PRIVACY POLICY

Introduction

We take the protection of the data of users of our website very seriously and are committed to protecting the information that users provide to us in connection with the use of our website. We also commit to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through the use of our digital assets when you access the services via your devices.

Please read this Privacy Policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read this policy, fully understood it, and do not agree with our approach, you must stop using our digital assets and services. By using our services, you acknowledge the terms of this Privacy Policy. Continued use of the services constitutes your consent to this Privacy Policy and to any changes to it.

The data controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Annika Shurafa, Rhinstraße 2, 10315 Berlin, Germany, email: annikashurafa.business@gmail.com.

In this Privacy Policy you will learn

• What data we collect

• How we collect data

• Why we collect this data

• To whom we share the data

• Where the data is stored

• How long the data is retained

• How we protect the data

• How we handle minors

• Updates or changes to the Privacy Policy

What data do we collect?

Below is an overview of the data we may collect:

Non personal data: Non identified and non identifiable information that you provide during the registration process or that is collected through the use of our services. Non personal data does not allow any conclusions about who it was collected from. The non personal data we collect consists mainly of technical and aggregated usage information.

Personal data: Individually identifiable information, meaning any information by which you can be identified or could be identified with reasonable effort. Personal data that we collect through our services may include information requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses, and more. If we combine personal data with non personal data, we will treat the combined data as personal data for as long as it remains combined.

How do we collect data?

The main methods we use to collect data are:

• We collect data when you use our services. When you visit our digital assets and use our services, we may collect, record, and store usage, sessions, and related information.

• We collect data that you provide to us directly, for example when you contact us via a communication channel (such as sending an email with a comment or feedback).

• We may collect data from third party sources, as described below.

• We collect data that you provide to us when you sign in to our services through a third party provider such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

• to provide and operate our services;

• to develop, customize, and improve our services;

• to respond to your feedback, requests, and inquiries and to provide assistance;

• to analyze demand and usage patterns;

• for other internal, statistical, and research purposes;

• to improve our data security and fraud prevention capabilities;

• to investigate violations and enforce our terms and policies and to comply with applicable law, regulations, or governmental requests;

• to send you updates, news, promotional materials, and other information related to our services. With promotional emails, you can decide whether you want to continue receiving them. If not, simply click the unsubscribe link in those emails.

To whom do we share this data?

We may share your data with our service providers in order to operate our services (for example storing data via third party hosting services, providing technical support, and similar services).

We may also disclose your data in the following circumstances:

• to investigate, detect, prevent, or take action against unlawful activities or other wrongdoing;

• to establish or exercise our rights of defense;

• to protect our rights, property, or personal safety and the safety of our users or the public;

• in the event of a change of control in us or in one of our affiliated companies (through a merger, acquisition, or purchase of all assets, among other possibilities);

• to collect, retain, and or manage your data via authorized third party providers (such as cloud service providers), to the extent reasonably necessary for business purposes;

• to work with third parties to improve your user experience. To avoid misunderstandings, we note that we may transfer or otherwise use non personal data to third parties at our discretion.

Please note that our services enable social interactions (for example publicly posting content, information, and comments and chatting with other users). We inform you that any content or data you provide in these areas may be read, collected, and used by others. We advise against posting or sharing information that you do not want to make public. If you upload content to our digital assets or otherwise provide it as part of using a service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and confirm that copies of your data may remain accessible even after deletion, on cached and archived pages, or after third parties have made a copy of or stored your content.

Cookies and similar technologies

When you visit or access our services, you authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services (tracking technologies). These tracking technologies may allow third parties to automatically collect your data in order to improve the navigation experience on our digital assets, optimize their performance, and provide a tailored user experience, as well as for security and fraud prevention purposes.

We may provide advertisements through our services and our digital assets (including websites and applications that use our services) that may also be tailored to you, such as ads based on your recent browsing behavior on websites, devices, or browsers.

To deliver these ads, we may use cookies, JavaScript, web beacons (including clear GIFs), HTML5 local storage, and other technologies. We may also use third parties such as ad network advertisers (meaning third parties that display ads based on your visits to websites) to deliver targeted ads. External ad network providers, advertisers, sponsors, and or traffic measurement services may also use cookies, JavaScript, web beacons (including clear GIFs), Flash cookies, and other technologies to measure the effectiveness of their ads and to tailor advertising content to you. These third party cookies and other technologies are subject to the specific privacy policy of the respective third party, not this one.

Where do we store the data?

Non personal data: Please note that our companies and our trusted partners and service providers are located worldwide. For the purposes explained in this Privacy Policy, we store and process all non personal data we collect in various jurisdictions.

Personal data: Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and, where necessary for the proper provision of our services and or required by law (as explained further below), in other jurisdictions.

How long is the data retained?

Please note that we retain the data we collect for as long as necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes, and to enforce our agreements.

We may correct, complete, or delete inaccurate or incomplete data at any time at our sole discretion.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer our services to you. Your data may be stored through our hosting provider’s data storage, databases, and general applications. It stores your data on secure servers behind a firewall and provides secure HTTPS access to most areas of its services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI DSS regulations (Payment Card Industry Data Security Standard) of the PCI Security Standards Council. This is a collaboration of brands such as Visa, MasterCard, American Express, and Discover. PCI DSS requirements help ensure the secure handling of credit card information (including physical, electronic, and procedural measures) by our shop and service providers.

Despite the measures and efforts taken by us and our hosting provider, we cannot and will not guarantee absolute protection and absolute security of the data that you upload, publish, or otherwise share with us or others.

For this reason, we ask you to set secure passwords and, where possible, not to send us or others any confidential information whose disclosure could, in your opinion, cause you significant or lasting harm. Since email and instant messaging are not considered secure forms of communication, we also ask you not to share confidential information via any of these channels.

How do we handle minors?

Children may use our services. However, if they want access to certain features, they may have to provide certain information. The collection of some data (including data collected via cookies, web beacons, and other similar technologies) may occur automatically. If we knowingly collect, use, or disclose data collected from a child, we will, in accordance with applicable law, provide notice and obtain parental consent. We do not condition a child’s participation in an online activity on the child providing more contact information than is reasonably necessary to participate in that activity. We use the data we collect only in connection with the services requested by the child.

We may also use a parent’s contact information to communicate about the child’s activities in the services. Parents may view data we have collected from their child, prohibit us from collecting further data from their child, and request that all data we have collected be deleted from our records.

Please contact us to view, update, or delete your child’s data. To protect your child, we may ask you to provide proof of your identity. We may deny access to the data if we believe your identity is questionable. Please note that certain data may not be deleted due to other legal obligations.

Legal basis and your rights as an EU resident

We use your personal data only for the purposes set out in this Privacy Policy and only if we believe that:

• the use of your personal data is necessary to perform or enter into a contract (for example to provide you with the services, customer support, or technical support);

• the use of your personal data is necessary to comply with relevant legal or regulatory obligations; or

• the use of your personal data is necessary to support our legitimate business interests, provided that this is always done in a proportionate manner that respects your data protection rights.

As an EU resident, you may:

• request confirmation whether personal data concerning you is being processed and request access to your stored personal data, as well as certain additional information;

• request to receive the personal data you have provided to us in a structured, commonly used, and machine readable format;

• request rectification of your personal data stored by us;

• request deletion of your personal data;

• object to our processing of your personal data;

• request restriction of processing of your personal data;

• file a complaint with a supervisory authority.

Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below.

In the course of providing the services, we may transfer data across borders to affiliated companies or other third parties and from your country or jurisdiction to other countries or jurisdictions worldwide. By using the services, you consent to the transfer of your data outside the European Economic Area (EEA).

If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we believe that an adequate or comparable level of protection for personal data exists. We will take appropriate steps to ensure that we have adequate contractual arrangements with our third parties to ensure appropriate safeguards are in place, minimizing the risk of unlawful use, alteration, deletion, loss, or theft of your personal data, and ensuring that such third parties act at all times in compliance with applicable laws.

Rights under California consumer privacy law

If you use the services as a resident of California, you may be entitled under the California Consumer Privacy Act (CCPA) to request access to and deletion of your data.

To exercise your right to access and delete your data, please see below for how to contact us.

Users of the services who are California residents and under 18 years of age may request and obtain deletion of their posted content by email to the address provided in the Contact section below. Such requests must be labeled “California Removal Request.” All requests must include a description of the content you want removed and sufficient information to enable us to locate the material. We do not accept communications that are not labeled or are not properly submitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not ensure that the material will be completely or comprehensively removed. For example, material you have posted may be republished or reposted by other users or third parties.

Updates or changes to the Privacy Policy

We may revise this Privacy Policy from time to time at our sole discretion. The version published on the website is always current (see the “Status” date). We ask you to review this Privacy Policy regularly for changes. In the event of material changes, we will post a notice on our website. If you continue to use the services after being notified of changes on our website, this will be deemed your confirmation and consent to the changes to the Privacy Policy and your agreement to be bound by the terms of those changes.

Contact

If you have general questions about the services or the data we collect about you and how we use it, please contact us at:

Name: Annika Shurafa
Email address: annikashurafa.business@gmail.com

Disclaimer

The information contained here does not replace legal advice and you should not rely on it alone. Specific requirements relating to legal terms and policies may vary from state to state and or from legal system to legal system. As stated in our Terms of Use, you are responsible for ensuring that your services are permitted under the law applicable to you and that you comply with it.

To ensure that you fully comply with your legal obligations, we expressly recommend that you seek professional advice to better understand which requirements apply specifically to you.

Status: February 28, 2022