Data protection

1. data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the "Information on the controller" section of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This may include, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have further questions on the subject of data protection.

Analysis tools and tools from third-party providers

When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. hosting

We host the content of our website with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).

For details, please refer to Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.

The use of Hetzner is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that our website is as reliable as possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3 General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Note on the responsible body

The controller responsible for data processing on this website is:

Invest4Kids GmbH, Fabrikstraße 7, 24103 Kiel

Phone: +49 123 456789
Email: info@invest4kids.de

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if special categories of data are processed in accordance with Art. 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following paragraphs of this privacy policy.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., passing on data to tax authorities), if we have a legitimate interest in passing on the data in accordance with Art. 6 (1) lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on our customers' personal data on the basis of a valid contract for data processing. In the case of joint processing, a contract for joint processing is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising; if you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 para. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time if you have further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we generally need time to check this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

4. data collection on this website

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, for the provision of certain functions you have requested (e.g., for the shopping cart function) or for the optimization of the website (e.g., cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

5. analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used, and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.

Mouseflow records randomly selected individual visits (only with anonymized IP addresses). This creates a log of mouse movements, mouse clicks and keyboard interactions with the aim of randomly replaying individual website visits and deriving potential improvements for the website. The data collected is not personal and is not passed on to third parties. The data collected is stored and processed within the EU.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

If you do not want to be recorded, you can disable this globally for the browser you are currently using on all websites that use Mouseflow by clicking on the following link: https://mouseflow.de/opt-out/

Further information on data protection and data security at Mouseflow can be found here: https://mouseflow.com/privacy/.

JotForm

This website uses JotForm, a service provided by JotForm Inc, 111 Pine St. Suite 1815, San Francisco, CA 94111, USA, to create and manage online forms.

The forms are used to generate leads, whereby personal data such as name, e-mail address and telephone number are collected. This data is used to contact you and process your request.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

JotForm stores and processes your data on servers inside and outside the EU. For more information about JotForm's privacy practices, please visit: https://www.jotform.com/privacy/.

6. plugins and tools

YouTube with enhanced data protection

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used to personalize browsing on YouTube. Ads played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user's browser, which, similar to cookies, contain personal data and can be used for recognition purposes. Details on extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about data protection on YouTube, please refer to their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This allows Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font will be used by your computer.

For more information about Google Fonts, visit https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to check whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information for the analysis (e.g., IP address, length of time the website visitor stays on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to Google's privacy policy and terms of service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

7. self-developed plugins and integrations

Internal tools and services

Our website uses internally developed plugins and integrations to improve the user experience and data security. These tools do not collect and process any personal data outside of the purposes stated in this privacy policy.

8. tipster program

Automatic participation

After signing the contract, we automatically add our customers to our referral program to provide them with a personal referral link.

What data is processed?

Name
E-mail address

Purpose of the processing

Creation and management of the personal referral link
Processing of recommendations and premium payments

Legal basis

Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in customer loyalty and referral marketing).

Service provider

We use the software "Referral Rock" (Referral Rock Inc., based in the USA) for technical processing. The above-mentioned data is used exclusively for the creation and management of the referral link.
If data is transferred to the USA, this is done on the basis of the current EU standard contractual clauses or the EU-US Data Privacy Framework in order to ensure an adequate level of data protection.

Voluntariness & contradiction

Participation in the tipster program is voluntary. Active use of the link is not required. Customers can object to participation at any time. In this case, the data will be deleted immediately.

9. WhatsApp communication and WhatsApp chatbot

The responsible body named in this privacy policy is responsible for data processing in the context of WhatsApp communication.

9.1 General information on the use of WhatsApp

We use WhatsApp for customer communication, to send the latest information and offers, and for customer support. We also offer a WhatsApp chatbot for certain events or services.

The service is provided via the official WhatsApp Business API in conjunction with the technology provider Superchat (SuperX GmbH, Prenzlauer Allee 242-247, 10405 Berlin, Germany, hereinafter referred to as "Superchat").

Primary data processing takes place on servers in Frankfurt am Main, Germany, ensuring that processing is carried out within the EU and in accordance with the standards of the General Data Protection Regulation (GDPR).

9.2 Categories of data processed

When you use our WhatsApp chatbot and WhatsApp services, we process the following personal data:

Your phone number
Your WhatsApp profile name
Your first name (if available)
Your communication and interaction data in the chat
Your clicking behavior within the chat
Publicly available information from your social media profiles (if relevant)
Your navigation behavior on our website
Other data entered by you during the chat interaction
Technical log data (e.g., IP address, browser used, etc.)

For more information about data processing by WhatsApp, please refer to WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

9.3 Legal basis for data processing

The processing of your personal data is based on different legal grounds depending on the context:

Art. 6 para. 1 lit. a GDPR – Consent:
If we process your data to send you information or marketing communications via WhatsApp, we will only do so with your express consent. You can give your consent via the chat by selecting the "START" button. You can revoke your consent at any time by sending "STOP" in the chat.

Art. 6 para. 1 lit. b GDPR – Contract fulfillment or contract initiation:
If you use WhatsApp for customer service or contract processing (e.g., for support requests or order processing), your data will be processed for the purpose of fulfilling a contract or taking pre-contractual measures.

Art. 6 (1) (f) GDPR – Legitimate interest:
In certain cases, processing may be based on our legitimate interest in effective customer communication. This applies, for example, when we analyze how our chatbot is used in order to improve it.

Section 25 (1) TTDSG – Consent for cookies or device access:
If the processing involves tracking technologies such as cookies or device fingerprinting, this will only take place with your separate consent in accordance with Section 25 (1) TTDSG. This consent can be revoked at any time.

9.4 Storage period and data deletion

We only store your data for as long as it is necessary for the respective processing purposes:

If you withdraw your consent (by typing "STOP" in the chat), your personal data will no longer be used for the WhatsApp service and will be anonymized.
Communication histories are deleted after 12 months at the latest, provided there is no legal obligation to retain them.
If the data is required for contract processing, it will be stored in accordance with the statutory retention periods, in particular in accordance with § 147 AO (6 years) or § 257 HGB (10 years).

9.5 Data transfer and possible transfer to third countries

Your phone number and communication data will be transmitted to the following companies as part of your use of WhatsApp:

9.5.1 Processing within the EU (Germany)

Your data is primarily processed on servers in Frankfurt am Main, Germany, which are hosted by Superchat. This means that your data is processed within the EU and is subject to the high data protection requirements of the GDPR.

9.5.2 Possible transfer to third countries (in particular the USA)

Despite primary processing in the EU, data may be transferred to third countries (in particular the US) in the following cases:

Support requests or system maintenance by Superchat, Inc.: If technical support from Superchat is required, Superchat, Inc. employees in the United States may access personal data.
Data transfer by WhatsApp to Meta (USA): WhatsApp Ireland Limited processes the data within the EU, but may transfer data to Meta Platforms, Inc. (USA).

9.5.3 Data protection measures for transfers to third countries

If data is transferred to the US, the following protective measures are in place:

EU-US Data Privacy Framework: Superchat participates in the EU-US Data Privacy Framework, which is designed to ensure an adequate level of data protection.
EU Standard Contractual Clauses (SCCs): Superchat and WhatsApp use standard contractual clauses from the European Commission to ensure a level of data protection that complies with the GDPR.

9.6 Revocation and rights of data subjects

You have the right:

Revoke your consent at any time (by typing "STOP" in the chat or sending an email to info@invest4kids.de)
Obtain information about your stored data in accordance with Art. 15 GDPR
To request the correction of incorrect data in accordance with Art. 16 GDPR
To request the erasure of your data in accordance with Art. 17 GDPR, provided that there are no legal retention obligations to the contrary.
To request the restriction of processing pursuant to Article 18 GDPR
To object to data processing pursuant to Art. 21 GDPR if it is based on our legitimate interest

You can send inquiries regarding your data protection rights to the following email address: info@invest4kids.de.

9.7 Changes to this section

We reserve the right to modify this section of the Privacy Policy at any time to comply with new legal requirements or changes to our WhatsApp services. The current version can be found in the Privacy Policy on our website.

10. Changes to this privacy policy

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.