Privacy Policy

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:Storylution GmbH
Felix Mottl-Str. 29A
1190 Vienna
Austria
E-mail: [email protected]
Website: www.story.one

1. Scope of the processing of personal data
   
   As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out after the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
   
   
2. Legal basis for the processing of personal dataInsofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis.

   When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

   Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

   If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage PeriodThe personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

1. Description and scope of data processingOur website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The following cookies are used:Cookie – hasConsent: Stores whether the user has agreed to the use of cookies or not. Set after accepting / rejecting the GDPR banner.
   Cookie – csrftoken: Temporary data to prevent cross-site request forgery (CSRF) attacks. Necessary for security reasons.
   Cookie – sessionid: Temporary data to identify the user to the website. Only set after successful log in.
   _ga / _gid: Google Analytics Tracking ID, used to analyze the use of this website. Only used after consent has been given. You can find more information on the analysis tools used under point IV.

   Technically necessary cookies
   

   Technically necessary cookies ensure functions without you cannot use our website. Consequently, these cookies are only used by us for this purpose and are first party cookies due to this fact, i.e. all information stored in the cookies is fed back to our website.

   The technically necessary cookies are there, for example, to grant the logged-in user access to various subpages of our website. The user data collected through technically necessary cookies are not used to create user profiles.

   Technically necessary cookies

   We also use cookies on our website that enable an analysis of the user’s surfing behavior. When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the data used is obtained. In this context, a reference to this privacy policy is also made.

2. Legal basis for data processing
   Technically necessary cookiesWe do not require consent for the use of technically necessary cookies, which is why they cannot be deactivated or activated. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.

   Cookies that are not technically necessary

   The legal basis for the processing of personal data using cookies for analysis purposes is a relevant consent of the user Art. 6 (1) lit. a GDPR.

3. Purpose of the data processingTechnically necessary cookies

   The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies.

   Cookies that are not technically necessary

   Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

4. Duration of storage, possibility of objection and eliminationCookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time; this can also be done automatically. If you also deactivate technically necessary cookies, we cannot guarantee that you will be able to access our offer in full. An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

1. Google Analytics and Google Ads
   1. Scope of the data processingWe use the web analysis tool “Google Analytics” from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website to analyze the surfing behavior of our users and the use of the website. The software sets a cookie on the user’s computer (for cookies, see above). The information generated by the cookie about the use of this website is transmitted to the servers of the web analysis service and stored there. The IP addresses of the users are anonymized by means of an IP masking procedure (“anonymizeIP”).

      Furthermore, we use the online marketing tool “Google Ads” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website for the purpose of placing content and ads within the service provider’s advertising network (e.g. in search results, videos, web pages, etc.) so that the content and ads are displayed to users who have a presumed interest in our ads. We also measure the conversion of the ads. We only receive anonymous information in this context and no personal information about individual users.

   2. Legal basis for the processing of personal dataThe legal basis for the processing of the users’ personal data is Art. 6 (1) lit. a GDPR.
   3. Purpose of the data processing
      The processing of users’ personal data via Google Analytics enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.The processing of users’ personal data via Google Ads enables us to place content and ads within Google’s advertising network and to display our content to users who have a presumed interest in the ads.
   4. Duration of storageThe data is deleted as soon as it is no longer required for our recording purposes. The cookies have a maximum storage period of 14 months and are automatically deleted afterwards. You can find more information on the possibility of objection and removal at: https://tools.google.com/dlpage/gaoptout?hl=de(opt-out-plugin) and https://privacy.google.com/businesses/adsservices (types of processing and data processed).
      
2. Meta Pixel
   1. Scope of the data processingWith the help of “Meta Pixel” (or comparable functions for the transmission of event data or contact information via interfaces in apps), it is possible for Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to determine the visitors to our online offer as a target group for the display of advertisements. Accordingly, we use the Meta Pixel to display the advertisements placed by us only to those users on Meta (Facebook) and within the services of partners cooperating with Meta (so-called “Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our advertising offer or who exhibit certain characteristics (e.g. interest in certain products or topics that are evident based on the websites visited), which we transmit to Meta.
      
   2. Legal basis for the processing of personal dataThe legal basis for the processing of the users’ personal data is Art. 6 (1) lit. a GDPR.
   3. Purpose of the data processingWith the help of the meta pixel, we also want to ensure that our Meta-Advertisements correspond to the potential interest of the users and do not have a harassing effect. In addition, this allows us to elicit the effectiveness of the Meta-Ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Meta-Ad (“conversion measurement”).
   4. Duration of storage
      Meta (Facebook) users can check their ad settings at any time and adjust them themselves (https://www.facebook.com/help/568137493302217).

1. Description and scope of data processingWe maintain social media presences to communicate with our users active there or to inform about us and our offers. On our website you will find links to the social media platforms Instagram, of Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (https://www.instagram.com/); Facebook (Meta), of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (https://www.facebook.com/); TikTok, of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (https://www.tiktok.com/); YouTube, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.youtube.com/); and Pinterest, of Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland.

   The following data published by users on social media platforms can be viewed and processed:

   • Inventory data (e.g. names, addresses)
   • Contact details (e.g. e-mail, telephone numbers)
   • Content data (e.g. text, photographs, videos)
   • Usage data (e.g. websites visited, interest in content, access times)
   • communication data (e.g. device information, IP addresses)
2. Legal basisThe legal basis for the processing of your personal data is our legitimate interests according to Art 6 (1) lit f GDPR.
3. Purpose of the data processingWe use the data published by users to contact and communicate with our customers and to enable users to distribute their works.
4. Duration of storage / Opt-Out Possibility of objection and removalFor a detailed presentation of the respective forms of processing, the duration of storage and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

   Instagram privacy policy: http://instagram.com/about/legal/privacy;

   Facebook privacy policy: https://www.facebook.com/about/privacy;

   Privacy notices for Facebook pages:

   https://www.facebook.com/legal/terms/information_about_page_insights_data;

   TikTok privacy policy: https://www.tiktok.com/de/privacy-policy;

   YouTube privacy policy: https://policies.google.com/privacy;

   Pinterest privacy policy: https://policy.pinterest.com/de/privacy-policy 

   Facebook (opt-out): Under the following link, the settings for advertisements can be accessed https://www.facebook.com/settings?tab=ads as well as additional information on data protection in relation to the agreement on the joint processing of personal data on Facebook pages at https://www.facebook.com/legal/terms/page_controller_addendum;

   YouTube (Opt-Out): https://adssettings.google.com/authenticated  

   Users’ data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the service providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly.

1. Description and scope of data processing
   On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask (first name, last name, email address) is transmitted to us. In addition, the language setting of the website is collected during registration.Your consent is obtained for the processing of data during the registration process and reference is made to this data protection declaration. No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
2. Legal basis for data processingThe legal basis for the processing of data after registration for the newsletter by the user is Art. 6 (1) lit. a GDPR if the user has given his consent.
3. Purpose of the data processingThe collection of the user’s email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address is stored for as long as the subscription to the newsletter is active.
5. Possibility of objection and removalThe subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

1. Scope and purpose of the processing
   Users can create an account within our online offer (in short: “user account”). If the registration of a user account is required, users will be informed of this and of the information required for registration. Users may also use pseudonyms as usernames instead of plain names. The user’s consent to the processing of this data is obtained as part of the registration process. We store the IP addresses as well as the access times to the user account in order to prove the registration and to be able to prevent any misuse of the user account.The community functions provided on our platform allow users with user accounts to enter conversations or other exchanges with each other. Please note that the use of the community functions is only permitted in compliance with the applicable legal standards and our terms and guidelines.
2. Legal basis for the processing of personal dataThe legal basis for the processing of the users’ personal data is Art. 6 (1) a and Art. 6 (1) b GDPR.
3. Purpose of the processingUser registration is required for the provision of certain content and services on our website. The processed data includes in particular the login information (username, password and an e-mail address).
4. Duration of storageIf users have deleted their user account, the data relating to the user account will be deleted, unless their retention is required for legal reasons. It is the responsibility of the user to back up their data upon termination of the user account.
5. Possibility of objection and removalAs a user, you have the option to cancel the registration at any time. The data stored about you can be changed at any time.

1. Scope of the processingWe process the data of our customers in order to enable them, among other things, to select, purchase or order selected products, goods and related services, their payment and delivery or execution. If necessary for the execution of an order, we use service providers such as postal, forwarding and shipping companies to carry out the delivery or execution for our customers. For the processing of payment transactions, we use the services of banks and payment service providers.
2. Purpose of the data processingThe required details are marked as such in the order process and include the details required for delivery or provision and invoicing as well as contact information in order to be able to consult with the contractual partner if necessary.
3. Duration of storageAfter fulfilment of the contract, the data will be deleted, unless their retention is required for legal reasons.

1. Scope of the processingFor the purpose of conducting sweepstakes and contests, we process personal data of the participants in compliance with the relevant data protection provisions, insofar as the processing is necessary for the provision, implementation and handling of the sweepstakes and the participants have consented to the processing. If participants’ contributions are published in the context of the sweepstake or competition (e.g. in the context of a vote, a presentation of the sweepstake entries and winners or a report on the sweepstake), we point out that the names or pseudonyms of the participants may also be published in this context.
2. Legal basis for the processing of personal dataThe legal basis for the processing of the users’ personal data is Art. 6 (1) lit. b GDPR.
3. Duration of storageThe participants’ data will be deleted as soon as the competition or contest has ended and the data is no longer required. Users are entitled to delete their data themselves at any time. Winners’ data may be stored for a longer period of time in order to fulfil the prize benefits. In this case, the retention period depends on the type of prize and, if applicable, on the statutory warranty periods. Furthermore, the participants’ data may be stored longer in the form of reporting on the prize draw in online and offline media.
4. Possibility of objection and removalAs a participant, you have the option of cancelling your consent to participate in the prize draw or competition at any time. You can have the data stored about you changed at any time.

1. Scope and purpose of the processingWe offer our services, in particular the distribution of Story One books, on online platforms operated by external service providers for the purpose of marketing. In this context, the data protection declarations and notices of the respective platforms apply in addition to our data protection declaration. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.
2. Legal basis for the processing of personal dataThe legal basis for the processing of the users’ personal data is Art. 6 (1) lit. b GDPR.

1. Description and scope of data processing
   It is possible to contact us via the e-mail addresses [email protected] and [email protected] provided. In this case, the user’s personal data transmitted with the e-mail will be stored.In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processingThe legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his or her consent. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the data processing is Art. 6 (1) lit. b GDPR.
3. Purpose of the data processingThe processing of the personal data serves us solely to process the contact. This also constitutes the necessary legitimate interest in processing the data.
4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

    

5. Possibility of objection and removalThe user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

(2) Right to withdraw consent: You have the right to withdraw your consent at any time.

(3) Right of access: You have both the right to obtain confirmation as to whether data concerning you is being processed and the right to obtain information and a copy of such data in accordance with the law.

(4) Right to rectification: You have the right to request the completion or rectification of (inaccurate) data concerning you.

(5) Right to erasure as well as right to restriction of processing: You have the right to have data concerning you deleted immediately or to have processing restricted in accordance with the legal provisions. 

(6) Right to data portability: You have the right to receive data relating to you that has been provided to us by you in a common, structured and machine-readable format in accordance with the statutory provisions. 

(7) Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory or data protection authority, in particular in the EU Member State where you have your habitual residence or place of work as well as in the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Vienna, on 03.03.2023

(last updated on 03.03.2023)