logo

Privacy Policy

Privacy Policy Vivy Website

(Version 2.4, Status: May 2021)

Your privacy is important to Vivy GmbH ("Vivy", "us", "we"). We process your personal data in various contexts when you use our website. According to Article 13 and Article 14 General Data Protection Regulation ("GDPR") you have the right to be informed about the processing of your personal data. Therefore, please take the time to read this privacy policy carefully.

Overview:

§ 1 Name and address of the controller
§ 2 Contact details of the data protection officer
§ 3 Provision of the website
§ 4 Establishing contact via contact form and email
§ 5 Customer service
§ 6 Evaluation of customer feedback
§ 7 Disclosure of data
§ 8 Data transfer to third countries
§ 9 Your rights as a visitor
§ 10 Right of appeal to the supervisory authority

§ 1 Name and address of the controller

This privacy statement applies to the processing of your personal data by Vivy as the party responsible for this data processing in accordance with Article 4 No. 7 GDPR. In the following you will find our contact details:

Vivy GmbH

represented by the managing directors
Mr. Roland Kirch and Dr. Catharina Schauer

Schützenstraße 18
10117 Berlin
email: support@vivy.com
Tel: +49 30 568 39 530

§ 2 Contact details of the data protection officer

Vivy has appointed an external Data Protection Officer. You can contact our Data Protection Officer, Ms. Kathrin Schürmann (ISICO GmbH) under the above address ("zu Hd. Datenschutzbeauftragter") or via email address privacy@vivy.com.

§ 3 Provision of the Website

What categories of personal data do we process in this data processing?

To ensure a secure and stable Internet presence, the browser you use on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a server log file until it is automatically deleted. This applies to the following data:

  • IP address of the requesting computer
  • Browser type and browser version
  • Operating system used
  • Referrer URL (website from which access is made)
  • Hostname of the accessing computer
  • Date and time of the server request

What do we use your personal data for during this data processing?

The data is processed for the purpose of ensuring a smooth connection and comfortable use of the website as well as for improving system security, stability and functionality.

What is the legal basis for this data processing?

The legal basis for data processing is Article 6 Paragraph 1 S. 1 lit. f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.

How long do we store your personal data during this data processing?

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case when the respective session has ended.

§ 4 Establishing contact via contact form and e-mail

What categories of personal data do we process in this data processing?

When you contact us via the contact form, e.g. under "Submit request" or by email to an email address provided by us, the personal data you provide via the contact form or email is stored. This includes your email address and other information you provide us with.

What do we use your personal data for in this data processing?

We use your contact data to answer your inquiries.

What is the legal basis for this data processing?

The legal basis for data processing is the performance of our (pre-)contractual obligations in the context of the provision of our service offer for the use of the website in accordance with Article 6 Para. 1 S. 1 lit. b) GDPR.

How long do we store your personal data during this data processing?

We archive completed requests after 180 days. For statistical purposes, the inquiries remain archived in anonymized form for a further eight months and are then deleted.

§ 5 Customer service

What categories of personal data do we process in this data processing?

If you contact us via the information channels we provide, such as email or telephone, we process your contact data and the information you provide.

What do we use your personal data for in this data processing?

The data is processed in order to provide you with comprehensive service and to be able to answer your questions.

What is the legal basis for this data processing?

The legal basis for data processing is the performance of our (pre-)contractual obligations in the context of the provision of our service offer for the use of the website in accordance with Article 6 Para. 1 S. 1 lit. b) GDPR.

How long do we store your personal data during this data processing?

We archive completed requests after 180 days. For statistical purposes, the inquiries remain archived in anonymized form for a further eight months and are then deleted.

§ 6 Evaluation of customer feedback

What categories of personal data do we process in this data processing?

We evaluate the feedback of our users on different channels. For this purpose, we use the contact data you provide and the content of your feedback.

What do we use your personal data for in this data processing?

We use the emails you send us, our app, Google Play Store and App Store ratings and social media platforms as sources of feedback. We use your data to evaluate the feedback in order to constantly improve the visitor experience with our website and to find your feedback again.

What is the legal basis for this data processing?

The legal basis is your consent in accordance with Article 6 para. 1 sentence 1 lit. a) GDPR. You can revoke this consent at any time with effect for the future. However, the legality of the storage of the data that has taken place on the basis of your consent until the revocation is not affected by this. Your feedback will then no longer be used by us. You can send your revocation to support@vivy.com.

How long do we store your personal data during this data processing?

Your data will remain stored until it is no longer required for the purpose for which it was collected. We delete your data as soon as we no longer need them for analysis purposes - after 14 months at the latest.

§ 7 Disclosure of data

The data collected by us will only be shared with third parties if:

  • You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR,
  • The disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed,
  • We are legally obliged to disclose your data according to Art. 6 Para. 1 S. 1 lit. c) GDPR, or
  • This is legally permissible and necessary according to Art. 6 Para. 1 S. 1 lit. b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this Privacy Policy, this may include, in particular, data centres that store our website and databases, software providers and IT service providers that maintain our systems. If we pass on data to our service providers, they may only use the data to fulfil their assignments. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us. In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

To answer and document customer inquiries, we use the customer service tool Zendesk, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. Zendesk Inc. acts for us as a processor. The provider of this tool has the highest data protection standards and has received confirmation of  its European Binding Corporate Rules in accordance with Article 47 GDPR. You can find the privacy statement of Zendesk Inc. under https://www.zendesk.com/company/customers-partners/privacy-policy/ .

§ 8 Data transfer to third countries

In the context of the data processing described in this privacy statement, we may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding corporate rules for data transfer (Article 47 GDPR).

Where this is not possible, we base the transfer of data on exceptions according to Article 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is intended and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.

§ 9 Your rights as a visitor

Information: You have the right to request information from Vivy at any time about your personal data stored by us (Article 15 GDPR). This also applies to the recipients or categories of recipients to whom this data is passed on, the purpose and duration of storage.

Correction, deletion, restriction of processing: You also have the right to request correction under the conditions of Article 16 GDPR, deletion under the conditions of Article 17 GDPR or restriction of processing under the conditions of Article 18 GDPR.

Data transferability: You can also request data transfer at any time under the conditions of Article 20 GDPR.

Objection to processing: In the case of processing of personal data for the performance of tasks in the public interest (Article 6 para. 1 S. 1 lit. e) GDPR) or for the protection of legitimate interests (Article 6 para. 1 S. 1 lit. f) GDPR), you may object to the processing of personal data relating to you at any time with effect for the future. In the event of an objection, we must refrain from any further processing of your data for the aforementioned purposes, unless

  • there are compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms
  • or the processing is necessary to assert, exercise or defend legal claims.

Under the conditions of Article 21 para. 1 GDPR, data processing may be objected to for reasons arising from the specific situation of the data subject.

How can you exercise your rights?

To exercise these rights, please contact Vivy GmbH, Schützenstraße 18, 10117 Berlin, Germany or send an email to privacy@vivy.com

§ 10 Right of appeal to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a data protection authority. You may do so by contacting the data protection authority at your usual place of residence or at our headquarters. The address of the supervisory authority responsible for Vivy is

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstraße 219

10969 Berlin