Privacy Policy

1. Introduction

It is very important to us to handle the data of our visitors and users with confidence and to protect them in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

In the following, we explain how we process your data at ownAI. We use the clearest and most transparent language possible so that you really understand what happens with your data.

2. General information

2.1. Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such data is processed when 'something happens to it'. For example, the IP is transmitted from the browser to our provider and stored there automatically. This is a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2. Applicable regulations/laws - GDPR, BDSG and TTDSG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law in Germany.

In addition, the TTDSG supplements the provisions from the GDPR as far as the use of cookies is concerned.

2.3. The person in charge

The person responsible for data processing is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the responsible person under:

ownAI
Jan Pawellek
Liebigstrasse 12
76135 Karlsruhe
Germany
info@ownai.com

2.4. How data is processed at ownAI

As we have already established, there are data (e.g. IP address) that are collected automatically. This data is mainly required for the technical provision of the website and web application. If we use personal data or collect other data, we will inform you about it or ask for your consent.

Other personal data you share with us consciously. You will find more detailed information below.

2.5. Your Rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

You can find out in detail what these rights are and how to exercise them in the last section of this Privacy Policy.

2.6. Data protection - Our view

Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. In addition, you as a visitor or user should be able to decide for yourself what happens to your data, when and by whom. Therefore, we commit ourselves to comply with all legal requirements, collect only the data necessary for us and treat them confidentially.

2.7. Disclosure and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.

A transfer of data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and the legal basis for processing cease to exist and the deletion is not contrary to any other legal obligations. A good overview of this is also provided by Art. 17 GDPR.

For further information, please refer to this Privacy Policy and contact the responsible person if you have any specific questions.

2.8. Hosting

This web application is hosted externally. The personal data collected on this web application is stored on the hoster's servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by the web application users.

External hosting is used for the purpose of secure, fast and reliable provision of our web application and in this context serves the fulfillment of contracts with our potential and existing customers.

The legal basis for the processing is Art. 6 (1) lit. a, b and f GDPR, as well as Section 25 (1) TTDSG, insofar as consent includes the storage of cookies or access to information in the terminal device of the web application visitor or user as defined by the TTDSG.

Our hoster only processes data that is necessary for the fulfillment of its service obligation and acts as our Data Processor, which means that it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster.

We use the following hoster:
Vercel
Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA
https://vercel.com/legal/privacy-policy

2.9. Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 (1) Sentence 1:

1. The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;
2. the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request;
3. processing is necessary for compliance with a legal obligation to which the person in charge subject to;
4. the processing is necessary in order to protect the vital interests of the data subject or another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested inthe person in charge was transferred;
6. processing is necessary for the purposes of safeguarding the legitimate interests of the responsible person(s) or of a/an third party necessary, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override this, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

3. What happens on our web application

By visiting our website and/or using our web application, we process personal data about you.

To protect this data as best as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that a https:// or a lock symbol is displayed in the address bar of your browser.

In the following, you will learn which data is collected when you visit our website and/or use our web application, for what purpose this is done and on what legal basis.

3.1. Data collection when calling up the website and/or using the web application

By calling up the website and/or using the web application, information is automatically stored in so-called server log files. This is the following information:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is temporarily required in order to be able to display our website to you permanently and without problems. In particular, this data serves the following purposes:

• System security of the website and web application
• System stability of the website and web application
• Website and web application troubleshooting
• Connecting to the website and web application
• Website and web application presentation

The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular the interest in the functionality of the website and web application as well as its security.

If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved.

Insofar as the server log files allow the identification of the person concerned, the data is stored for a maximum period of 14 days. An exception exists if a security-relevant event occurs. In this case, the server log files are stored until the elimination and final clarification of the security-relevant event.

A consolidation with other data does not take place.

3.2. Cookies

3.2.1. General

This website and web application use so-called cookies. This is a data record, information that is stored in the browser of your terminal device and is related to our website and web application.

By setting cookies, the navigation of the website and web application in particular can be made easier for the visitor.

3.2.2. Reject cookies

The setting of cookies can be prevented by adjusting the settings of your browser.

Here you can find the corresponding links to frequently used browsers:

• Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Safari: https://support.apple.com/en-lb/guide/safari/sfri11471

If you use another browser, it is recommended to enter the name of your browser and 'Delete and manage cookies' into a search engine and follow the official link to your browser.

Alternatively, you can also manage your cookie settings at https://www.aboutads.info/choices/ or https://www.youronlinechoices.com.

However, we must inform you that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website and web application.

3.2.3. Technically necessary cookies

We use technically necessary cookies on this website and web application to ensure that our website and web application function without errors and in accordance with applicable laws. They help to make the website and web application user-friendly. Some functions of our website and web application cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

3.2.4. Technically not necessary cookies

In addition, we also use cookies on our website and web application that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer website and web application functions that are, however, not technically necessary.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Technically not necessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3. Data processing through user input

3.3.1. Own data collection

We offer the following service on our web application: Use of AI models.

For this purpose, we collect the following data:

• Name
• E-mail address

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose ceases to apply and it is possible in accordance with the legal requirements.

3.3.2. Contact

a) E-mail

If you contact us by e-mail, we will process your e-mail address and any other data contained in the e-mail. These are stored on the mail server and partly on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible according to the legal requirements.

b) Phone

If you contact us by phone, the call data may be stored pseudonymously on the respective terminal device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to handle your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible according to the legal requirements.

3.4. Mailing service

3.4.1. MailJet

We use MailJet as a mailing service. This service is offered by Mailjet SAS, 4 rue Jules Lefebre, 75009 Paris - France. Mailjet is a product of Sinch Email, www.sinch.com.

MailJet is an e-mail sending service.

The processing is either based on consent according to Art. 6 para. 1 lit. a GDPR, as far as we use the mailing service to contact our leads. The consent can be revoked at any time.

When sending e-mails for the specific purpose of initiating a contract or in an existing contractual relationship, the legal basis for the processing is Art. 6 (1) lit. b GDPR, as the services used serve customer management and the fulfillment of our contractual performance.

Mailjet assures to store the data only on servers in Germany and Belgium.

You can find more information about data processing by Mailjet and answers to frequently asked questions about security and data protection here: https://www.mailjet.com/legal/privacy-policy/ and here: https://www.mailjet.com/legal/security-privacy/.

3.5. Analysis and tracking tools

3.5.1. Vercel Analytics

We integrate the functions of Vercel Analytics on our website and web application. This is a service of Vercel Inc, 440 N Barranca Ave Suite 4133 Covina, CA 91723 United States.

Vercel Analytics provides near real-time insights into website traffic based on actual visitor data. The platform provides detailed insights into site usage, such as most visited pages, top referrer sites and demographics, and integrates continuous performance measurements into the development process to monitor and optimize performance related to new deployments.

Data points (e.g. page views, user-defined events) are recorded anonymously so that data can be viewed without being linked or associated with a person, a customer or an IP address.

Vercel Web Analytics does not collect or store any information that would allow an end user's browsing session to be reconstructed across different applications or websites and/or personally identify an end user.

With Vercel Web Analytics, website traffic can be tracked and valuable insights gathered without using third-party cookies. Instead, end users are identified by a hash created from the incoming request. The lifetime of a visitor session is not stored permanently, but is automatically discarded after 24 hours.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the analysis to ensure the technical stability and maximum performance of our website and web application. When data is transferred to the USA, the EU Commission's standard contractual clauses (SCC) apply to ensure an appropriate level of data protection.

More information:
https://vercel.com/docs/analytics/privacy-policy
https://vercel.com/legal/privacy-policy

3.5.2. Vercel Speed Insights

We integrate the functions of Vercel Speed Insights on our website and web application. This service is offered by Vercel Inc, 440 N Barranca Ave Suite 4133 Covina, CA 91723 United States.

Vercel Speed Insights provides a detailed overview of the key performance indicators of our website and web application and enables us to make well-founded decisions for its optimization. For this purpose, a timestamp, the network speed, query parameters, the country (determined by the IP address, which is not saved), the operating system, the browser, device type and Web Vital are recorded.

No cookies are set and no personal profile is created.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the analysis to ensure the technical stability and maximum performance of our website and web application.

More information:
https://vercel.com/legal/privacy-policy
https://vercel.com/docs/speed-insights

3.6. Payment services

3.6.1. Stripe

We use Stripe on this web application. Stripe provides technology for the operation of online payment systems. This service is provided by Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland Attention.

For the purpose of payment processing, the payment data of the user is processed by Stripe as soon as a contractual relationship is established via this web application. Stripe's respective contractual and data protection provisions apply to the respective transaction.

Stripe also uses cookies to collect data. These cookies are only set with your consent. The consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for processing by Stripe is Art. 6 (1) lit. b GDPR. The data is processed for the purpose of contractual obligations.

We also have a legitimate interest in processing this data within the meaning of Art. 6 (1) lit. f GDPR to ensure a fast and reliable payment process.

The data will be deleted as soon as they are no longer required for data processing.

More details: https://stripe.com/privacy/

4. This is also important

Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.

4.1. Your Rights in detail

4.1.1. Right to information according to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information about the type and manner of processing. A detailed list can be found in Art. 15 (1) a) to h) GDPR.

4.1.2. Right to rectification according to Art. 16 GDPR

This right includes the correction of inaccurate data and the completion of incomplete personal data.

4.1.3. Right to deletion according to Art. 17 GDPR

This so-called "right to be forgotten" gives you the right, under certain conditions, to demand the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. You can find a detailed list of reasons in Art. 17 (1) lit. a to f GDPR. Furthermore, this "right to be forgotten" corresponds with the obligation of the controller under Art. 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.

4.1.4. Right to restriction of processing according to Art. 18 GDPR

This right is subject to the conditions set out in Art. 18(1)(a) to (d).

4.1.5. Right to data portability according to Art. 20 GDPR

Here, the basic right to receive one's own data in a common form and to transfer it to another data controller is regulated. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the extent that this is technically feasible.

4.1.6. Right of objection according to Art. 21 GDPR

You can generally object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

4.1.7. Right to "decision in individual cases" according to Art. 22 GDPR

You generally have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects vis-à-vis you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 (2) and (4) GDPR.

4.1.8. Other rights

The GDPR includes comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. This, however, only insofar as this is also possible or feasible with a reasonable effort.

At this point, we would like to inform you once again of your right to withdraw your consent in accordance with Article 7 (3) of the GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

In addition, we would like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

4.1.9. Right of appeal according to Art. 77 GDPR

You also have the right to complain to a data protection supervisory authority if you consider that a processing of personal data concerning you infringes this Regulation.

5. What if changes take place?

The current status of this Privacy Policy is 14.03.2024. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.