Privacy Policy Overview

The provider and controller is Coco GmbH, Franz-Senn-Straße 13, 81377 Munich, Germany. Contact to our Data Privacy Officer privacy@together.biz. Do not hesitate to contact us.

We differentiate the website from the actual TOGETHER software, which follow different technical-conceptual rules.

Website (www.together.biz without app.together.biz)

Services / Topic:

Use:

Data:

Analytical /Tracking

No

No

User’s contact in contact forms and newsletters

Currently no, email does it currently. We send our app mails via Brevo (Sendinblue), see below, which will be used soon.

No,

later e-mail, surname, first name; Company, Purposes

Traffic Optimization

Cloudflare (EU), Raidboxes (Germany, Münster)

No

Application (app.together.biz)

Services / Topic:

Use:

Data:

Analytical /Tracking

We use the privacy-friendly Matomo .

We anonymize all data.

Traffic Optimization

Without an external technical service provider

No

Account

Registration and login directly through the application

E-mail, surname, first name, screen name, password, wallet ID if applicable

Convert images and presentations

We use the technical service provider iLovepdf, Sabino de Arana 60 Barcelona, Spain

All data that is in their files, e.g. names in presentations. But, see left: Europe and exemplary.

Payments

Dienstleister Stripe, Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Irland

Surname, first name, credit card details and other payment data such as term and CVV.

AI Text assistant

Aleph Alpha GmbH, Grenzhöfer Weg 3669123 Heidelberg, Germany, with Luminous.

Open AI, L.L.C., 3180 18th St, San Francisco, CA 94110 USA, with ChatGPT. We want to remove OpenAI as soon as the quality of a European vendor for our features is at the same level. We strongly caution against applying prompts to personal data.

Please do not enter any personal information. While we’ve turned off learning modes, we think that’s a good hygiene rule for AI.

Monitoring of technical infrastructure

Sentry, USA, 45 Fremont Street, 8th Floor, San Francisco, CA 94105

No

Technical Logging

For troubleshooting and tracking abuse patterns (we are a video service with a wallet…) we log accessed URLs and IP addresses as well as browser data.

IP data, URLs tied to pseudonymous users, otherwise anonymized

Contacting and sending e-mails

Product “Brevo”, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany

Email, surname, first name, emails received, openings.

Advertising

You will only receive advertising e-mails from us with permission, which you can revoke. Necessary system mails are not included, e.g. room invitations.

We don’t have any advertising and we don’t share any data with anyone.

 

Privacy Policy

Last updated: December 6, 2023 (version 1.0)

Preamble

Dear visitor, dear applicant, dear other contractual partners or interested parties,

we, the “COCO – Communications & Collaboration GmbH” from Munich (Franz-Senn-Straße 13, 81377 Munich, Germany, info@together.biz), hereinafter simply referred to as “COCO” or “we”/”us”,

  • operate the TOGETHER software and its website under together.biz and
  • in accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), we inform you here about the processing of your personal data and your rights under data protection law. Which data is processed in detail and in what way depends on the services requested or agreed. To ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, please read the information below.

A.  General information on data processing

TOGETHER is a collaborative meeting software designed for modern teams. Depending on your relationship with us and how you have come into contact with our Services, different parts of our Privacy Policy will apply to you.

If you have joined or are visiting a room (whether with a FREE or PRO or ENTERPRISE account, or in future versions as a guest, without an account), our customer (a person or an organization) is the person responsible for the content (e.g. slides and texts) made available through TOGETHER. To understand how your data is processed, you need to check their policies. If you believe that another user is offering content on our services that violates the law or is otherwise offensive, in particular pornographic, racist or anti-Semitic, and neither room moderators nor room owners are remedying this, please report the respective user to us using the reporting function.

In all other cases, COCO is the controller of your data and the following provisions apply.

A.1   COCO as Data Controller

The person responsible for data processing is “Coco – Communications & Collaboration GmbHW, Franz-Senn-Straße 13, 81377  Munich, Germany, info@together.biz, registered in the commercial register of the Local Court of Munich under HRB 270907 B, represented by the managing director Christoph Kappes, telephone: +49 (0) 172 1010289, e-mail info@together.biz, VAT ID DE348336157.

You can reach our internal data protection officer at privacy@together.biz.

A.2   Scope of data processing

Personal data is any information relating to an identified or identifiable natural person. Applicable legal provisions are, in particular, those of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 repealing Directive 95/46/EC, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, GDPR), as well as the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

A.3   Your rights

As a data subject, you have the following rights in accordance with the statutory provisions:

  • the right of access,
  • the right to rectification or erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • If you have provided us with your personal data on the basis of your consent, you can revoke your consent at any time with effect for the future,
  • You have the right to object to the processing of your personal data if your personal data is processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, insofar as there are reasons for doing so that arise from your particular situation.

To exercise these rights mentioned above, you can contact us at any time, e.g. by sending an email to privacy@together.biz.

You also have the right to lodge a complaint with a supervisory authority of your choice (e.g. Bavarian Commissioner for Data Protection https://www.datenschutz-bayern.de/vorstell/impressum.html).

An overview of the data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

A.4   Storage and deletion of data

The duration of data storage depends on the respective data category and processing activity. Unless the storage period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

A.5   Profiling and automated decision-making

We do not use automated decision-making, including profiling, when processing data through our website or platform.

A.6   Data integrity

For the best possible security of user data, our service is provided through the website via a secure SSL connection between your server and the browser. This means that the data is transmitted encrypted. We have implemented appropriate technical and organizational measures.

A.7   Data processing by third parties / data processing outside the EU

We may use third-party service providers to process your data for the purposes set out in this Privacy Policy. We process your personal data through the use of third-party service providers in the EU. Excluded are US providers Stripe (payment) and OpenAI (AI assistant as a comparison and learning tool to the German Aleph Alpha), whereby the data protection standards applicable in the EU are ensured. A list of data processors processing data outside the EU and relevant information can be obtained upon request by email to privacy@together.com.

B. Data processing on our website

B.1 Server protocol

Type and purpose of data processing

We collect data about each visit to our website together.biz (“Website”) (so-called server log files), including:

  • Name of the website visited, date and time of access, amount of data transferred, information about a successful access, browser type and version, operating system of the user,
  • Referrer URL (the previously visited page), IP address and the requesting provider, as well as,
  • if a mobile device is used, country code, language, name of the device, name and version of the operating system.

We only use these server log files for statistical evaluations, for the purpose of optimising our offer and to ensure the stability and operational reliability of the website.

Legal basis:  The legal basis for the storage of personal data (e.g. IP address) is Art. 6 (1) (f) GDPR on the basis of our legitimate interest in quality assurance and security of the website.

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations.

Duration of storage: The log files and IP addresses of website visitors, which we process as described below, will be deleted within 30 days.

B.2 Newsletter

Type and purpose of data processing

When subscribing to the newsletter, you must provide an email address and your name. In our newsletter we inform you about our services and products, which are also described on our website. If you subscribe to the newsletter, we also store the IP address, the device name, the mail provider as well as the first and last name of the user and the date of registration. We also analyze how users consume our newsletter. This includes tracking newsletter opens and how the newsletter is consumed.

Legal basis: The data processing described above for the purpose of sending and analysing our newsletters is carried out on the basis of your consent (Art. 6 (1) (a) GDPR).

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: Does not take place.

Duration of storage: We process your personal data until you withdraw your consent.

Revocation of consent: If you no longer wish to receive newsletters from us in the future and/or would like to object to the analysis of your data by such newsletters, please use the “unsubscribe” link in the footer of each newsletter or send us an e-mail to privacy@together.com. Please note: E-mails that are necessary for the functioning of the service, e.g. invitations to rooms, are not subject to advertising bans and cannot be unsubscribed; for this you would have to close your account (top right).

B.3 Careers section on our website

Type and purpose of data processing

We process your data through the careers section of the website when you apply for a vacancy at Coco.

To submit your application, you will need to provide your name, email address and CV.

We may also ask you for additional information to assist us in our recruitment process and in the event that you are offered a position. This information may include date of birth, telephone number, gender, your employment history, qualifications, country of residence, language skills, and other personal information you provide in your interactions with us.

You may also provide us with details about other people; for example, if someone else recommended the job to you (someone you know at Coco or otherwise). In these circumstances, you will need to check with that person to see if they consent to you sharing their personal information with us and for us to use it in accordance with this Privacy Policy.

In particular, we use your data to:

  • To contact you, communicate with you, keep you informed, and facilitate your application;
  • To respond to your questions or concerns;
  • Carrying out checks on employees by contacting references (if necessary);
  • To assist with any disputes, claims, or investigations related to your application, or
  • To comply with our legal, regulatory and professional obligations.

If you do not provide your personal information, you may face certain disadvantages, such as not being able to provide you with our recruitment processes or keeping you informed of future opportunities.

Legal basis: We process your personal data for the fulfilment of our contractual or pre-contractual obligations (on the basis of Art. 6 (1) (b) GDPR) or – if applicable – for the purpose of the employment relationship with you (§ 26 BDSG)

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: does not take place.

Duration of storage: We store your data for 6 months after being notified that we were unable to keep your application for a job at Coco.

B.4   Contact

Type and purpose of data processing

If you send us an e-mail or contact us via an online form, your contact details, name, e-mail address and other data provided will be processed by us in order to process your request or to be able to contact you at a later date for follow-up questions.

Legal basis: The processing of this data is only carried out on the basis of our legitimate interest in offering the public efficient communication channels (Art. 6 para. 1 lit. f. GDPR), or on the basis of the initiation of or communication within the framework of an existing business relationship (legal basis Art. 6 para. 1 lit. b. GDPR).

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: does not take place.

B.5   Website Analytics

Type and purpose of data processing

This website uses the privacy-friendly tool Matomo (https://matomo.org), which helps us to better understand the use of the website. We do this by automatically collecting and storing data when you visit a site, from which user profiles are created using pseudonyms. For this purpose, analysis cookies transmit your IP address to a service provider.

The pseudonymised user profiles will not be merged with personal data about the bearer of the pseudonym without a separate explicit consent. Once the purpose has ceased to exist and the use of Matomo has ceased to exist, the data collected in this context will be deleted.

Legal basis: The processing is carried out with your consent in accordance with Art. 6 (1) (a) GDPR.

Recipient: The recipient of the data is a processor on our behalf. For this purpose, we have concluded the necessary data processing agreement, according to which the service provider is obliged to process the data only in accordance with our instructions.

Withdrawal of consent: You can withdraw your consent at any time by clicking on “Manage cookie settings”. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.

B.6 User surveys

Type and purpose of data processing

We occasionally conduct online surveys about our products to gain insights and improve our services. If you participate in a survey on our website, we process your email address and the answers you have entered.

Legal basis: The processing is carried out with your consent in accordance with Art. 6 (1) (a) GDPR.

Recipient: The recipient of the data is a processor on behalf of the data processor. For this purpose, we have concluded the necessary data processing agreement, according to which the service provider is obliged to process the data only in accordance with our instructions.

Retention period: We process your personal data until you withdraw your consent.

Revocation of consent:  You can revoke this consent at any time with effect for the future by sending an e-mail to privacy@together.biz.

 

C.  Data processing in connection with our app

C.1   Provision of services

Type and purpose of data processing

As part of our service, you can create, edit and share rooms and content through the web application (later also a desktop application and a mobile application). Depending on what you or other users enter into the software, personal data may be processed.

Legal basis: The data processing described above is based on the performance of a contract and is necessary for this (Art. 6 (1) (b) GDPR).

Recipients:  The recipients of the data are technical service providers in Germany. As processors, the service providers are obliged to process the data only within the framework of our instructions set out in order processing agreements.

Transfer to third countries: Not applicable.

Duration of storage: Subject to statutory retention periods, we usually delete your data 3 years after the last user activity or after you have deleted your user account.

C.2   Registration and Login

Type and purpose of data processing

If you create an account or log in with an existing account, COCO will need to process certain personal data such as profile data (username, email, avatar photo if applicable), IP address and company data.

Legal basis: The data processing described above for the creation or access to your account is based on the performance of a contract and is necessary for this (Art. 6 (1) (b) GDPR).

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: Does not take place.

C.3   Payment

Type and purpose of data processing

When processing and monitoring payments for paid services, you will be required to provide us with certain information, which may include personal information, such as profile data, company name, VAT ID, company address.

Legal basis: The data processing described above for the creation or access to your account is based on the performance of a contract and is necessary for this (Art. 6 (1) (b) GDPR).

Recipient: The recipient of the data is STRIPE Payment Europe Ltd., Ireland, a subsidiary of a US service provider with global server instances. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: There are appropriate safeguards in place for the transfer of your data to countries outside the EU/EEA. The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.

Duration of storage: We will only process your personal data for as long as we need to. However, due to applicable tax laws, we usually keep the payment records for 10 years.

C.4   Artificial intelligence

Type and purpose of data processing

We also use AI tools based on large language models, such as generative pre-trained Transformer models (such as Luminous or ChatGPT), which are used to create texts.

Legal basis: The data processing described above is based on the fulfilment of a contract and is necessary for this (Art. 6 (1) (b) GDPR).

Recipients: Recipients of the data are technical service providers in Germany and one in the USA (OpenAI’s ChatGPT as a comparative LLM to Aleph Alpha). As processors, the service providers are obliged to process the data only within the framework of our instructions set out in order processing agreements.

Transfer to third countries: The above-mentioned US service provider has appropriate security measures in place for the transfer of your data to countries outside the EU/EEA. The data processing agreements with the service providers contain standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations. However, we strongly advise against handing over trade secrets or personal data to OpenAI’s AI assistant.

Duration of storage: Subject to statutory retention periods, we usually delete your data 3 years after the last user activity or after you have deleted your user account.

C.5   Identity

Type and purpose of data processing

We store the address of your wallet if you have logged in with a wallet. In this case, however, you do not need any personal information. Entering the e-mail address is optional and useful, e.g. for sending text boards.

We currently do video ID in-house and manually. In the future, this will be done by a service provider, who will then also store evidence of identification, such as ID photos.

Legal basis: The processing is carried out with your consent in accordance with Art. 6 (1) (a) GDPR. See also “Registration and Login” above.

C.6   Product Improvement

Type and purpose of data processing:

Coco may use in-app tracking tools to see how users use TOGETHER to improve the TOGETHER experience. We process the following information: usage data (log files, user ID, device data), device type.

Legal basis: The processing is carried out with your consent in accordance with Art. 6 (1) (a) GDPR.

Recipient: The recipient of the data is a data processor. For this purpose, we have concluded the necessary data processing agreement, according to which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries: There are appropriate safeguards in place for the transfer of your data to countries outside the EU/EEA. The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.

Withdrawal of consent: You can withdraw your consent at any time by clicking on “Manage cookie settings”. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.

C.7    Bug Tracking

Type and purpose of data processing:

We use services to track errors in TOGETHER and monitor the availability of the service. To do this, we need to process the following information: profile data and usage data (log files, device data).

Legal basis: The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR on the basis of our legitimate interest in quality assurance and app security.

Recipient:  The recipient of the data is Sentry, a service provider in the USA. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations.

C.8   Basic customer support

Type and purpose of data processing

You can send inquiries to customer support to report errors or have errors fixed that may occur while using the service. In order to respond to basic customer support requests that do not involve access to your files, we use your profile data (name, etc.) and usage data (log files, device data) as well as company data to respond to your request.

Legal basis: In the case of the processing of personal data, the legal basis for this is Art. 6 (1) (b) GDPR and is based on the fulfilment of our service contract.

Recipient:  The recipient of the data is a service provider in Germany. He acts in accordance with our contractual instructions.

Transfer to third countries: Not applicable.

C.9   Customer support with file access

Type and purpose of data processing

You can send inquiries to customer support to report errors or have errors fixed that may occur while using the service. In order to respond to specific customer support requests, we may need access to your content/files and  any information stored therein, as well as profile data such as  name, email address, affiliate and location (city or country), as well as usage data such as in-app activity, log files, device data, in order to respond to your request.

Legal basis: The processing is carried out with your consent in accordance with Art. 6 (1) (a) GDPR.

Recipient:  The recipient of the data is a service provider in Germany that assists us in managing and responding to our customers’ requests for help. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations.

Duration of storage: If personal data such as the content of a presentation or a file is shared with us, we will delete it as soon as the problem is resolved.

Revocation of consent:  You can  revoke this consent at any time with effect for the future by sending an e-mail to support@together.biz.

C.10 Types

Type and purpose of data processing

In order to display our application correctly, it is necessary to download certain fonts from web servers. In order to perform this action, the user’s IP address is processed.

Legal basis:  The legal basis for the storage of personal data (e.g. IP address) is Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the quality assurance and functionality of our app.

Recipient:  The recipient of the data is Adobe, a service provider in the USA (service is Typekit). As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Transfer to third countries: The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations.

C.11 Product News

Type and purpose of data processing

Based on feature usage and user activity, we may offer news and updates on features of our app to improve the user experience.

The legal basis for sending messages based on the actions of users is Art. 6 (1) (a) GDPR.

Recipient:  The recipient of the data is a service provider in Germany. As a processor on behalf of the service provider, the service provider is obliged to process the data only within the framework of our instructions set out in an order processing agreement.

Revocation of consent: You can revoke this consent at any time with effect for the future by clicking on “Unsubscribe” in the e-mail with the new products. It is not possible to unsubscribe from system-necessary e-mails such as room invitations and does not require permission.

C.12 Room Analytics

Type and purpose of data processing

We do not collect data about space usage.

Legal basis: Not applicable.

Recipient: Not applicable.

Transfer to third countries: Not applicable.

C.13 Measures for contacting sales

We collect and receive information from third parties for the purpose of our sales efforts. This includes data such as your business email address, position, and company.

Legal basis: We process contact data in order to pursue our legitimate interest as a company in being able to contact potential leads with relevant offers.

Recipients: Recipients of the data are service providers located in either the United States or Europe. As a processor on our behalf, the service provider is obliged to process the data only within the framework of our instructions set out in a data processing agreement.

Transfer to third countries: The data processing agreement with the service provider contains standard contractual clauses approved by the EU Commission and appropriate safeguards for compliance with data protection obligations.

D.  Third-party integrations

D.1 Presentations and content

If you use the PDF and PowerPoint file import feature in TOGETHER, we will send them to a service provider in Spain, iLovePDF. After conversion, they will be deleted there after 24 hours at the latest. We only transfer and use this data to import it into TOGETHER (legal basis: Art. 6 (1) (a) GDPR). For more information on how iLovePDF processes your data, please click on the following link.

D.2   Integration of Matomo

Our app also uses the privacy-friendly tool Matomo (https://matomo.org), which helps us to better understand the use of the website. We do this by compiling reports of activity on the site that do not identify specific individuals. For this purpose, analysis cookies transmit your IP address to a service provider.

Our Matomo instances are hosted by German service providers in accordance with our instructions (DPA).

E.  Cookies

Our website uses so-called cookies. Cookies do not cause any damage to your device and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your device and in your browser.

Most of the cookies we use are so-called session cookies. At the end of the session, these cookies are automatically deleted. The session cookies are used to match successive page views to the individual users who access our website at the same time. Other cookies are stored on your device until you delete them. These cookies allow us to recognise your browser on your next visit.

COCO uses only essential cookies, not performance and marketing cookies; these are necessary to display the website correctly and/or to perform its basic functions.

You can set your browser to notify you before you receive a cookie or to decide whether to accept cookies on a case-by-case basis, to exclude all incoming cookies in whole or in part, and to enable the automatic deletion of cookies when the browser is closed. You can manage many online advertising cookies served by companies through the American website http://www.aboutads.info/choices/ or the European Union website http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the use and, in particular, the comfort of use without the use of cookies may be limited.

In the event that personal data is processed, this processing is based on Art. 6 (1) (a) GDPR.

Cookies

We use technical cookies only.

Service provider

Name of the cookie

Function

Duration of storage

./.

./.

./.

./.

F.   Data processing on our social media pages

We operate pages on the following social media channels:

  • Facebook: facebook.com or mobile app of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, see privacy policy: https://www.facebook.com/policy.php,
  • X: x.com or mobile app of X Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, see also Privacy Policy: https://twitter.com/en/privacy,
  • LinkedIn: linkedin.com or mobile app of LinkedIn Corporation, Legal Department — Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, see also: https://www.linkedin.com/legal/privacy-policy

When you visit our social media pages, data is processed by us as well as by the responsible social media provider as the controller.

The respective provider of social media assumes the data protection obligations for you as a user, such as information on data processing, and is the contact person for your rights. This is due to the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this becomes necessary and we will then forward the request to them.

When using LinkedIn, X or Facebook, data may also be processed outside the EU.

F.1   Data processing and legal basis

Our social media pages allow us to communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process in order to respond to you or communicate with you. If you use social media on multiple devices, a cross-device analysis of the data can be carried out.

In addition, social media site providers may also use cookies and tracking technologies to analyze and improve their services.

The data processing is carried out with your consent or for the purpose of answering your enquiry (Art. 6 para. 1 lit. a, b GDPR) or based on legitimate interests in improving the services and presenting them to the outside world (Art. 6 para. 1 lit. f GDPR).

F.2   Facebook

Facebook and we use the Page Insights function to process statistical data of users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called “page insights”, which are described in more detail under https://www.facebook.com/business/a/page/page-insights.

The usage data of the Facebook pages is used to generate evaluations and statistics in the form of page insights, which help us to improve our marketing activities and our public image. We may also learn about users and their behavior who interact with or use our Facebook pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact the most with our Facebook page, or which content on the Facebook page was visited, shared or clicked on when and how often. Targeting people also includes demographic data or data about an individual’s location in order to target them with them. If you use Facebook on multiple devices, a cross-device analysis of the data can be carried out. The data collected in this way is statistically processed and is usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook’s privacy policy  under https://www.facebook.com/policy.php or under https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. Further information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can influence at any time how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the advertising preferences  settings in your Facebook account or https://www.facebook.com/ads/preferences, or the Facebook settings in your account or https://www.facebook.com/settings. Facebook also offers the possibility to get in touch with https://www.facebook.com/help/contact/1461223320847982 or https://www.facebook.com/help/contact/308592359910928 or to exercise rights.

G. Questions?

For more information, you can contact us at any time, e.g. by e-mail to privacy@together.biz.

Version 1.0 (December 6, 2023)