German Version

Privacy Policy

https://storrito.com/, https://app.storrito.com/

We are pleased about your visit on our web pages, on which we offer you information about our enterprise, our achievements and also personalized functionalities. Transparency and integrity in the processing of your personal data is an important concern to us. We observe the data protection regulations, in particular the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG").

In this Privacy Policy we explain to you which information (including personal data) is processed by us during your visit and your use of our aforementioned Internet offers (together the "Websites") and which rights you are entitled to with regard to your personal data.

1. Who is the controller for data processing?

The controller according to data protection law for the processing of personal data is VIRE GmbH, Gertrudenstraße 9, 50667 Cologne, represented by the managing director Nils Pospischil, e-mail: support@storrito.com. Insofar as this Privacy Policy refers to "we" or "us", this refers in each case to the aforementioned company.

Our data protection officer can be contacted via the above-mentioned contact channels as well as at tobias@storrito.com.

2. What principles do we follow?

In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.

On these Websites we may also collect information that does not enable us to directly identify you. In certain cases - especially when combined with other data - this information may nevertheless be considered "personal data" in the sense of data protection law. We may also collect information on these Websites that does not enable us to identify you directly or indirectly; for example, aggregate information about all users of these Websites.

3. What data do we process? For what purposes and on what legal basis is this processing carried out?

You can access our Websites without directly providing personal data (such as your name, postal address or e-mail address). In this case, we must collect and store certain information in order to enable you to access our Websites. We also use certain analysis methods on our Websites. In addition, we offer you some functionalities on our Websites for which we have to collect personal data.

We collect and process personal data to the following extent:

Logfiles: When you visit our Websites, our web server automatically saves data and information of the terminal device and browser you are using. Information on the hardware model used, device ID, browser type (e.g. Firefox, Safari or Internet Explorer) and the operating system version and your IP address / MAC address are recorded.

For example, we automatically receive and store information about your browser in our server logs, including how you accessed and used our Websites, your IP address, device type and unique device identification numbers, device event information (such as crashes, system activity and hardware settings, browser type, browser language, date and time of your request and referral URL), geographic information (country or city) and other technical data collected by cookies that uniquely identify your browser. We may also collect information about how your device interacted with our website, including the pages viewed and links clicked. We may use identifiers to recognize you when you arrive at our Websites through an external link, such as a link that appears on a third party website.

We process this technical information in the log files of our systems and do not combine it with other personal data about you. We process the technical information to enable you to access our Websites, to ensure the functionality of our Websites and the security of our IT systems and to optimise our Websites. The legal basis for the processing is Art. 6 (1) (f) GDPR.

3.1. Contract execution / Registration / Storrito account: On our Websites we offer you the opportunity to register and create a Storrito account. To do this, we first request your email address and a self-chosen password. Once registered, you can use your Storrito account to capture additional content (such as videos) for the Instagram Stories creation, access it, and then share it using the linked Instagram profile. This tells us your Instagram ID and your Instagram password which we only store in encrypted form. In order to access your Storrito account, we may request the entry of data already collected during registration (in particular for your identification). We process the data to your Storrito account, to prepare and execute a contract between you and us, legal basis is Art. 6 (1) b) GDPR.

3.2. Invoicing: In the case of a paid subscription, you must provide your country and zip code information to the payment and invoicing agent Paddle.com, Market Ltd, 70 Wilson St, London, EC2A 2DB, United Kingdom, ("Paddle.com"). If you order a "Professional" account, Paddle.com collects your name, your VAT number, your credit card details and commercial invoice number on an external website or in the form of an own overlay to which you are forwarded for the purposes of the contract execution (Art. 6 (1) b) GDPR) as well as possibly in the context of your legitimate interest in fraud prevention (Art. 6 (1) f) GDPR). This information, with the exception of credit card details and the full VAT number (we only see the last four digits), can be viewed in the form of invoices and order histories. On the one hand, this serves to provide the subscribed upgrade and on the other hand we also have a overriding legitimate interest in this within the framework of the contractual cooperation with Paddle.com (Art. 6 (1) f) GDPR). Further information on how and why Paddle.com processes your personal data can be found in Paddle.com's privacy policy at: https://paddle.com/privacy/.

3.3. Marketing information by email: If you have subscribed to our email newsletter, we will process your email address and any information collected on your Storrito account, based on your consent, to provide you with customized information about our social media activities, offers and promotions, and upgrade services from partner companies such as Paddle.com that cooperate with us in the same areas. In addition, we can evaluate the data generated by the delivery and retrieval of our emails in aggregated form (delivery rate, open rate, click rates, conversion rate, unsubscribe rate, bouncer rate) as well as the data generated by your retrieval and use of these emails (opening time, hyperlinks clicked on, documents downloaded) for the purpose of analysing the success and use of the e-mails, provided that this includes your consent.

Your personal data will not otherwise be passed on to third parties, and we process your data exclusively for the selection of individualised content and for the dispatch of the newsletter within the framework of the consent you have given. The legal basis is Art. 6 (1) (a) GDPR.

3.4. Due diligence, corporate transactions or mergers: We may process any information about your account and the use of our services to the extent necessary in connection with acquisitions, mergers or other corporate transactions or in advance of to such transactions as part of the due diligence and to the extent that we have an overriding legitimate interest in such information (Art. 6 (1) f) GDPR).

3.5. Cookies: In order to make our offer as user-friendly as possible, we - like many well-known companies - use so-called cookies. Cookies are small text files that are stored in the internet browser you are using after you visit our website. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when a web page is called up again. Since cookies can be stored on your computer, you have control over their use. You can set your browser so that it informs you about the placement of cookies. In this way the use of cookies becomes transparent for you. You can delete already saved cookies at any time (even automatically). In addition, you can generally refuse the storage of cookies via your browser settings. However, this may mean that you may not be able to use all the features of our Websites. The data collected via cookies and the pseudonymous user profiles are processed for the operation and optimisation of the Websites and your user experience, in which we have a overriding justified interest on the basis of Art. 6 (1) f) GDPR. If we use cookies for analysis, tracking and/or marketing purposes, we will obtain your prior consent in accordance with Art. 6 (1) a) GDPR. We use the following types of cookies:

  • Strictly necessary cookies: These cookies are essential because they allow you to move within our services and use certain functions of our services. For example, the absolutely necessary cookies allow you to access your account. Storrito cannot function properly without these cookies.
  • Performance/Analytics Cookies: These cookies collect information about how you use a website. For example, a performance/analysis cookie collects information about which pages you visit most often, how much time you spend on this page, or whether you receive error messages from certain pages. These cookies do not collect any information that identifies you. The information collected by these cookies is anonymous and will only be used to improve the functioning of our services.
  • Functionality Cookies: These cookies allow us to remember the choices you make and to customize our services to provide you with relevant content. For example, a cookie for functions can remember your settings (e.g. country or language selection) or your user name.
  • Session cookies: We use session cookies when you access our Websites or content. Session cookies expire and have no effect when you log out of your account or close your browser.

The length of time a cookie remains on your browsing device depends on whether it is a "permanent" or a "session" cookie. Session cookies only stay on your device until you stop surfing. Persistent cookies remain on your browsing device until they expire or are deleted (i.e. after you have finished surfing).

You have the right to decide whether you want to accept cookies. You can exercise your preferences regarding the cookies used on our Websites by following the steps below.

  • Our cookies (or "first party cookies"): You can use the browser that you use to visit thes Websites to enable, disable, or delete cookies. Follow the instructions of your browser (usually in the "Help", "Tools" or "Edit" settings). Please note that if you have set your browser to disable cookies, you may no longer be able to access Storrito.
  • Third party cookies (or "third party cookies"). To opt out of third-party advertising networks and similar companies that use targeting/advertising cookies, visit http://www.aboutads.info/choices. Once you click the link, you can choose to opt out of receiving such advertising from all participating advertisers or only from certain advertisers. For more information about third-party advertising networks and similar facilities that use these technologies, please visit http://www.aboutads.info/consumers.
  • Do-Not-Track: Some Internet browsers - such as Internet Explorer, Firefox, and Safari - offer the ability to transmit "Do not track" or "Do-Not-Track" ("DNT") signals. Since no uniform standards for "DNT" signals have been adopted, our website does not currently process or respond to "DNT" signals.

Further information on cookies and their use can be found at www.aboutcookies.org or www.allaboutcookies.org.

a. Matomo: On our Websites, data is collected and processed using the web analysis service software Matomo (https://matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on the basis of our legitimate interest in statistical analysis of user behaviour for range measurement in the event of your consent pursuant to Art. 6 (1) a) GDPR. The EU Commission has established an appropriate level of data protection for New Zealand. The data collected with Matomo cookies (including your [anonymized] IP address and email address) is processed on Matomo servers. If you do not agree with the storage and evaluation of this data from your visit, you can object to its storage and use at any time by mouse click. Alternatively, you can activate the opt-out option on [https://matomo.org/privacy-policy/ . In](https://matomo.org/privacy-policy/) the event of your objection, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and may have to be reactivated by you.

Further information on how Matomo processes personal data can be found in Matomo's privacy policy at https://matomo.org/privacy-policy/

b. Google Analytics / Firebase: We use Google Analytics on our Websites on the basis of Art. 6 (1) a) GDPR, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") to continuously improve our website. Google Analytics also uses cookies, which are stored on your computer, to help the Websites analyze how users use the site. The information generated by the cookie about your use of thes Websites is generally sent to a Google server in Europe (or in a member state of the European Economic Area Agreement) to make the IP address anonymous, so that it cannot be traced back to any individual. Only after the IP address has been anonymised will the abbreviated IP address be transmitted to a Google server in the USA and stored there. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google Analytics is used on these Websites with an extension for the anonymous collection of IP addresses (so-called IP masking). On our behalf, Google will use the information collected to evaluate your use of the Websites, to compile reports on website activity and to provide us with other services associated with website use. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

You have the right to revoke your consent at any time with effect for the future. You can also prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection by Google of data generated by the cookie and related to your use of the website (including your IP address) and the processing of such data by Google by downloading and installing a browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de . An opt-out cookie is set to prevent your data from being collected in the future when you visit this website.

You can also prevent Google Analytics from collecting data by clicking on the following link: Deactivate Google Analytics.

You can find further information on data protection at Google Analytics here http://www.google.com/analytics/terms/de.html and here http://www.google.com/intl/de/analytics/privacyoverview.html. ]

c. Affiliate networks: In addition, we accept no responsibility for the content of our website on the basis of our legitimate interests (i.e. interest in the economic operation of our online offering as defined in Art. 6 (1) f) GDPR) in the partner programs of Paddle.com [as well as of cleverbridge AG], whereby through the placement of advertisements and/or links to various providers, a reimbursement of advertising costs can be earned (so-called "Affiliate Systems"). Among other things, the providers of Affiliate Systems can recognize that you have clicked on an affiliate link and then purchased the corresponding product or service.

For more information on Paddle.com's data processing and opposition options, please visit https://paddle.com/privacy and https://paddle.com/gdpr or cleverbridge at [https://www.cleverbridge.com/corporate/privacy-policy].

d. In addition, we offer the possibility to chat with us via the live chat program "Crisp" of Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France (registration number: 833085806).

Further information can be found at Crisps privacy policy at https://crisp.chat/de/privacy/ and in the article at: https://help.crisp.chat/en/article/whats-crisp-eu-gdpr-compliance-status-nhv54c/.

3.6. Statistical evaluations: If necessary, we can evaluate your personal data to evaluate your preferences for the purposes of interest-oriented marketing, the individual approach and the continuous optimization of our business processes. We do this to gain a better understanding of what our customers expect from us and to be able to provide you with personalized communication. In addition, these evaluations help us to detect fraud, to audit and to guarantee security, which is why we carry out this processing to protect our legitimate interests; the legal basis is Art. 6 (1) f) GDPR.

3.7. Company pages: In addition to our Websites, we maintain our own presence on the Twitter platform operated by Twitter International Company, Ireland, a subsidiary of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A., and on the YouTube platform ("Company Pages") offered by Google Ireland Ltd, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and our Websites may contain links to our company pages. When you visit one of our Company Pages, the social media provider processes personal information, even if you are not logged into your social media account when you visit it. We receive detailed statistics from the social media providers on the use of our respective Company Pages, which consist exclusively of summarised information. From these statistics we can e.g. recognize how often or by how many unique visitors our respective company page and individual contributions on this page were called or evaluated. Based on the statistics, however, we cannot recognize which specific persons have visited our site, called up individual contributions or, for example, evaluated them. On our Company Pages, however, as is generally the case with social media, it is clear which user of a social network has rated a certain content. Further information on data processing can be found in the respective privacy policy at https://twitter.com/de/privacy or at https://policies.google.com/privacy?hl=del=de.

3.8. Further legitimate interests: If necessary, we process your data beyond the aforementioned purposes also to protect our legitimate interests or the interests of third parties; this takes place on the basis of Art. 6 (1) f) GDPR. Our legitimate interests include

a. the assertion of legal claims and defense in legal disputes;

b. the possibility to provide customer support (also via a chat function);

c. the prevention and investigation of criminal offences;

d. the management and further development of our business activities, including risk management.

4. Am I obliged to provide data?

The information required for the registration, contract execution or provision of further upgrades, the possible registration for our email information in the corresponding area of the respective website (e.g. an online form) are mandatory information; without the provision of mandatory information, we can not allow you to use the respective functionality.

If, in addition, we collect personal data from you, we will inform you at the time of collection whether the provision of this information is required by law or contract or if is necessary for the conclusion of a contract. As a rule, we identify information that is provided voluntarily and is not based on any of the aforementioned obligations or is not necessary for the conclusion of a contract.

5. Who receives my data?

Your personal data will be processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. This includes, in particular, the specialist departments involved in providing our services and our IT department. Through a role and authorization concept, access within our company is limited to those functions and the scope required for the respective purpose of processing.

We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular

  • those third parties with whom we make use of to provide our services, insofar as the transfer is necessary for the fulfilment of the contracts concluded with us;
  • the service providers engaged by us (e.g. in the areas of IT including hosting and chat providers, email dispatch service providers as well as billing or marketing), who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
  • Storrito uses "Google Cloud" to store personal data, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Under Irish law, Google Ireland Limited is responsible for compliance with applicable data protection laws, including compliance with the European General Data Protection Regulation (GDPR). For more information about compliance with the GDPR, please visit https://cloud.google.com/security/gdpr, https://workspace.google.com/terms/dpa_terms.html and https://cloud.google.com/terms/data-processing-terms;
  • we also work with Paddle.com as external and responsible payment processor as shown above. Paddle.com can cooperate with other payment service providers such as PayPal (Europe) S.à. r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). For more information on how they process your personal data, please refer to Paddle.com's privacy policy at https://paddle.com/privacy/ or PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE;
  • non-public and public bodies, insofar as we are obliged to transmit your personal data due to legal obligations;
  • potential buyers or partners and their advisors in advance of potential company acquisitions, mergers or other corporate transactions as part of a so-called due diligence.

6. Is automated decision making used?

In connection with the operation of our Websites, we do not use any automated decision making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent provided by law.

7. Are data transmitted to countries outside the EU/EEA?

The processing of your personal data takes place within the EU or the European Economic Area.

In certain cases, information may be transferred to recipients in so-called "third countries". "Third countries" are countries outside the European Union or the Agreement on the European Economic Area. In particular, we send business-related emails through the "SendGrid" shipping service of Twilio UK Limited. However, Twilio UK Limited is committed to comply with the strict data protection regulation of the EU and thus comply with the GDPR. Basic data protection information can be found at https://www.twilio.com/legal/privacy and further information on compliance with the DSGVO can be found at https://www.twilio.com/gdpr and https://www.twilio.com/legal/data-protection-addendum.

If the information transferred also includes personal data and we are not obliged to transfer it due to a legal obligation, we will ensure before such a transfer that the required appropriate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This can result in particular from a so-called "adequacy decision" of the European Commission, which determines an adequate level of data protection for a certain third country as for Switzerland as a whole. Alternatively, we can base the transfer of data on the so-called "EU standard contract clauses" agreed with a recipient or - in the case of recipients in the USA - on compliance with the principles of the so-called "EU-US Privacy Shield". We will be happy to provide you with further information on the appropriate and reasonable safeguards to maintain an adequate level of data protection upon request; contact details can be found at the top of this Privacy Policy. Information on participants in the EU-US Privacy Shield can also be found at www.privacyshield.gov/list; information on EU standard contractual clauses at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF and information on adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.

8. How long will my data be stored?

We store personal data in principle as long as we have a justified interest in this storage and your interests in the discontinuation of the storage do not outweigh. Even without a legitimate interest, we can continue to store the data if we are legally obliged to do so (for example, to fulfill retention obligations). We also delete personal data without the intervention of the person concerned as soon as their knowledge is no longer necessary to fulfil the purpose of the processing or storage is otherwise legally inadmissible.

The personal data that we have to store in order to fulfil our retention obligations will be stored until the end of the respective storage obligation. Insofar as we store personal data exclusively for the fulfilment of storage obligations, these are generally blocked so that they can only be accessed if this is necessary with regard to the purpose of the retention obligation.

9. What rights do I have?

a. Right of objection according to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In the event of your objection, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.**

If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.

b. Revocation of consent

If you have given us your consent (e.g. in connection with information by email), you can revoke such consent at any time with effect for the future. In our email information, we usually provide you with a corresponding link in each of our newsletters. You can also contact us in any other way, e.g. by sending a message by post or email via one of the contact channels mentioned on the first page of this Privacy Policy.

c. Further rights

You have as a data subject the right in accordance with the following provisions

  • for information on the personal data stored about you, Art. 15 GDPR;
  • for rectification of inaccurate or incomplete data, Art. 16 GDPR;
  • deletion of personal data, Art. 17 GDPR;
  • limitation of processing, Art. 18 GDPR; and
  • on data portability, Art. 20 GDPR

To exercise these rights, you can contact us - e.g. via one of the contact channels indicated at the beginning of this Privacy Policy – at any time.

If you have any questions regarding the processing of your data, you can also contact our data protection officer via the contact channels indicated above.

You are also entitled to lodge a complaint with a competent data protection supervisory authority, Art. 77 GDPR.