Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:
MAWI Software Solutions
Cosimastraße 121
81925 Munich
Germany
Telephone: +49 (0) 89 44 44 37 77 8
E-mail: hello@voicery.ai
Name and Address of the Data Protection Officer
The controller’s Data Protection Officer is:
Jan Henrik Schneider
pro data consulting GmbH
Pamiersring 15
74564 Crailsheim
Germany
Telephone: +49 (0) 7951 / 4725690
E-mail: kontakt@dsgvo-datenschutzexperte.de
General Information on Data Processing
Legal Bases for Processing Personal Data
Pursuant to Article 13 GDPR, we inform you of the legal bases for our data processing activities. Where a specific legal basis is not stated within this privacy notice, the following applies:
The legal basis for obtaining consent is Article 6(1)(a) in conjunction with Article 7 GDPR.
The legal basis for processing for the performance of our services, the execution of pre-contractual measures, and responding to enquiries is Article 6(1)(b) GDPR.
The legal basis for processing for compliance with our legal obligations is Article 6(1)(c) GDPR.
Where processing is necessary for the protection of our legitimate interests or those of a third party and these are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis.
Where processing is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR applies.
Erasure of Data and Storage Period
We adhere to the principles of data minimisation (Article 5(1)(c) GDPR) and storage limitation (Article 5(1)(e) GDPR). We store your personal data only for as long as is necessary to achieve the purposes stated herein or as required by statutory retention periods. After the relevant purpose ceases to apply or such retention periods expire, the corresponding data will be deleted as quickly as possible.
Erasure of Data and Storage Periods
We adhere to the principles of data minimisation pursuant to Article 5(1)(c) GDPR and storage limitation pursuant to Article 5(1)(e) GDPR. We store your personal data only for as long as is necessary to achieve the purposes stated herein or as required by statutory retention periods. Once the relevant purpose no longer applies or the retention periods expire, the corresponding data will be deleted as quickly as possible.
External Links
This website may contain links to third-party websites and to other websites under our responsibility. If you follow a link to any website outside our responsibility, please note that such websites have their own privacy information. We accept no responsibility or liability for these external websites and their privacy notices. Please check the respective privacy notices before using those websites.
You can recognise external links by their visual distinction (e.g. different colour or underlining). Your cursor will also indicate external links when hovering. Only when you click an external link will your personal data be transmitted to the destination (including your IP address, the time of the click, the page on which you clicked the link, and further information described in the respective provider’s privacy information).
Please note that individual links may lead to transfers of data outside the European Economic Area. As a result, foreign authorities could gain access to your data, and you may not have effective legal remedies against such access. If you do not wish your personal data to be transmitted to the link destination or potentially be subject to access by non-EU authorities, please do not click any external links.
Rights of the Data Subject
As a data subject under the GDPR, you may exercise various rights, including the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), objection (Article 21), the right to lodge a complaint with a supervisory authority, and the right to data portability (Article 20).
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal remains unaffected.
Right to Object
Where processing is based on Article 6(1)(e) or (f) GDPR, you may object, on grounds relating to your particular situation, at any time to the processing of your personal data. This also applies to profiling based on those provisions within the meaning of Article 4(4) GDPR. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defence of legal claims, we will cease processing your data after your objection.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling to the extent that it is related to such direct marketing. In this case, we will no longer process your personal data for these purposes once you object.
Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data infringes the GDPR, you have the right—without prejudice to any other administrative or judicial remedy—to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
Right to Data Portability
Where your data are processed by automated means on the basis of consent or for the performance of a contract, you have the right to receive such data in a structured, commonly used and machine-readable format, and the right to have those data transmitted to another controller where technically feasible.
Right of Access, Rectification and Erasure
You have the right to obtain information about your personal data that we process, including the purposes of processing, the categories of data, the recipients, and the storage period. For questions on this or other topics relating to personal data, please contact us using the details provided in the imprint.
Right to Restriction of Processing
You may request restriction of processing at any time if one of the following applies:
You contest the accuracy of the personal data (for a period enabling us to verify the accuracy).
The processing is unlawful and you oppose the erasure of the personal data and request the restriction instead.
We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.
Where processing is restricted, personal data shall, with the exception of storage, only be processed with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Provision of the Website (Web Hosting)
Our website is hosted by:
Framer
Rozengracht 207B
1016 LZ Amsterdam
Netherlands
When you access our website, we automatically collect and store information in server log files which your browser automatically transmits to our server or to the server of our hosting provider, including:
IP address of the visitor’s device
Device used
Hostname of the accessing computer
Visitor’s operating system
Browser type and version
Name of the file accessed
Time of the server request
Volume of data transferred
Information on whether the retrieval was successful
These data are not combined with other data sources.
Instead of operating the website on our own server, we may operate it on the server of an external service provider (hosting company), as named above. Personal data collected via this website are then stored on the hosting company’s servers. In addition to the data mentioned above, the web host stores, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimisation of this website. Where the website is accessed in order to enter into or perform a contract with us, Article 6(1)(b) GDPR is an additional legal basis. Where we engage a hosting company, a data processing agreement (Article 28 GDPR) is in place.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses Local Storage, Session Storage and/or cookies. Local Storage is a mechanism enabling data to be stored within the browser on your device. These data typically include user preferences (e.g. “day/night mode”) and remain until you manually delete them. Session Storage is similar, but storage persists only for the current session and is deleted once you close the tab. Cookies are information stored by a web server on your device to identify it. They are stored either temporarily for the duration of a session (session cookies), which are deleted after you leave a website, or permanently until you delete them or your browser deletes them automatically.
Such objects may also be stored by third-party providers when you enter our site (third-party requests), enabling both us and you to use certain third-party services installed on this website (e.g. payment services or video display).
These mechanisms can improve website functionality, control shopping baskets, increase security and convenience, and enable analytics of visitor flows and behaviour. Depending on function, different legal assessments apply. Where necessary for operating the site or providing certain functions (e.g. shopping basket) or for optimisation (e.g. measuring visitor behaviour), processing is based on Article 6(1)(f) GDPR (legitimate interests). In all other cases, storage occurs only with your explicit consent (Article 6(1)(a) GDPR).
Where Local/Session Storage items or cookies from third parties or for analytics purposes are used, we inform you separately in this notice. Your consent is requested and may be withdrawn at any time.
Use of External Services
Our website uses external services (third-party providers), e.g. for embedding videos or enhancing website security. Personal data are transmitted to the respective providers. Where no legitimate interest applies, we obtain your revocable consent in advance (Article 6(1)(a) GDPR).
Analytics
We process personal data of visitors to analyse user behaviour. This enables us to compile information on the use of components of our website and improve usability. Analytics tools may, for example, create user profiles for targeted or interest-based advertising, recognise returning visitors, measure click/scroll behaviour and downloads, create heat maps, recognise page views, measure visit duration and bounce rates, and identify visitor origin (city, country, referrer).
Processing occurs only if you consent via our consent banner. Legal basis: Article 6(1)(a) GDPR. Without consent, processing as described does not occur. If you withdraw consent (e.g. via the banner or other means provided), we will cease this processing. The lawfulness of processing before withdrawal remains unaffected.
Consent Management
To meet data protection requirements, we use a consent management tool on our website to obtain required consents for setting cookies or using external services. Consents are stored.
Processing is necessary for compliance with a legal obligation to which the controller is subject. Legal basis: Article 6(1)(c) GDPR.
We use Cookiebot, provided by Usercentrics A/S, Havnegade 39, 1058 Kopenhagen, Denmark.
Further information: https://www.cookiebot.com/de/privacy-policy/
Content Delivery Network (CDN)
We use a CDN to optimise performance and availability. The provider processes your IP address and the time of your visit. For details, please see the provider’s privacy information.
Legal basis: Article 6(1)(f) GDPR. Our legitimate interest is to display our website as quickly, securely, and reliably as possible.
Cloudflare
Provider: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany.
Social Media Plugins
We use social media plugins to connect our website with our social media channels. This facilitates following our channels and interacting with content. Some plugins allow analysis of user behaviour in relation to social networks. Plugins also serve to increase the reach and follower counts of our channels.
Personal data are processed and transmitted to social networks when the website is accessed (e.g. name, address, e-mail address, telephone number, access time, device information, IP address).
Processing occurs only with your consent via our banner (Article 6(1)(a) GDPR). Upon withdrawal, we cease processing; previous processing remains lawful.
Facebook Connect
Provider: Meta Platforms Ireland Limited (Marketplace), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data may be transferred to the USA. The provider is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of protection.
Privacy information: https://de-de.facebook.com/policy.php
Web Fonts
We use web fonts provided by an external provider. When you load the website, your browser connects directly to the font provider, who becomes aware that our website was accessed from your IP address.
Processing occurs only with your consent via our banner (Article 6(1)(a) GDPR). Upon withdrawal, we cease processing; previous processing remains lawful.
Google Fonts
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Data may be transferred to the USA. The provider is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of protection.
Privacy information: https://business.safety.google/privacy
Contact Form
Our website provides the option to contact us via a contact form. To use this form, we particularly require your contact details.
If you grant your consent, the legal basis is Article 6(1)(a) GDPR. You may withdraw your consent at any time.
If you submit enquiries regarding our products, services, or our company, processing is carried out for the purpose of performing a contract or taking steps prior to entering into a contract pursuant to Article 6(1)(b) GDPR. In addition, we may rely on a legitimate interest, for example to maintain business relationships or to respond to your enquiry for other reasons. In that case, the legal basis for processing your data is Article 6(1)(f) GDPR.
Data will be deleted once we have conclusively answered your enquiry and no statutory retention obligations prevent deletion.
Telephone or E-mail Contact
In accordance with statutory requirements, we provide a telephone number and an e-mail address on our website. Data transmitted via these channels are automatically stored by us in order to process the enquiry or to contact the person making the enquiry. We do not disclose these data to third parties without consent.
If contact is made by telephone or e-mail for pre-contractual or contractual purposes, processing of personal data is based on Article 6(1)(b) GDPR. For all other contact initiated by you, processing is based on our legitimate interests pursuant to Article 6(1)(f) GDPR.
Presence on Facebook
Social networks process extensive personal data of their users. When visiting our profiles, your IP address and other information about the devices you use are processed, which may allow IP addresses to be linked to individual users. We have no influence over this data processing. Please note that you use our profiles on social networks and their features under your own responsibility. Details of the processing can be found in the operator’s privacy policy.
We maintain a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/
Presence on Instagram
Social networks process extensive personal data of their users. When visiting our profiles, your IP address and other information about the devices you use are processed, which may allow IP addresses to be linked to individual users. We have no influence over this data processing. Please note that you use our profiles on social networks and their features under your own responsibility. Details of the processing can be found in the operator’s privacy policy.
We maintain a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For detailed information on the handling of personal data, please see Instagram’s privacy policy: https://help.instagram.com/519522125107875
The purpose of our profiles on social media platforms is to increase our online presence and consequent brand awareness. The legal basis is our legitimate interests pursuant to Article 6(1)(f) GDPR. With respect to processing by the social networks themselves, please refer to their own legal bases (e.g. consent under Article 6(1)(a) GDPR) as set out in their privacy policies.
As a rule, we are joint controllers with the social media platform for data processing triggered when you visit our profile. You may therefore exercise your data subject rights against the social media platform as well as against us. However, please note that we have no influence over the platform’s own data processing.
Presence on LinkedIn
Social networks process extensive personal data of their users. When visiting our profiles, your IP address and other device information are processed, which may allow IP addresses to be linked to individual users. We have no influence over this data processing. You use our profiles and their features under your own responsibility. Details are available in the operator’s privacy policy.
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
For details, please see LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy
The purpose of our profiles is to increase our online presence and brand awareness. The legal basis is our legitimate interests pursuant to Article 6(1)(f) GDPR. For processing by the social networks themselves, please refer to their own legal bases (e.g. consent under Article 6(1)(a) GDPR) in their privacy policies.
As a rule, we are joint controllers with the platform for data processing triggered when you visit our profile. You may therefore exercise your data subject rights under Articles 15 et seq. GDPR against the platform and against us. However, please note that we have no influence over the platform’s own data processing.
Presence on YouTube
Social networks process extensive personal data of their users. When visiting our profiles, your IP address and other device information are processed, which may allow IP addresses to be linked to individual users. We have no influence over this processing. You use our profiles and their features under your own responsibility. Details can be found in the operator’s privacy policy.
We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For detailed information on the handling of personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=en
The purpose of our profiles on social media platforms is to increase our online presence and brand awareness. The legal basis is our legitimate interests pursuant to Article 6(1)(f) GDPR. With regard to processing by the social networks themselves, please refer to their own legal bases (e.g. consent under Article 6(1)(a) GDPR) as set out in their privacy policies.
As a rule, we are joint controllers with the social media platform for data processing triggered when you visit our profile. You may therefore exercise your data subject rights under Articles 15 et seq. GDPR against the social media platform and against us. However, please note that we have no influence over the platform’s own data processing.
Google also transfers and processes data in the United States. At present, there is no adequate level of protection for data transfers to the United States. This gives rise to risks in connection with data processing. WhatsApp uses Standard Contractual Clauses and participates in the Data Privacy Framework, under which Google undertakes to ensure an adequate level of data protection.
Use of an AI Voice Assistant – Recording with Consent
If you contact us by telephone, your call may be answered by an AI-powered voice assistant (“Voice Agent Lena”). In this case you will be speaking to an automated application, not to a person.
Data processed
Your voice input (audio data) is converted to text in real time. The system processes the personal information you provide during the conversation (e.g. name, phone number, enquiry, preferred appointment time) and creates a transcript of the conversation. Technical connection data (phone number, time, duration) are also processed.
Purpose of processing
Processing is carried out to handle your enquiries automatically—particularly for scheduling appointments or answering simple questions—and to improve our service quality.
Legal bases
Where the data are required to arrange or conduct an appointment, we process them for the performance of a contract or taking steps prior to entering into a contract pursuant to Article 6(1)(b) GDPR.
Recording/transcription of the conversation takes place only with your consent (Article 6(1)(a) GDPR). At the beginning of the call you will hear the notice:
“This call is processed using AI. Further information is available on our website under Privacy.” If you do not wish this processing, please hang up and use another contact method (e.g. e-mail). If you continue the call, we will assume implied consent to the processing of your data by the AI.
Storage period
Transcripts are stored for a maximum of 30 days in order to clarify follow-up questions or perform quality analyses and are then automatically deleted, unless longer statutory retention periods or a documented dispute require a longer storage period.
Withdrawal of your consent
You may withdraw your consent at any time with effect for the future by sending us a brief notice or—during the call—by ending the connection. The lawfulness of processing prior to withdrawal remains unaffected.
Payment Service Providers
We use the payment service provider Stripe Payments Europe, Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, to process payments made on our website. Depending on availability and your selection, this may include payment by credit/debit card, SEPA Direct Debit, Apple Pay, Google Pay, Klarna, Sofort, giropay, iDEAL, Bancontact and other methods supported by Stripe from time to time.
Data processed
For payment processing we transmit the data required for the transaction (e.g. name, billing address, e-mail address, payment amount, currency, IP address, payment method details such as masked card data or IBAN, and transaction identifiers) to Stripe. Depending on the payment method chosen, additional data may be required (e.g. bank account details for direct debit, phone number for certain wallet or BNPL methods).
Legal bases
Processing necessary for the performance of a contract or pre-contractual steps: Article 6(1)(b) GDPR.
Compliance with legal obligations (e.g. financial recordkeeping, anti-money-laundering and sanctions screening as applicable): Article 6(1)(c) GDPR.
Fraud prevention, securing our payment processes and preventing misuse: Article 6(1)(f) GDPR (legitimate interests).
Roles and responsibility
Stripe may act as an independent controller and/or processor (depending on the specific product and payment method) in particular for executing the payment transaction, fraud prevention, and compliance with its own regulatory obligations.
International data transfers
Stripe may transfer personal data to recipients outside the European Economic Area, including to Stripe, Inc. in the United States. Stripe participates in the EU-U.S. Data Privacy Framework (DPF) and, where required, uses Standard Contractual Clauses and additional safeguards to ensure an adequate level of protection.
Retention
We and Stripe retain transaction data for the periods necessary to complete the payment, handle chargebacks, meet statutory retention duties under commercial and tax law, and comply with financial-services regulations.
Further information
For details about Stripe’s processing activities, data recipients and transfer mechanisms, please refer to Stripe’s Privacy Policy and the documentation for the specific payment methods you choose.
