For Creators

• Getting started
• The basics
• Earn more

For Partners

• Getting started
• How it works
• Referral Program
• Case studies

Other resources

Privacy Policy

Preamble

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "Data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by Passionfroot (hereinafter referenced as “We” and “Us”), in the context of providing our services and in particular on our websites, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Services").

Last Update: 03 June, 2022

Table of contents

• Preamble
• Controller
• Overview of processing operations
• Legal Bases for the Processing
• Transmission of Personal Data
• Data Processing in Third Countries
• Erasure of data
• Use of Cookies
• Provision of online services and web hosting
• Contacting us
• Cloud Services
• Newsletter and Electronic Communications
• Online Marketing
• Profiles in Social Networks (Social Media)
• Plugins and embedded functions and content
• Changes and Updates to the Privacy Policy
• Rights of Data Subjects
• Terminology and Definitions

Controller

Passionfroot GmbH Chausseestraße 40A 10115 Berlin

Authorised Representatives: Jens Mannanal. E-mail address: [email protected] Legal Notice: https://www.passionfroot.me/impressum

Overview of processing operations

The following summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

• Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).
• Content Data (e.g. text input, photographs, videos).
• Contact Data (e.g. e-mail, telephone numbers).
• Meta/Communication Data (e.g. device information, IP addresses).
• Usage Data (e.g. websites visited, interest in content, access times).

Categories of Data Subjects

• Prospective customers.
• Communication partner (Recipients of e-mails, letters, etc.).
• Customers.
• Users (e.g. website visitors, users of online services).

Purposes of Processing

• Provision of our online services and usability.
• Conversion tracking (Measurement of the effectiveness of marketing activities).
• Office and organisational procedures.
• Marketing (e.g. by e-mail or postal).
• Feedback (e.g. collecting feedback via online form).
• Contact requests and communication.
• Profiles with user-related information (Creating user profiles).
• Remarketing.
• Provision of contractual services and customer support.
• Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).

Legal Bases for the Processing

In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

• Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany

In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - “BDSG”). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees.

Transmission of Personal Data

In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR).

You may contact Us (see information provided via “Contact Us”) to obtain a copy of the appropriate or suitable safeguards for any transfer to third party countries that affects you. Please give us some context on which processing you are referring to, and we will help you with your request.

Use of Cookies

Cookies are small files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online service. The information stored can include, for example, the language settings on a website, the login status, a shopping basket or the location where a video was viewed. The term "Cookies" also includes other technologies that fulfil the same functions as cookies (e.g. if user information is stored using pseudonymous online identifiers, also referred to as "User IDs").

The following types and functions of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser.
• Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used for range measurement or marketing purposes can also be stored in such a cookie.
• First-Party-Cookies: First-Party-Cookies are set by ourselves.
• Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
• Statistics, marketing and personalisation cookies: Cookies are also generally used to measure a website's reach and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Information on legal basis: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online service and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Retention period: Unless we provide you with explicit information on the retention period of permanent cookies (e.g. within the scope of a so-called cookie opt-in), please assume that the retention period can be as long as two years.

General information on Withdrawal of consent and objection (Opt-Out): Respective of whether processing is based on consent or legal permission, you have the option at any time to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as "opt-out"). You can initially explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online services).

Processing Cookie Data on the Basis of Consent: We use a cookie management solution in which users' consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g. website visitors, users of online services).
• Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).*

Services and service providers being used:

• Cookiefirst - Service provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, Phone: + 45 50 333 777, E-mail: [email protected], Company registration number DK34624607

Cookiefirst Cookie Policy

Provision of online services and web hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.

Collection of Access Data and Log Files: We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers .

• Processed data types: Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Provision of our online services and usability.
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).*

Services and service providers being used:

• Netlify: Hosting and services for web applications and websites; Service provider: Netlify, Inc, 2343 3rd Street, Suite 296, San Francisco, California 94107, USA.

Contacting us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the inquiring persons are processed insofar as this is necessary to answer the contact enquiries and any requested activities.

The response to contact enquiries within the framework of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

• Processed data types: Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).
• Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
• Purposes of Processing: Contact requests and communication.
• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

• Notion: Notion Labs, Inc. 548 Market St #74567, San Francisco, CA 94104-5401, USA.

Cloud Services

We use Internet-accessible software services (so-called "cloud services", also referred to as "Software as a Service") provided on the servers of its providers for the following purposes: document storage and administration, calendar management, e-mail delivery, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferences.

Within this framework, personal data may be processed and stored on the provider's servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users' devices for web analysis or to remember user settings (e.g. in the case of media control), based on applicable legal requirements.IThe  use of cloud services can be a component of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient and secure administrative and collaboration processes).

• Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).