storage of the above data in log files serves to ensure the functionality and to optimize our website and to ensure the security of our information technology systems.
(4) An evaluation of this data for marketing purposes does not take place. Our legitimate interest in data processing lies in the above purposes. The legal basis for the collection and temporary storage of the aforementioned data and the log files is Art. 6 para. 1 sentence 1 lit. f) GDPR. The above data for the provision of our website will be deleted when the respective session has ended. The collection of the above data for the provision of our website is mandatory for the operation of our website. There is no possibility of objection..
(1) We use so-called cookies on our website. Cookies are small text files that are stored on the storage medium of your end device, for example, on a hard drive, and through which certain information flows to us as the party that sets the cookie. Cookies cannot execute programs or transmit viruses to your end device. This website uses the following types of cookies, the scope and functionality of which are explained below.
(2) Cookies that are stored belonging to your web browser:
(3) The processing of personal data by the above cookies serves to make the offer of our website more user-friendly and effective for you overall. Some functions of our website cannot be offered without the use of these cookies. In particular, some functions of our website require that your web browser can still be identified after a page change. If you have an account, we use cookies to be able to identify you for subsequent visits. This prevents you from having to log in again every time you visit our website. The data processed by cookies that are necessary for the provision of the functions of our website are not used to create user profiles. If cookies are used for analysis purposes, they serve to improve the quality and user-friendliness of our website, its content, and functions. They enable us to understand how the website, which functions, and how often they are used. This enables us to continuously optimize our offer.
(4) If cookies are not technically absolutely necessary, we only set them with your previously declared consent, which you can also revoke at any time. The legal basis is Art. 6 para. 1 lit. a) GDPR.
(5) The above cookies are stored on your end device and transmitted from there to our server. You can therefore configure the processing of data and information by cookies yourself. You can make corresponding configurations in the settings of your web browser, through which you can, for example, reject third-party cookies or cookies altogether. In this context, we would like to point out that you may then not be able to use all functions of our website properly. We also recommend regularly manually deleting cookies and your browser history.
(1) In addition to the informational use of our website described above, we offer various services that you can use if you are interested. This usually requires the provision of further personal data. We need this data to provide the respective service. The above principles for data processing apply to this.
(2) In some cases, we use external service providers to process this data, which we have carefully selected and commissioned. These service providers are bound by our instructions and are regularly monitored by us. If personal data is passed on to third parties as part of services that we offer together with partners, you can find more information in the following descriptions of the individual services. If these third parties are based in a country outside the European Economic Area, you can find more information about the consequences of this circumstance in the following descriptions of the individual services.
(1) If you contact us by email, the personal data you transmit to us with your email will be stored.
(2) We also provide a contact form on our website that you can use to contact us. The data you enter into the input mask will be transmitted to us and stored: Salutation, first name, last name, email address.
(3) The data will be used exclusively to answer your questions. Unless explicitly stated otherwise in this data protection declaration, the data will not be passed on to third parties. We also record your IP address and the time of sending.
(4) The processing of the aforementioned personal data serves solely to process your inquiries.
(5) The processing of further personal data that is incurred through the use of the contact form provided on our website serves to prevent misuse and to ensure the security of our information technology systems.
(6) This is also our legitimate interest in processing your personal data. If you have given us your consent to this, the legal basis for processing this data is Art. 6 para. 1 lit. a) GDPR. Otherwise, the legal basis for processing this data is Art. 6 para. 1 lit. f) GDPR, especially in the event that the data is transmitted to us by you by sending an email. If you want to work towards the conclusion of a contract through your email, Art. 6 para. 1 lit. b) GDPR represents an additional legal basis.
(7) The data will be deleted subject to statutory retention periods as soon as we have finally processed your request. When contacting us by email, you can object to the storage of your personal data at any time. We would like to point out that in this case your request cannot be processed further. You can declare the revocation or objection by sending an email to our email address given in the legal notice.
(1) We provide you with a newsletter that you can subscribe to on our website. Details about the newsletter, in particular its possible content, are named in the declaration of consent. When you subscribe to our newsletter, the data you enter into the input mask when registering for the newsletter will be transmitted to us. To register for sending the newsletter, you must provide mandatory data requested by us: Email address.
(2) If you provide further personal data when registering, this information is voluntary.
(3) We use the so-called double opt-in procedure to register for our newsletter. After your registration, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter from us in the future. If you do not confirm your registration within the period specified in the email, the data you have provided will be blocked and deleted after one week. In addition, we store your IP address and the time of registration for the newsletter as well as the time of confirmation. In connection with the processing of the data for sending the newsletter, the data is not passed on to third parties. This data is used exclusively for sending the newsletter.
(4) Unless we use a third-party provider mentioned below to send the newsletter, no data will be passed on to third parties in connection with the processing of the data for sending the newsletter.
(5) The data you enter into the input mask when registering is processed for the purpose of addressing you personally. After your confirmation, we save your email address in order to be able to send you the newsletter. We save the respective IP address and the times of registration and confirmation in order to be able to prove your registration and, if necessary, to clarify possible misuse of your personal data. This is also our legitimate interest. If you have given us your consent, Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis for processing. If the processing is otherwise based on our legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.
(6) The above data will be deleted as soon as they are no longer necessary to achieve the above purposes. We therefore store your above data as long as you have subscribed to the newsletter. After unsubscribing from the newsletter, we store the aforementioned data purely statistically and anonymously.
(7) You can revoke your consent to receive the newsletter at any time by unsubscribing from the newsletter. You can unsubscribe by clicking on the link contained in every newsletter email sent to you by us.
(1) We offer a blog on our website. In this blog, we publish posts on various topics.
(2) If you have given us consent for the storage of the data, you can revoke this at any time. You can object to this storage of the aforementioned data at any time.
(1) We offer you the opportunity to apply online on our website. Participation in the application process requires the provision of personal data. This data may include personal master data such as first name, last name, address, date of birth, contact data such as telephone number or email address, as well as data related to your academic and/or professional background such as school and work certificates, data about education, internships, or previous employers. This data may come from an online application form that you fill out on the application platform or from documents you provide such as a cover letter, a resume, a photo, certificates, or other professional qualifications. Data that is mandatory for participating in the application process is marked accordingly as mandatory information. Unless a third-party provider whose service we use to provide the online application function is named in this data protection declaration, the data will not be passed on to third parties.
(2) We process the aforementioned data for the purpose of carrying out the application process. If you have given us consent, the legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. If the processing of the aforementioned data is for the initiation of contractual relationships, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.
(3) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the event that an employment relationship, training relationship, internship, or other service relationship arises following the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process ends with the receipt of a rejection. In this case, the data will be deleted after four weeks. Deletion will not occur if further processing and storage of your personal data is necessary in individual cases to assert, exercise, or defend legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. Deletion will also not occur if we are obligated to further store your personal data due to legal regulations.
(4) You can revoke any consent you have given us at any time. You can object to the processing of your personal data at any time. In particular, you have the option to withdraw your application at any time. As part of the application process, you should only provide us with the personal data that is necessary for participating in and conducting the application process. There is no legal or contractual obligation to provide data. However, we would like to point out that without this data, we cannot carry out the application process and cannot consider your application. The same applies in the event of an objection to the processing of your data. You can have the data stored about you changed at any time.
(1) To use additional functions of our website, we offer the possibility to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The mandatory information requested during registration is marked accordingly and must be provided in full. Otherwise, we will reject the registration. The following data is collected during the registration process: first name, last name, email address.
(2) At the time of registration, the IP address as well as the date and time of registration are also stored. As part of the registration process, the user’s consent to the processing of this data is obtained.
(3) Registration is required to provide certain content and services on our website. We only use the data entered for the purpose of using the respective offer or service or to provide the services for which you have registered. In the event of important changes to our offers, services, or benefits, for example, regarding the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you about this. The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a) GDPR. If the registration serves the conclusion or implementation of a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR represents an additional legal basis.
(4) You can revoke any consent you have given at any time. The legality of the data processing that has already taken place remains unaffected by the revocation.
(5) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when the registration on our website is canceled or changed. You have the option to cancel the registration at any time. You can have the data stored about you changed at any time. Legal retention periods remain unaffected.
(6) We only transmit personal data to third parties if this is necessary as part of the contract processing. Further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
(7) If you have given us your consent, the legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. Otherwise, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.
We process and/or store your personal data in the EU on servers in the Google Cloud Platform and at Raidboxes in Germany.
We process your AI queries within the neuroflash app in the EU and in the USA on servers of external providers. AI providers in the USA have submitted to the EU-US Data Privacy Framework between the European Union and the USA, have certified themselves, and have thereby committed themselves to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.dataprivacyframework.gov/EU-US-Framework
(1) We offer paid services on our website. For this purpose, we process personal data provided by you.
(2) The processing takes place for the purpose of establishing and implementing a contractual relationship with you. If you have given us consent for this, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. Otherwise, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
(3) You can revoke your consent at any time. You can object to the processing of your personal data at any time. However, we would like to point out that a contract cannot be concluded without this data.
(4) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when we no longer need your personal data to carry out the contractual relationship. Deletion will not occur if we are obliged to further store your personal data due to legal regulations.
(1) For the execution of payment processing, we transmit the payment data provided by you to Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
(2) The transmission of the payment data and the processing by the aforementioned payment service provider(s) takes place for the purpose of payment processing. The use of external payment service providers enables us to offer you a selection of different payment methods and thus to make the types of payment processing more flexible for both you and us. This is also our legitimate interest. If you have given us your consent, the legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. If the processing of the aforementioned data takes place for the handling and execution of the contractual relationship, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.
(3) You can revoke any consent you have given at any time. You can object to the processing of your personal data at any time. However, we would like to point out that without the transmission of the payment data and/or the processing by the payment service provider, you will not be able to use any or at least not all payment methods, and contract execution may not be possible.
(4) (4) Your payment data will be transmitted to and processed on servers of our payment service provider in the USA. The payment service provider has submitted to the EU-US Data Privacy Framework between the European Union and the USA, has certified itself, and has thereby committed itself to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.dataprivacyframework.gov/EU-US-Framework
neuroflash GmbH uses Hubspot (Hubspot, Inc., Two Canal Park, Cambridge, MA 02141, United States). This is an integrated software solution with which we cover various aspects of our online offering. These include, among others:
Our registration service enables visitors to our website to learn more about our company, download content, and provide their contact information as well as other demographic information. This information, as well as the content of our website, is stored on the servers of our software partner Hubspot. It may be used by us to contact visitors to our website and to determine which services of our company are of interest to them. More information about Hubspot’s privacy policy: https://legal.hubspot.com/privacy-policy.
Furthermore, neuroflash GmbH uses the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, to obtain your consent for the storage of certain cookies on your device or the use of certain technologies as well as for the data protection-compliant documentation of this consent. When you access our website, Usercentrics is loaded to display a consent request to you. The following personal data is processed: Your IP address, consent data (e.g., approval or rejection), timestamps, browser information, device information, and the URL of the accessed page. The processing is based on Art. 6 para. 1 lit. c GDPR to fulfill our legal obligation to obtain and document consents. The consent data is stored for 3 years. Further information can be found in the privacy policy of Usercentrics at https://usercentrics.com/de/datenschutzerklaerung/.
neuroflash GmbH also uses the Stape.io service of Stape Inc., 30 N Gould St Ste R, Sheridan, WY 82801, USA, for the server-side delivery and management of tracking scripts and tags, especially in connection with Google Tag Manager and other marketing tools. Tracking data is first transmitted to Stape.io servers before being forwarded to third parties such as Google. This enables more data protection-friendly processing, better control over data transfer, and improved website loading speed. The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The data transfer to the USA is based on EU standard contractual clauses. Further information can be found in the Stape.io privacy policy at https://stape.io/privacy-policy.
When you commission services of our neuroflash app, we collect the following information, insofar as it is provided to us: First name, last name, a valid email address, postal address, information that is necessary for the execution of the order you have placed.
The collection of this data takes place to fulfill our (pre-) contractual obligations to you; to be able to identify you as our customer; to carry out our respective contractual performance obligations (see General Terms and Conditions); for administrative processing and invoicing of the respective order; for correspondence with you; for invoicing; for the handling of any existing liability claims and for the assertion of any claims against you.
Data processing takes place at your request and is necessary according to Art. 6 para. 1 sentence 1 lit. b) GDPR for the aforementioned purposes for the appropriate processing of the order and for the mutual fulfillment of obligations from the order. For the processing of any existing liability claims and the assertion of any claims against you, processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in settling your liability claims or defending ourselves against them.
(2) Duration of Data Storage
Insofar as necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and processing of a contract. In addition, we are subject to various storage and documentation obligations that arise, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The storage or documentation periods specified therein are two to ten years. Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can usually be three years. Third parties used by us will store your data on their system for as long as it is necessary in connection with the provision of services for us according to the respective order.
(3) Disclosure of Data to Third Parties: Your personal data will not be transmitted to third parties for purposes other than those listed below.
The following categories of recipients may gain access to your personal data:
The service providers are usually processors; we would like to point out the following: Like any larger company, we also use external domestic and foreign service providers for the processing of our business transactions (e.g., in the areas of IT, telecommunications, sales, and marketing). These only act according to our instructions and have been contractually obliged in the sense of Art. 28 GDPR to comply with the data protection regulations.
Regarding the guarantees of an adequate level of data protection in the event of data transfer to third countries, we would like to point out the following: Within the scope of our business relationships, your personal data may be passed on or disclosed to third parties. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing takes place exclusively to fulfill the contractual and business obligations to us. We will inform you about the respective details of the transfer below at the relevant points.
The European Commission certifies certain third countries with a level of data protection comparable to the EEA standard through so-called adequacy decisions. A list of these countries and a copy of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Some of the providers we use are located outside the EU, specifically in the USA. Some of these providers have submitted to and certified under the EU-US Data Privacy Framework between the European Union and the USA, thereby committing themselves to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.dataprivacyframework.gov/EU-US-Framework
Insofar as the providers from the USA have not submitted to the EU-US Data Privacy Framework between the European Union and the USA, we conclude standard contractual clauses with the providers (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), or other suitable guarantees according to Art. 46 GDPR.
Copyright © 2024
