1. Name and Address of the Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Hana Yousefi-Esslinger
c/o Ideabay GmbH
Tal 15
80331 Munich
Phone: +49 89 21544639
Email: info@yousophy.com
Website: yousophy.com

II. General Information on Data Processing

1. Scope of the Processing of Personal Data

We process the personal data of our users only to the extent necessary to provide a functional website as well as our content and services.
Processing is carried out on the basis of a legal permission, in particular pursuant to Art. 6 GDPR – for example to fulfill a contract, based on consent, to fulfill legal obligations, or due to legitimate interests.

2. Legal Basis for the Processing of Personal Data

If we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs when a legally prescribed storage period expires, unless further storage of the data is required for the conclusion or fulfillment of a contract.

III. Disclosure of Data to Third Parties; Service Providers

1. Disclosure of Data to Third Parties

Your personal data will only be disclosed to third parties if this is necessary for the fulfillment of a contract, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent. If data is transmitted to third parties based on a legitimate interest, this will be explained in this privacy policy. In addition, data may be disclosed to third parties if we are legally obliged to do so or by enforceable administrative or judicial order.

2. Service Providers

We reserve the right to use service providers for the collection or processing of data. Service providers receive from us only the personal data that they need for their specific task. For example, your email address may be passed on to a service provider so that they can deliver a newsletter you have ordered. Service providers may also be commissioned to provide server capacity. Service providers are usually involved as so-called processors, who may only process the personal data of users of this online service on our instructions.

Unless service providers are already named in this privacy policy, they fall into the following categories:

• IT service provider (cloud hosting) – Ireland

• IT service provider (hosting) – Netherlands

• IT service provider (online forms and surveys) – Belgium

• IT service provider (email marketing/mailings) – Lithuania

• IT service provider (process automation) – USA

  
  

3. Transfer of Data to Non-EEA Countries

We also transfer personal data to third parties or processors based in countries outside the European Economic Area (EEA). In such cases, we ensure before the transfer that the recipient provides an adequate level of data protection (e.g., through self-certification under the EU-U.S. Data Privacy Framework or through the agreement of so-called EU standard contractual clauses with the recipient), or that sufficient consent has been obtained from our users. You may request an overview of the recipients in third countries and a copy of the specific arrangements in place to ensure an adequate level of data protection. Please use the contact information provided in section I for this purpose.

IV. Data Collection When Visiting Our Website

1. Description and Scope of Data Processing

When our website is used for informational purposes only – that is, if you do not register or otherwise transmit information to us – we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, our service provider collects only anonymized usage data for stability and performance analysis, without the use of cookies or persistent identifiers. This data is technically necessary to display the website reliably.

These data may also be stored in our system's log files. These data are not stored together with other personal data of the user. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. Temporary storage of the IP address by the system is necessary to deliver the website to your computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. Additionally, the data is used to optimize the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place. These purposes also constitute our legitimate interest in the processing of data under Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session ends. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object.

V. Contact Form and Email Contact

1. Description and Scope of Data Processing

Our website provides a contact form that can be used for electronic communication. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. This data includes:

• Email address

• Role (seeker, experience sharer, or both)

• Session preference (e.g., free, paid, donation-based)

• Topic of interest

• Consent to contact

Your consent will be obtained as part of the submission process and this privacy policy is referenced.

Alternatively, contact can be made via the email address provided. In this case, the personal data transmitted by email will be stored.

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if consent has been given. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then Art. 6 para. 1 lit. b GDPR also applies.

The processing of personal data from the input mask is used solely for processing the contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. Any other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form and those sent by email, this is the case when the conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The user may revoke their consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

The user can object to the storage of their personal data at any time by contacting us via the email address provided in section I. All personal data stored in the course of contacting us will be deleted in this case.

VI. Rights of the Data Subject

Applicable data protection law grants you, as the data subject, the following rights with respect to the controller regarding the processing of your personal data:

1. Right of Access (Art. 15 GDPR)

You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria used to determine that period, the existence of a right to rectification, deletion, restriction of processing, or objection to such processing, the right to lodge a complaint with a supervisory authority, the source of your data if not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing, and your right to be informed of the safeguards in accordance with Art. 46 GDPR if your data is transferred to third countries.

2. Right to Rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and/or the completion of incomplete data stored by us.

3. Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data under the conditions of Art. 17 para. 1 GDPR. This right does not apply in particular if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data where the accuracy of the data is contested by you, if you oppose the deletion of the data and request the restriction instead, if we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or if you have objected to the processing pending the verification of whether our legitimate grounds override yours.

5. Right to Notification (Art. 19 GDPR)

If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about those recipients.

6. Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request the transmission to another controller, where technically feasible.

7. Right to Withdraw Consent (Art. 7 para. 3 GDPR)

You have the right to withdraw any consent given at any time with future effect. In the event of withdrawal, we will delete the affected data without delay, unless further processing can be based on another legal ground for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint (Art. 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with the competent supervisory authority. You may also contact the data protection authority at your place of residence, which will forward your concern to the responsible authority.

Based on our registered office in Munich, our competent supervisory authority is:
Bavarian Data Protection Authority (BayLDA)
Promenade 27, D-91522 Ansbach
www.lda.bayern.de

Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

VII. Further Information and Contact

If you have any further questions regarding data protection, please contact us via the email address provided above under Section I.