Privacy Policy

1. General Information and Contact Details

We, Shortcats UG (limited liability), take the protection of your personal data very seriously. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our business activities, our website, mobile applications, and within external online presences, such as our social media profiles. Regarding the terms used, such as "processing"or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:

Shortcats UG (limited liability)

Ganzenmüllerstr. 36

80999 Munich

Represented by the Managing Directors:

Simone Damm (CEO)

Eugen Kochtyrew (CTO)

Kathrin Opielka (CMO)

Contact:

Email: mail@shortcats.com

If you have any questions about data protection, you can contact us at any time.

2. Types of Data Collected and Purpose of Processing

When using our services, we collect and process various types of personal data. The scope of data collection and processing depends on the type of use of our services.

1. When using our website and services:

   • Email Address: For communication, account management, and providing our services.
   • Company Data: For identification and management of business accounts.
   • Usage Data: To improve our services, analyze user behavior, and optimize user experience.

2. During payment processing:

   We use external payment service providers such as Stripe and PayPal. Additional personal data required for payment processing may be collected. We do not store payment data such as credit card numbers or bank account details ourselves.

3. Automatically collected data:

   When using our website, technical data such as IP address, browser type and version, operating system, referrer URL, access time, and similar technical information are automatically collected and stored in our server log files.

Purpose of Data Processing:

• Provision and optimization of our services
• Ensuring the functionality and security of our systems
• Improvement of user experience
• Detection and prevention of misuse and fraud
• Compliance with legal obligations
• Customer support and communication

The processing of this data is based on our legitimate interests in accordance with Article 6(1)(f) GDPR to improve our offerings and web presence, to fulfill legal obligations in accordance with Article 6(1)(c) GDPR, as well as on the basis of your consent in accordance with Article 6(1)(a) GDPR, if such consent has been obtained.

3. Legal Bases for Data Processing

The processing of your personal data is based on various legal grounds as set forth in the General Data Protection Regulation (GDPR):

1. Contractual Obligation (Article 6(1)(b) GDPR):

   The processing of your data is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract. This includes, for example, the provision of our services, customer support, and payment processing.

2. Legitimate Interests (Article 6(1)(f) GDPR):

   The processing of your data is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract. This includes, for example, the provision of our services, customer support, and payment processing.

3. Legal Obligation (Article 6(1)(c) GDPR)

   In some cases, we are legally obligated to process certain data, such as to fulfill tax retention obligations.

4. Use of Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. Detailed information can be found in our separate Cookie Policy, to which we expressly refer here.

5. Use of Third-Party Providers and External Service Providers

We use external service providers for various aspects of our business operations and to provide our services. This may involve the transfer of personal data to these service providers. We have entered into data processing agreements with all service providers in accordance with Article 28 GDPR to ensure the protection of your data.

1. Amazon Web Services (AWS):

   We use AWS for hosting our entire application. Your data is stored and processed on servers within the European Union.

   View Privacy Policy

2. Google Analytics:

   We use Google Analytics to analyze user behavior on our website and to improve our services. Your IP address is anonymized, and usage data is transmitted to Google servers.

   View Privacy Policy

3. Stripe and PayPal:

   We use Stripe and PayPal for payment processing. The necessary data for payment processing is transmitted to these service providers.

   View Stripe Privacy Policy

   View PayPal Privacy Policy

For detailed information on data processing by these third-party providers, please refer to their respective privacy policies:

6. Data Retention Periods and Deletion of Data

We retain your personal data only as long as necessary for the purposes for which it was collected or as required by law. Retention periods may vary depending on the type of data and the purpose of its processing:

1. User data in our AWS-based application:

   • This data is retained as long as your account is active.
   • You, as the user, are responsible for deleting your account and the associated data if you no longer wish to use our service.
   • Upon your request, we will delete your account and all associated personal data.

2. Analytical Data (Google Analytics):

   • This data is stored and anonymized according to the default settings of Google Analytics.
   • Detailed information about the retention periods of Google Analytics can be found in Google`s privacy policy.

3. Payment Data (Stripe, PayPal):

   • The retention of this data is subject to the policies of our payment service providers.
   • For specific information, we refer to the privacy policies of Stripe and PayPal.

If you wish to delete your account and all associated data, you can request this at any time. Please contact us at mail@shortcats.com. We will comply with your request within a reasonable time frame, provided no legal retention obligations prevent this.

Please note that even after your account is deleted, certain data may be retained in anonymized or aggregated form for statistical purposes or to improve our services without allowing any conclusions to be drawn about your identity.

7. User Rights

As a user of our services, you have certain rights concerning your personal data. We respect these rights and strive to support you in exercising them, as far as this aligns with our business interests.

Under the General Data Protection Regulation (GDPR), you have the following rights:

1. Right to Access:

   You have the right to know which personal data we process about you and for what purpose.

2. Right to Rectification:

   You can request the correction of inaccurate or incomplete personal data.

3. Right to Erasure:

   You can request the deletion of your personal data, provided no legal reasons prevent this.

4. Right to Restrict Processing:

   Under certain circumstances, you can request the restriction of the processing of your data.

5. Right to Data Portability:

   You have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.

6. Right to Object:

   You can object to the processing of your personal data for reasons arising from your particular situation.

To exercise any of these rights, please contact us at mail@shortcats.com. We will carefully review your request and respond within one month. In complex cases, this period may be extended by a further two months, of which we will inform you.

Please note that we may need additional information to process your request to verify your identity and ensure we handle the correct data.

If you are not satisfied with our response, you have the right to file a complaint with the competent data protection supervisory authority.

8. Security Measures to Protect Personal Data

The protection of your personal data is our highest priority. We have implemented extensive technical and organizational measures to ensure the security of your data. Our security measures are based on the standards of ISO 27001 and follow IT security best practices:

1. Information Security Management System (ISMS):
   • We have implemented a comprehensive ISMS, which is regularly reviewed and updated.
   • Regular internal audits ensure that our security measures are always up to date.
2. Data Encryption:
   • All personal data is encrypted both during transmission and storage.
   • We use state-of-the-art encryption technologies to protect your data from unauthorized access.
3. Access Control:
   • Strict access controls and the principle of least privilege ensure that only authorized employees have access to personal data.
   • Regular reviews and updates of access rights ensure that access permissions are always current.
4. Password Security:
   • We enforce a strict password policy that requires regular password changes and the use of complex passwords.
5. Employee Training:
   • All employees receive regular training on data protection and IT security to ensure a high level of security awareness.

Despite all these measures, we want to point out that no method of data transmission over the internet or electronic data storage is 100% secure. However, we strive to take all reasonable measures to protect your personal data.

If you have any questions about our security measures or wish to report a security incident, please contact us immediately at mail@shortcats.com.

9. International Data Transfers

Shortcats UG (limited liability) places great emphasis on compliance with the General Data Protection Regulation (GDPR) and only works with GDPR-compliant partners and software suppliers. We ensure that your personal data is processed and stored only within the European Union (EU) or the European Economic Area (EEA).

1. Data Processing within the EU/EEA:
   • All our server locations and data processing centers are located within the EU/EEA.
   • We only use cloud services and providers that guarantee data processing within the EU/EEA.
2. Collaboration with Third Parties:
   • When selecting our partners and service providers (such as AWS, AI technology suppliers), we ensure that they meet the GDPR requirements.
   • We have signed data processing agreements with these providers to ensure the protection of your data according to GDPR standards.
3. No Data Transfer to Third Countries:
   • We do not transfer your personal data to countries outside the EU/EEA.
   • In the unlikely event that a data transfer to a third country becomes necessary, we will ensure that this is done only in compliance with the strict GDPR regulations and with your explicit consent.

Through these measures, we ensure that your personal data is always protected by the high standards of the GDPR, regardless of where within the EU/EEA it is processed. If you have any questions about our international data processing practices, please do not hesitate to contact us at mail@shortcats.com.

10. Changes to the Privacy Policy

We reserve the right to change this privacy policy at any time to adapt it to changes in the law, our services, or our data processing practices. Users are encouraged to regularly review the content. Changes will be implemented as follows:

1. Notification of Changes:
   • For significant changes, we will notify you via email or a prominent notice on our website.
   • No separate notification will be provided for minor changes.
2. Consent to Changes:
   • By continuing to use our services after a change to the privacy policy, you agree to the changes.
   • If you do not agree with the changes, you must stop using our services.
3. Versioning:
   • The date of the last update is provided at the end of this privacy policy.
   • Older versions of the privacy policy are archived and available upon request.

We recommend that you regularly review this privacy policy to stay informed about how we handle your personal data. If you have any questions about changes, please contact us at mail@shortcats.com.