Responsible

Paulo Sapiaín

Köpenicker Chaussee 3010317, Berlin, Germany

E-Mail-Address: info@chitakay.com

Imprint: www.chitakay.com/impressum

Introduction

With the following data protection declaration, we would like to inform you which types of your personal data (hereinafter also referred to as "data") we process, for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter also referred to collectively as "online offer").

The terms used are not gender-specific.

Relevant legal bases

In the following, we provide the legal basis for the Basic Data Protection Regulation (DSGVO), on the basis of which we process personal data. Please note that in addition to the regulations of the DSGVO, national data protection regulations may apply in your or our country of residence and domicile. Should more specific legal provisions apply in individual cases, we will inform you of these in the data protection declaration.

National data protection regulations in Germany: In addition to the data protection regulations of the Basic Data Protection Regulation, national data protection regulations apply in Germany. These include in particular the law on protection against misuse of personal data in data processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision making in individual cases including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Transmission and disclosure of personal data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data which serve to protect your data.That by using your site, your website terms apply to their use.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transfer required by contract or by law, we will only process the data or have it processed in third countries with a recognised level of data protection, a contractual obligation through so-called standard protection clauses of the EU Commission, in the case of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply (e.g. if the purpose for which the data were processed ceases to apply or if they are not necessary for the purpose).

Unless the data are deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that are required to be retained for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be provided in the individual data protection notes of this data protection declaration.

Modifications and updates of the privacy policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to take action to cooperate (e.g. to give your consent) or to receive other individual notification.

If we provide addresses and contact information of companies and organisations in this data protection declaration, please note that the addresses may change over time and please check the information before contacting us.

Cookies

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

• These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

• These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

Analytics

This website collects personal data to power our site analytics, including:

• Information about your browser, network, and device

• Web pages you visited prior to coming to this website

• Your IP address

This information may also include details about your use of this website, including:

• Clicks

• Internal links

• Pages visited

• Scrolling

• Searches

• Timestamps

• We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

Marketing Emails

We may send you marketing emails, which you can unsubscribe from by clicking the link at the bottom of the email. We share your contact information with Squarespace, our email marketing provider, so they can send these emails on our behalf.

Fonts

This website uses font files from Google Fonts and Adobe Fonts. To properly display this site to you, servers where the font files are stored may receive personal information about you, including:

• Information about your browser, network, or device

• Your IP address

For Website Visitors

This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:

• Information about your browser, network and device

• Web pages you visited prior to coming to this website

• Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.

Presence in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

Please note that user data may be processed outside the European Union. This can result in risks for the users, because the enforcement of the users' rights could be made more difficult.

Furthermore, user data within social networks are generally processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these).

For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users in each case and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

Facebook: We are jointly responsible with Facebook Ireland Ltd. for the collection (but not the further processing) of data of visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content that users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy Statement: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see "Device Information" in the Facebook Data Policy Statement: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How we use this information", Facebook also collects and uses information to provide analytics services, called "page insights", to page operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook ("Information on Page-Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of the persons concerned (i.e. users can, for example, send information or requests for deletion directly to Facebook). The rights of users (in particular to information, deletion, objection and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

• Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).

  Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

• Instagram: social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  

• Facebook: Social Network; Service Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; opt-out: advertising settings: https://www.facebook.com/settings?tab=ads.

Plugins and Embedded Functions and Content

We integrate into our online offer functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third party providers"). These may, for example, be graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as "content").

The integration always presupposes that the third-party providers of these contents process the IP address of the users, as without the IP address they would not be able to send the contents to their browsers. The IP address is therefore required for the display of these contents or functions. We make every effort to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information on the browser and operating system, websites to be referred to, the time of visit and other details on the use of our online offer, as well as being linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or person).

• Persons concerned: Users (e.g. website visitors, users of online services).

• Purposes of processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service.

• Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Used services and service providers:

Google Maps: We integrate the maps of the "Google Maps" service of the provider Google. The processed data may include, in particular, IP addresses and location data of the users, which, however, cannot be collected without their consent (usually within the framework of the settings of their mobile devices); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://cloud.google.com/maps-platform; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, advertising display settings: https://adssettings.google.com/authenticated.