Privacy Statement

Legal Documents
Privacy Statement

Data Protection

Responsible body in terms of data protection laws is:

neuroflash GmbH
Wulfsdorfer Weg 100, 22359 Hamburg, Germany
magicpen@neuroflash.com

Collection of general information
When you access our website, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is only information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the content of websites you have requested and is mandatory when using the Internet. We statistically evaluate anonymous information of this type in order to optimize our website and the technology behind it.

Comment function
If users leave comments on the blog, the time of their creation and the user name previously selected by the website visitor are saved in addition to this information. This serves our security as we can be prosecuted for illegal content on our website, even if it was created by users.

Newsletter
When you register to receive our newsletter, the data you provide will only be used for this purpose. Subscribers can also be informed via email about circumstances that are relevant to the service or registration (for example changes to the newsletter offer or technical conditions).
For an effective registration, we need a valid email address. In order to check that a registration is actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation email and the receipt of the response requested. Further data is not collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.
You can revoke your consent to the storage of your personal data and their use for sending the newsletter at any time. There is a corresponding link in every newsletter. You can also unsubscribe directly from this website at any time or inform us of your request using the contact options at the end of this document.

Contact form
If you contact us by email or contact form, the information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Due to the activation of IP anonymization on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. 



Collection and storage of personal data and the nature and purpose and use thereof when using our AI Avatar App
When you order services from our AI Avatar Generator service, we collect the following information, insofar as it is given to us: – first name, last name, – a valid email address, – address, – images uploaded by you, – information necessary for the execution of the order placed by you (including the trained AI model and the images generated by it). This data is collected in order to fulfil our (pre-) contractual obligations towards you; to be able to identify you as our customer; to carry out our respective contractual performance obligations (see GTC); for the administrative execution and billing of the respective order; for correspondence with you; for invoicing; for the settlement of any liability claims that may exist as well as the assertion of any claims against you. The data processing is carried out upon your request and is necessary according to Art. 6 Para. 1 S. 1 lit. b DSGVO for the aforementioned purposes for the appropriate processing of the order and for the mutual fulfilment of obligations arising from the order. For the settlement of any existing liability claims and the assertion of any claims against you, the processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO. Our legitimate interest is to settle your liability claims, to defend ourselves against them or…

Duration of data storage
To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years. We delete the images you provide after the AI model has been trained, usually after 4 hours. We delete avatar images after 7 days. If we need data to assert, exercise or defend legal claims against us, we will store this for the necessary period.

Third parties engaged by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order. Transfer of data to third parties We do not transfer your personal data to third parties for purposes other than those listed below. The following categories of recipients, may receive access to your personal data: Service providers for training the AI model, generating the avatar images and sending them. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. b or lit. f DSGVO, insofar as it does not involve order processors; government agencies/authorities, insofar as this is necessary for the fulfilment of a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 p. 1 lit. c DSGVO; Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DSGVO. The service providers are usually order processors; in this regard, we would like to point out the following: As with any larger company, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT, telecommunications, sales and marketing). They only act on our instructions and have been contractually obligated to comply with the provisions of data protection law in accordance with Art. 28 DSGVO.


With regard to the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, we would like to point out the following: In the course of our business relationships, your personal data may be passed on or disclosed to third parties. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations to us. We will inform you about the respective details of the transfer in the relevant places below.
Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

Some of the providers we use are located outside the EU, specifically in the USA. Currently, it is not possible to conclude data protection contracts with these providers that meet the requirements of the high European data protection standard. Nevertheless, we would like to make the functionalities available to you. However, we must point out that when using these services, your data will be processed in the USA, i.e. a third country that is insecure from a data protection perspective. In this case, you consent to these transfers in accordance with Art. 49 Para. 1 lit. a DSGVO. In this case, there is a risk that your data will be processed by authorities based there for purposes of which we are not aware. Normally, you will not be informed of these processing operations and you will not be able to make use of any active legal protection.
We conclude standard contractual clauses with the providers (the 2021 standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), or other appropriate safeguards in accordance with Art. 46 GDPR.



Changes to our privacy policy
We reserve the right to occasionally adjust this data protection declaration so that it always complies with the current legal requirements or to implement changes to our services in the data protection declaration, e.g. B. when introducing new services. The new data protection declaration then applies to your next visit.

Questions to the data protection officer
If you have any questions about data protection, please write us an email or contact our data protection officer directly:

Dr. Jonathan T. Mall
Europe (DE): +49 171 148 22 45
Jonathan.Mall@neuro-flash.com