You are offline.

Privacy Policy

Below, we inform you in accordance with the legal requirements of data protection law (especially pursuant to BDSG n.F. and the European General Data Protection Regulation “GDPR”) about the nature, scope, and purpose of processing personal data by our company. This privacy policy also applies to our websites and social media profiles. For definitions of terms such as “personal data” or “processing,” please refer to Art. 4 GDPR.

Name and Contact Details of the Controller


Our controller (hereinafter referred to as “Controller”) pursuant to Art. 4 No. 7 GDPR is:

VayDesign, Bugenhagenstr. 2, 10551 Berlin, Germany

Email address: info@asklocals.com

Types of Data, Purposes of Processing, and Categories of Affected Persons

Below, we inform you about the type, scope, and purpose of the collection, processing, and use of personal data.


1. Types of Data We Process

Usage data (access times, visited websites, etc.), inventory data (name, address, etc.), contact data (phone number, email, fax, etc.), content data (text entries, videos, photos, etc.), communication data (IP address, etc.).


2. Purposes of Processing According to Art. 13 Para. 1 c) GDPR

Optimizing the website technically and economically, enabling easy access to the website, optimizing and statistically evaluating our services, improving user experience, making the website user-friendly, operating advertisements and the website economically, creating statistics, estimating the probability of text copying, avoiding SPAM and misuse, processing application procedures, customer service and customer care, handling contact requests, providing websites with functions and content.

3. Categories of Affected Persons According to Art. 13 Para. 1 e) GDPR

Visitors/users of the website, customers, interested parties, applicants, employees.

The affected persons are collectively referred to as “Users.”


Legal Basis for Processing Personal Data

Below, we inform you about the legal basis for processing personal data:

  1. If we have obtained your consent for processing personal data, Art. 6 Para. 1 Sentence 1 lit. a) GDPR is the legal basis.
  2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures based on your request, Art. 6 Para. 1 Sentence 1 lit. b) GDPR is the legal basis.
  3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g., statutory retention obligations), Art. 6 Para. 1 Sentence 1 lit. c) GDPR is the legal basis.
  4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 Sentence 1 lit. d) GDPR is the legal basis.
  5. If processing is necessary to safeguard our or a third party's legitimate interests and your interests or fundamental rights and freedoms do not override these, Art. 6 Para. 1 Sentence 1 lit. f) GDPR is the legal basis.

Transfer of Personal Data to Third Parties and Processors

We generally do not transfer data to third parties without your consent. If we do, the transfer is based on the previously mentioned legal bases, e.g., when sharing data with online payment providers to fulfill a contract, or due to a court order, or because of a legal obligation to release the data for law enforcement, hazard prevention, or the enforcement of intellectual property rights.
We also use processors (external service providers such as web hosting providers for our websites and databases) to process your data. When data is shared with processors under a processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, regularly monitor them, and have secured our right to issue instructions regarding the data. Additionally, the processors are required to take suitable technical and organizational measures and comply with data protection regulations in accordance with the BDSG n.F. and GDPR.


Data Transfer to Third Countries

With the implementation of the European General Data Protection Regulation (GDPR), a unified foundation for data protection has been established in Europe. Therefore, your data is primarily processed by companies where GDPR is applicable. If processing by third-party services outside the European Union or the European Economic Area takes place, they must fulfill the specific requirements of Art. 44 ff. GDPR. This means the processing is based on specific guarantees, such as the EU Commission’s official recognition of a level of data protection equivalent to the EU or the observation of officially recognized contractual obligations, known as “Standard Contractual Clauses.” For US companies, adherence to the so-called “Privacy Shield,” the data protection agreement between the EU and the USA, fulfills these requirements.


Deletion of Data and Retention Period

Unless explicitly stated in this privacy policy, your personal data will be deleted or blocked as soon as the consent you provided for processing is revoked, or the purpose for storing the data no longer applies, or the data is no longer necessary for the purpose, unless further retention is required for evidence purposes or if statutory retention obligations conflict with this. These include, for example, commercial retention obligations for business correspondence under Section 257 (1) HGB (6 years) and tax retention obligations for records under Section 147 (1) AO (10 years). Once the prescribed retention period expires, the data is blocked or deleted unless continued storage is required for a contract conclusion or fulfillment.


Existence of Automated Decision-Making

We do not use automated decision-making or profiling.


Provision of Our Website and Creation of Log Files

  1. When you use our website purely for informational purposes (i.e., no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data:
    • IP address;
    • Internet service provider of the user;
    • Date and time of access;
    • Browser type;
    • Language and browser version;
    • Content of the request;
    • Time zone;
    • Access status/HTTP status code;
    • Data volume transmitted;
    • Websites from which the request comes;
    • Operating system.
    No storage of this data together with other personal data of yours takes place.

  2. These data serve the purpose of providing a user-friendly, functional, and secure delivery of our website to you with its functions and content, as well as its optimization and statistical evaluation.

  3. The legal basis for this is our legitimate interest in data processing as per Art. 6 Para. 1 Sentence 1 lit. f) GDPR, as reflected in the aforementioned purposes.

  4. For security reasons, we store this data in server log files for a duration of 70 days. After this period, the data is automatically deleted unless it is required for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Cookies

  1. We use so-called cookies during your visit to our website. Cookies are small text files that your internet browser stores on your computer. If you revisit our website, these cookies provide information to automatically recognize you. Cookies also include so-called "user IDs," where user information is stored in pseudonymized profiles. We inform you about the use of cookies for the purposes mentioned above and how you can object to or prevent their storage ("opt-out") when you access our website via a notice linked to this privacy policy.

    The following types of cookies are distinguished:



    • Necessary, essential cookies:

    Essential cookies are those absolutely necessary for operating the website, enabling certain functionalities of the website, such as logins, shopping carts, or saving user inputs, e.g., regarding the website's language.

    • Session cookies:

    Session cookies are required for recognizing multiple uses of an offer by the same user (e.g., to establish your login status when you are logged in). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained serves to optimize our offers and make it easier for you to access our site. Session cookies are deleted when you close your browser or log out.

    • Persistent cookies:

    These cookies remain stored even after the browser is closed. They serve purposes such as login storage, reach measurement, and marketing purposes. These are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies anytime in your browser's security settings.

    • Third-party cookies (particularly from advertisers):

    Depending on your preferences, you can configure your browser settings to refuse third-party cookies or all cookies. However, please note that you may not be able to use all the features of this website fully. Further information about these cookies can be found in the respective privacy policies of third-party providers.

Contact through Contact Form / Email / Fax / Text

  1. When you contact us via the contact form, fax, text, or email, your data will be processed to handle your inquiry.

  2. Legal basis for processing your data is your consent under Art. 6 Para. 1 Sentence 1 lit. a) GDPR. If the inquiry is related to the initiation of a contract, an additional legal basis is Art. 6 Para. 1 Sentence 1 lit. b) GDPR. The data may also be processed due to our legitimate interest under Art. 6 Para. 1 Sentence 1 lit. f) GDPR, which includes handling user inquiries, safeguarding proof, and complying with legal retention obligations for business correspondence.

  3. We may store your data and inquiry in a customer relationship management system ("CRM System") or a comparable system.

  4. Data will be deleted once the purpose for its collection has been fulfilled. This means that for inquiries made via email or contact form, data will be deleted once the conversation with you is concluded. An inquiry is considered closed when the circumstances suggest that the issue has been fully resolved. For users with accounts or contracts with us, inquiries are stored for up to two years after the contract ends. Legal retention obligations (e.g., six years for business correspondence, ten years for tax-related records) override this rule, and data is deleted after those obligations are fulfilled.

  5. You have the right to revoke your consent under Art. 6 Para. 1 Sentence 1 lit. a) GDPR and object to the storage of personal data at any time. Please contact us via email to request deletion or revocation of your data.

Google AdWords with Conversion Tracking

  1. We use the service "Google Ads with Conversion Tracking" (Provider: Google Ireland Limited, Registered No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to promote our website through advertisements on third-party websites.

  2. Data categories and description of data processing: Usage data/communication data. When you click on one of our Google Ads, a cookie is stored in your browser, valid for approximately 30 days. If you visit our website during this time, both we and Google can analyze the cookies to determine if you visited our website and which pages you accessed. Google compiles statistics based on this information. Data may also be transferred to and analyzed in the USA. If you are logged into your Google account, this data may be linked to your account unless you log out before visiting our website.

  3. Purpose of processing: Conversion tracking is used to analyze and measure the success of our advertising efforts, optimize them, and support the economic operation of our website.

  4. Legal basis: If you have consented to the processing of your personal data via "Google Ads with Conversion Tracking" ("opt-in"), Art. 6 Para. 1 Sentence 1 lit. a) GDPR is the legal basis. Otherwise, our legitimate interest in analytics, optimization, and effective operation makes Art. 6 Para. 1 Sentence 1 lit. f) GDPR applicable.

  5. Data transfer/recipient category: Google Ireland, USA; Google USA is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

  6. Storage duration: Up to 540 days.

  7. Objection and removal options ("opt-out"): You can prevent the installation of cookies by Google in several ways:

    • Adjust your browser settings to reject cookies, including third-party cookies.

    • Use Google's settings at https://adssettings.google.com to disable conversion tracking.

    • Opt out of personalized third-party advertising through these links: https://optout.aboutads.info (US) or http://www.youronlinechoices.com/uk/your-ad-choices/ (EU).

    • Use a browser plugin for Chrome, Firefox, or Internet Explorer to disable cookies permanently: https://support.google.com/ads/answer/7395996.

  8. Further information can be found in Google's Privacy Policy: https://policies.google.com/privacy.

Google AdWords Remarketing / "Similar Audiences"

  1. We use the "Google Analytics Remarketing / Similar Audiences" application (Provider: Google Ireland Limited, Registered No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to advertise our website on third-party websites and internet platforms.

  2. Data categories and description of data processing: Usage data/communication data. Using the Remarketing or "Similar Audiences" function in Ads allows us to reach users who have previously visited our website by showing them tailored ads. Remarketing helps bring past visitors back to our website through targeted advertising. If you visit other websites, we and Google can analyze cookies to determine whether you've visited our site previously and show you relevant ads. Google compiles statistics based on this. The full scope of data processing is not known to us. Data may also be transferred to and analyzed in the USA. According to Google, data collected through remarketing is processed pseudonymously and not linked to your Google account.

  3. Purpose of processing: Remarketing is used for analytics, optimization, and the economic operation of our advertising and website.

  4. Legal basis: If you have consented to the processing of your personal data via "Google Ads Remarketing / Similar Audiences" ("opt-in"), Art. 6 Para. 1 Sentence 1 lit. a) GDPR is the legal basis. Otherwise, our legitimate interest in analytics, optimization, and effective operation makes Art. 6 Para. 1 Sentence 1 lit. f) GDPR applicable.

  5. Data transfer/recipient category: Google Ireland, USA; Google USA is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

  6. Storage duration: If you visit certain pages of our website, a cookie valid for 30 days will be stored in your browser.

  7. Objection and removal options ("opt-out"): You can prevent the installation of cookies by Google in several ways:

    • Adjust your browser settings to reject cookies, including third-party cookies.

    • Use Google's settings at https://adssettings.google.com to disable personalized advertising.

    • Opt out of personalized third-party advertising through these links: https://optout.aboutads.info (US) or http://www.youronlinechoices.com/uk/your-ad-choices/ (EU).

    • Use a browser plugin for Chrome, Firefox, or Internet Explorer to disable cookies permanently: https://support.google.com/ads/answer/7395996.

  8. Further information can be found in Google's Privacy Policy: https://policies.google.com/privacy.

Google Analytics

  1. We have integrated the web analytics tool "Google Analytics" (Provider: Google Ireland Limited, Registered No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

  2. Data categories and description of data processing: User-ID, anonymized IP address. When you visit our website, Google places a cookie on your computer to analyze your usage. We have activated the IP anonymization function ("anonymizeIP"), so IP addresses are processed only in truncated form within EU member states or other contracting states of the European Economic Area. In exceptional cases, the full IP address may be sent to a server in the USA and truncated there. Google uses this information on behalf of the operator of this website to evaluate website usage, compile reports on website activity, and provide additional services related to website and internet usage. We have also enabled cross-device analysis of website visitors using a User-ID. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Further information can be found at https://www.google.com/analytics/terms/de.html (Analytics Terms of Service) and Google's Privacy Policy at https://policies.google.com/privacy.

  3. Purpose of processing: Google Analytics is used for analysis, optimization, and improvement of our website.

  4. Legal basis: If you have consented to the processing of your personal data via "Google Analytics" ("opt-in"), Art. 6 Para. 1 Sentence 1 lit. a) GDPR is the legal basis. Otherwise, our legitimate interest in analytics, optimization, and improvement makes Art. 6 Para. 1 Sentence 1 lit. f) GDPR applicable.

  5. Storage duration: Data sent by us and linked to cookies, User-IDs, or advertising IDs will be automatically deleted after 14 months. Deletion of data that has reached its retention period occurs automatically once a month.

  6. Data transfer/recipient category: Google Ireland and USA. If personal data is transferred to the USA, Google's certification under the Privacy Shield provides assurance that European data protection standards are maintained. Additionally, we have entered into a data processing agreement with Google under Art. 28 GDPR.

  7. Objection and removal options ("opt-out"): You can prevent the storage of cookies by adjusting your browser settings. Additionally, you can install a browser plugin to disable Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en.

Google ReCAPTCHA

  1. We have integrated the "reCAPTCHA" anti-spam feature from Google (Provider: Google Ireland Limited, Registered No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) into our website.

  2. Data category and description of data processing: Usage data (e.g., accessed websites, IP address). By using "reCAPTCHA" in our forms, we can determine whether an input was made by a human or a machine (robot). Your IP address and other data required by Google for the "reCAPTCHA" service may be transmitted to servers in the USA.

  3. Purpose of processing: Prevention of spam and misuse, as well as our economic interest in optimizing our website.

  4. Legal basis: If you have given consent for processing your personal data using "reCAPTCHA" ("opt-in"), Art. 6 Para. 1 Sentence 1 lit. a) GDPR is the legal basis. Otherwise, our legitimate interest in spam prevention and website optimization makes Art. 6 Para. 1 Sentence 1 lit. f) GDPR applicable.

  5. Data transfer/recipient category: Third-party provider in the USA. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework), ensuring compliance with European data protection law.

  6. Storage duration: Until you delete the cookies.

  7. Further information about Google ReCAPTCHA can be found at https://www.google.com/recaptcha/ and in Google's Privacy Policy at https://policies.google.com/privacy.

Presence on Social Media

  1. We maintain profiles or fan pages on social media platforms. When you use and access our profiles on the respective networks, the respective privacy notices and terms of use of the respective networks apply.

  2. Data categories and description of data processing: Usage data, contact data, content data, inventory data. Data of users are generally processed within social networks for market research and advertising purposes. User behavior and interests may be used to create user profiles. These profiles can be used for targeted advertising within and outside the networks. For these purposes, cookies may be stored on users computers. User profiles may also store data independently of the devices used (especially if users are logged in as members of the respective platforms). For detailed descriptions of the respective processing forms and opt-out options, please refer to the privacy policies of the respective network operators. In the case of access requests and enforcement of user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data and can directly take appropriate measures or provide information. If you still need assistance, feel free to contact us.

  3. Purpose of processing: Communication with users connected and registered on social networks; information and advertising for our products, offers, and services; external representation and image cultivation; evaluation and analysis of users and content on our social media presences.

  4. Legal basis: The legal basis for processing personal data is our legitimate interest in the above purposes per Art. 6 Para. 1 Sentence 1 lit. f) GDPR. If you have given your consent to data processing by the respective social network operator, Art. 6 Para. 1 Sentence 1 lit. a) GDPR is also applicable.

  5. Data transfer/recipient category: Social network. If US providers are certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework), compliance with European data protection law is ensured.

  6. Privacy policies, information, and opt-out options of the respective networks/providers can be found here:

    Facebook – Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website: www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy/, Opt-out: https://www.facebook.com/settings?tab=ads, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    Instagram – Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Privacy Policy: https://help.instagram.com/519522125107875, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    Twitter – Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA); Privacy Policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

    LinkedIn – Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland); Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of US-based LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Data Protection in Job Applications and Application Procedures

  1. Applications sent to us electronically or via text are processed electronically or manually to handle the application process.

  2. We explicitly advise that application documents containing "special categories of personal data" under Art. 9 GDPR (e.g., a photo indicating ethnic origin, religion, or marital status) are undesirable, except for disclosures about a potential disability, which you may choose to provide voluntarily. Submitting such data will not affect your application chances.

  3. The legal basis for processing is Art. 6 Para. 1 Sentence 1 lit. b) GDPR and § 26 BDSG n.F.

  4. If, after completing the application process, an employment relationship is entered into, the applicant's data will be stored in compliance with applicable legal regulations. If no job offer is made after completing the application process, the submitted application documents will be deleted six months after sending the rejection to comply with obligations under the AGG (General Equal Treatment Act).

Rights of the Data Subject

  1. Right to Object or Withdraw Consent:
    If the processing of your personal data is based on your consent (Art. 6 Para. 1 Sentence 1 lit. a), Art. 7 GDPR), you have the right to withdraw your consent at any time. The legality of processing carried out based on consent until withdrawal remains unaffected.

    If we base the processing of your personal data on a legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f) GDPR), you may object to the processing. In such cases, we request an explanation of why we should not process your personal data as we have done. Upon receiving your justified objection, we will examine the situation and either stop or adapt the data processing or demonstrate our compelling legitimate grounds for continuing it.

    You may object to processing your personal data for advertising and data analysis purposes at any time. Exercising your right to object is free of charge. You can inform us of your objection to advertising through the following contact details:

    VayDesign
    VayDesign, Bugenhagenstr. 2, 10551 Berlin, Germany
    Email address: info@asklocals.com

  2. Right to Information:
    You have the right to request confirmation from us about whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about the data stored about you, per Art. 15 GDPR. This includes, in particular, details on processing purposes, categories of personal data, recipients or categories of recipients to whom data has been disclosed or will be disclosed, the intended storage period, and the data source, provided it was not collected directly from you.

  3. Right to Rectification:
    You have the right to correct inaccurate or incomplete data stored about you under Art. 16 GDPR.

  4. Right to Deletion:
    You have the right to request the deletion of your data under Art. 17 GDPR, provided no statutory or contractual retention obligations or other legal obligations or rights to continued storage oppose this.

  5. Right to Restriction:
    You have the right to demand the restriction of processing your personal data if one of the conditions in Art. 18 Para. 1 lit. a) to d) GDPR is met:
    • You contest the accuracy of your personal data for a period allowing the controller to verify the accuracy of the personal data;

    • The processing is unlawful, and you oppose deleting the personal data and request the restriction of its use instead;

    • The controller no longer needs the personal data for processing purposes, but you require it to establish, exercise, or defend legal claims; or

    • You have objected to processing under Art. 21 Para. 1 GDPR, and it is not yet clear whether the legitimate grounds of the controller outweigh your reasons.

  6. Right to Data Portability:
    You have the right to receive your data stored by us in a structured, commonly used, and machine-readable format or request its transfer to another controller under Art. 20 GDPR.

  7. Right to Lodge a Complaint:
    You have the right to lodge a complaint with a supervisory authority. Typically, you can contact the supervisory authority in the Member State of your residence, workplace, or the place of the alleged infringement.

Data Security

To protect all personal data transmitted to us and ensure compliance with data protection regulations by us and our external service providers, we have implemented suitable technical and organizational security measures. For this reason, data is encrypted during transmission between your browser and our server using a secure SSL connection.


Effective Date: 19.01.2020