Effective Date: October 26, 2024

1. Introduction and Our Commitment to Your Privacy

This Privacy Policy details the commitment of Designomo GmbH, operating as AI Webdesign (“we,” “us,” “our”), to protecting the privacy and security of the personal information of our clients, website visitors, and service users (collectively, “you”). This document outlines how we collect, use, process, share, and safeguard your personal data when you visit our website, www.ai-webdesign.com (the “Site”), or engage with any of our digital services (the “Services”).

Our policy is designed to be transparent and to comply with the highest standards of data protection, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). We are dedicated to ensuring that you are fully informed about your rights and our data processing practices.

By accessing our Site or using our Services, you acknowledge that you have read and understood the terms of this Privacy Policy. We encourage you to review it carefully to understand our practices and your rights regarding your personal information.

2. Data Controller and How to Contact Us

The entity responsible for the processing of your personal data (the “Data Controller”) is:

• Company: Designomo GmbH
• Address: Barbarossastraße 61, 63571 Gelnhausen, Germany
• Email: info@ai-webdesign.com
• Phone: +49 69 34 879 879

For any questions, concerns, or requests related to your personal data or this Privacy Policy, please contact us using the details above. We have appointed a data protection representative to handle all such inquiries to ensure they are addressed promptly and effectively.

3. Scope of This Privacy Policy

This policy applies to all personal information processed by AI Webdesign, regardless of the geographic location of the individual. It covers data collected through:

• Our Website: When you browse our Site, fill out forms, or interact with our content.
• Our Services: When you register for an account, purchase our products, or use our web design and digital marketing tools.
• Communications: When you contact us via email, phone, chat, or any other means.
• Third-Party Integrations: When you interact with our content through social media platforms or other integrated third-party services.

This policy does not extend to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

4. Categories of Personal Data We Collect

We collect various types of personal data to provide and improve our Services. The categories of data we may collect include:

• Identifiers: This includes your full name, email address, phone number, billing and shipping addresses, and your Internet Protocol (IP) address. We collect this to create your account, process transactions, and communicate with you.
• Commercial Information: This includes records of the products or services you have purchased, considered, or obtained from us. This helps us understand your interests and provide better customer support.
• Internet and Other Electronic Network Activity Information: This includes your browsing history, search queries, and interaction with our Site, emails, and advertisements. We use this data to analyze site performance, improve user experience, and for marketing purposes. This may also include data such as your operating system, browser type, and device information.
• Geolocation Data: We may collect your approximate location based on your IP address or more precise location if you grant permission through your browser or device settings. This helps us provide localized content and comply with regional legal requirements.
• Audio, Electronic, or Visual Data: We only collect this type of data if you explicitly submit it to us, for example, by leaving a voicemail or participating in a video testimonial.
• Professional or Employment-Related Information: If you inquire about our services on behalf of a company, we may collect your job title and business affiliation.
• Inferences Drawn from Other Personal Information: We may create a profile reflecting your preferences, characteristics, and interests based on your interactions with our Site and Services. This helps us personalize your experience.

5. How We Collect Your Personal Data

We use several methods to collect data from and about you:

• Directly from You: When you provide it to us by filling out forms on our Site (e.g., contact forms, registration forms, order forms), participating in surveys, using our live chat feature, or corresponding with us by email or phone.
• Through Automated Technologies: As you navigate our Site, we may automatically collect data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, web beacons, tracking pixels, and other similar technologies. This helps us understand how our Site is used and to provide a better experience.
• From Third-Party Sources: We may receive personal data about you from various third parties, such as:
  • Analytics Providers: like Google Analytics and Hotjar.
  • Advertising Networks: like Google Ads and Meta/Facebook Ads.
  • Payment Processors: like Stripe and PayPal, who provide us with transaction confirmation details.
  • Social Media Platforms: if you interact with our social media pages or use social login features.

6. Our Legal Grounds for Processing Your Data (GDPR)

Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:

• Consent: We will process your data when you have given us clear and explicit consent for a specific purpose, such as signing up for our marketing newsletter. You have the right to withdraw your consent at any time.
• Contractual Necessity: We will process your data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. This includes processing your data to provide the services you have purchased.
• Legal Obligation: We may be required to process your personal data to comply with our legal and regulatory obligations, such as for tax purposes or in response to a lawful request from a government authority.
• Legitimate Interests: We may process your data when it is necessary for our legitimate interests, or the legitimate interests of a third party, provided that your fundamental rights and freedoms do not override those interests. Our legitimate interests include improving our Services, preventing fraud, and for direct marketing purposes (where you have not opted out).

7. The Purposes for Which We Use Your Personal Data

We use your personal data for a variety of purposes, including:

• Service Provision and Account Management: To register you as a new customer, manage your account, and provide you with the services you have requested.
• Transaction Processing: To process your orders, manage payments, and provide transaction support.
• Customer Support: To respond to your inquiries, provide technical assistance, and resolve any issues you may have.
• Personalization: To personalize your experience on our Site and with our Services, by presenting you with content and offers tailored to your interests.
• Marketing and Advertising: To send you marketing communications about our products, services, and promotions, subject to your preferences and consent where required by law.
• Analytics and Improvement: To analyze how our Site and Services are used, to monitor their performance, and to make improvements.
• Security and Fraud Prevention: To protect the security of our Site, Services, and business, and to prevent and detect fraud.
• Legal Compliance: To comply with our legal obligations and to establish, exercise, or defend legal claims.

8. How We Share Your Personal Data

We do not sell your personal data for monetary gain. However, we may share your data with trusted third parties in the following circumstances:

• Service Providers: We engage third-party companies and individuals to perform services on our behalf, such as website hosting (e.g., AWS, IONOS), email marketing (e.g., Mailchimp, Brevo), analytics (e.g., Google Analytics, Hotjar), advertising (e.g., Google Ads, Meta Ads), payment processing (e.g., Stripe, PayPal), and CRM (e.g., HubSpot, Salesforce). These service providers are contractually obligated to protect your data and are not permitted to use it for their own purposes.
• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site of any change in ownership or uses of your personal data.
• Legal Requirements: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or in urgent circumstances to protect the personal safety of our users or the public.
• With Your Consent: We may share your personal data with other third parties when we have your explicit consent to do so.

9. International Data Transfers

As a global business, we may transfer your personal data to service providers located in countries outside of the European Economic Area (EEA) or California. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:

• Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of data protection by the European Commission.
• Standard Contractual Clauses (SCCs): Using contractual clauses approved by the European Commission that impose data protection obligations on the recipient of the data.
• Supplementary Measures: Implementing additional technical and organizational measures to ensure the data remains secure.

10. Cookies and Other Tracking Technologies

Our Site uses cookies and similar technologies to enhance your experience, analyze our performance, and for marketing purposes. A cookie is a small text file that is stored on your device.

We use the following types of cookies:

• Strictly Necessary Cookies: These are essential for the operation of our Site and cannot be disabled. They include cookies that enable you to log into secure areas of our Site.
• Performance and Analytics Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Site. This helps us to improve the way our Site works.
• Functionality Cookies: These are used to recognize you when you return to our Site. This enables us to personalize our content for you and remember your preferences.
• Targeting and Advertising Cookies: These cookies record your visit to our Site, the pages you have visited, and the links you have followed. We will use this information to make our Site and the advertising displayed on it more relevant to your interests.

You can manage your cookie preferences through the cookie banner on our Site or by adjusting your browser settings. You can also opt out of certain tracking technologies through the following links:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Digital Advertising Alliance: https://optout.aboutads.info

11. Data Retention

We will only retain your personal data for as long as is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.

12. Data Security

We have implemented a range of technical and organizational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

• Encryption: Using HTTPS/SSL encryption for data transmitted to and from our Site.
• Access Controls: Restricting access to personal data to authorized personnel on a need-to-know basis.
• Data Minimization: Collecting only the personal data that is necessary for the purposes for which it is processed.
• Regular Security Assessments: Regularly reviewing our security policies and practices to ensure they remain effective.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

13. Children’s Privacy

Our Site and Services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.

14. Your Rights Under the GDPR

If you are a resident of the EEA, you have the following rights under the GDPR:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The right to withdraw consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us at info@ai-webdesign.com.

15. Your Rights Under the CCPA/CPRA

If you are a California resident, you have the following rights under the CCPA/CPRA:

• The right to know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell.
• The right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
• The right to opt-out of sale or sharing: You have the right to opt-out of the sale or sharing of your personal information. We do not sell personal information for monetary value, but we may share it with third parties for cross-context behavioral advertising. You can opt-out through a “Do Not Sell or Share My Personal Information” link on our Site.
• The right to non-discrimination: You have the right not to be discriminated against for exercising any of your CCPA/CPRA rights.
• The right to correct: You have the right to request the correction of inaccurate personal information.

To exercise your CCPA/CPRA rights, please email us at info@ai-webdesign.com with the subject line “CCPA Request”.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated policy on this page and indicate the date of the latest revision. If we make material changes, we will notify you by email or through a prominent notice on our Site.

17. Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with a data protection supervisory authority. Our lead supervisory authority is in Hesse, Germany:

• Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
• Website: https://datenschutz.hessen.de

18. Profiling and Automated Decision-Making

Modern data protection laws, particularly the GDPR, grant you rights concerning automated individual decision-making, including profiling. Profiling involves the automated processing of personal data to evaluate certain personal aspects, such as predicting your performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Our Stance: AI Webdesign does not engage in profiling or automated decision-making that produces legal effects concerning you or similarly significantly affects you.

While we do use data to personalize your experience on our Site and for targeted advertising, this process does not result in decisions that would have a legal or otherwise significant impact on you without human intervention. For example, our systems may automatically categorize you into a marketing segment based on your browsing history to show you more relevant advertisements, but this does not affect your access to our services, pricing, or legal rights. You retain the right to object to this form of processing for direct marketing purposes at any time.

19. Third-Party Integrations, Links, and Services

Our Site and Services may contain links to other websites and integrate tools and services operated by third parties. It is important to understand that these third-party services are not under our control and operate under their own distinct privacy policies and terms of service.

Examples of such integrations include:

• Embedded Content: We may embed content such as videos from YouTube or Vimeo, maps from Google Maps, or presentations from SlideShare. When you interact with this embedded content, the third-party provider may collect data about you as if you had visited their website directly.
• Social Media Widgets: Our Site may include social media features, such as the Facebook “Like” button, the Twitter “Tweet” button, or content-sharing functionalities. These features may collect your IP address and which page you are visiting on our Site, and may set a cookie to enable the feature to function properly.
• APIs and Web Fonts: We may use third-party APIs (Application Programming Interfaces) to enhance our services or web fonts (like Google Fonts) to improve the typography on our Site. The providers of these services may receive technical information, including your IP address, as part of their service delivery.

We strongly encourage you to read the privacy policies of any third-party website or service you visit or interact with through our platform. We are not responsible for the data protection or privacy practices of these third parties. Your interactions with these features are governed by the privacy policy of the company providing them.

20. “Do Not Track” Signals

Some web browsers offer a “Do Not Track” (DNT) feature, which sends a signal to websites you visit indicating that you do not wish to have your online activity tracked. Currently, there is no universally accepted industry standard for how to respond to DNT signals.

Therefore, like many other websites and online services, AI Webdesign does not currently alter its practices when it receives a DNT signal from a visitor’s browser. We will continue to monitor the development of DNT technology and the establishment of a final, uniform standard and will reassess our approach accordingly. In the meantime, you can exercise control over the collection of your data by using the cookie preference tools and opt-out mechanisms described in Section 10 of this policy.

21. Data Breach Notification Procedures

Protecting your personal data is a top priority for us. However, no method of data storage or transmission is infallible. In the unfortunate event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we have established a clear protocol to manage the incident effectively.

Our procedure includes the following steps:

1. Immediate Assessment: Upon discovery of a potential breach, our security team will immediately work to contain it and assess the scope, including what data was affected and the potential risk to individuals.
2. Notification to Supervisory Authority: If the breach is likely to result in a high risk to the rights and freedoms of individuals, we are obligated under GDPR to notify the relevant supervisory authority (the HBDI for us in Hesse) without undue delay, and where feasible, not later than 72 hours after having become aware of it.
3. Notification to Affected Individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will communicate the breach to you directly and without undue delay. This notification will be in clear and plain language and will include:
   • The nature of the data breach.
   • The name and contact details of our data protection representative.
   • A description of the likely consequences of the breach.
   • A description of the measures we have taken or propose to take to address the breach and mitigate its possible adverse effects.

We will not be required to notify you if we have implemented appropriate technical and organizational protection measures (such as encryption) that render the data unintelligible to any unauthorized person, or if we have taken subsequent measures which ensure that the high risk to your rights and freedoms is no longer likely to materialize, or if it would involve a disproportionate effort. In such a case, we will instead issue a public communication.

22. Your Responsibility in Data Security

While we are committed to protecting your data, you also play a crucial role in keeping it secure. If you have an account with us, you are responsible for keeping your password and other login credentials confidential. Do not share your password with anyone. If you believe your password has been compromised, please change it immediately and contact us so we can take appropriate action.

23. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes, we will post the updated policy on our Site and revise the “Effective Date” at the top of the policy.

If we make material changes to how we treat your personal information, we will provide you with notice through a more prominent method, such as by sending an email to the primary email address specified in your account or by placing a banner notice on our Site’s homepage. Your continued use of our Site and Services following the posting of changes constitutes your acceptance of such changes. We encourage you to review this policy periodically for any updates.

24. Contact Us for Questions, Concerns, or Requests

If you have any questions, comments, or concerns about this Privacy Policy, our data practices, or if you wish to exercise your rights, please do not hesitate to contact us. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.

Please direct all inquiries to:

• Data Controller: Designomo GmbH
• Postal Address: Barbarossastraße 61, 63571 Gelnhausen, Germany
• Email: info@ai-webdesign.com
• Telephone: +49 69 34 879 879

To expedite your request, please use a clear subject line, such as “Data Privacy Request,” “CCPA Request,” or “GDPR Inquiry.” We will respond to all legitimate requests within the timeframe required by applicable law, typically within one month.