top of page

Privacy Policy

​​

Last updated:  14 April 2026

Privacy Policy in accordance with Art. 13 of the General Data Protection Regulation (GDPR)

 

Controller Information

Data Protection Officer: We are not required to appoint a Data Protection Officer under Art. 37 GDPR and §38 DSG. Contact You can contact us about any data protection matters at privacy@whereimatcommunity.com for all data matters.

WIA Community e.U

Neulinggasse 34-36/st2/14

1030 Vienna

Controller to Art. 4 No. 7 GDPR

You can also find more information in the imprint.
VAT number: No UST billing
Firmenbuchnummer FN 641363g

PLATFORM NATURE & DISCLAIMER​

Where I’m At Community is a paid, members-only peer-support and lived-experience education platform for working professionals affected by burnout, chronic stress, and related work or life disruption. The platform is not a therapy, crisis, or clinical care service and does not provide medical, psychiatric, legal, financial, HR, employment, or one-to-one coaching services. Specific features, areas and content types available may vary over time and by membership plan; these are described at checkout and on the platform.

I. DATA PROCESSING ON MY WEBSITE

I would like to point out that data transmission over the internet can have security gaps. Complete protection of data against access by third parties is not possible. In order to protect your data as comprehensively as possible from unwanted access, I take so-called technical and organisational measures. Specifically, I use an encryption process on my website. Your data is transmitted from your computer to my computer and vice versa via the Internet using what is known as TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the Internet. You can usually recognise "TLS" by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

 

1. SERVER DATA AND HOSTING

When you visit our website, the hosting provider automatically collects server log information, such as:

  • Referrer (previously visited website)

  • Requested page/file

  • Browser type/version

  • Operating system

  • Device type

  • Time of access

  • IP address (in anonymised form where supported by the hosting configuration)

 

Purpose: security, stability, and detecting unlawful use.

 

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation and abuse prevention).

 

Hosting provider: Wix.com Ltd. (including its relevant group entities/subprocessors).

We have concluded a data processing agreement (Art. 28 GDPR) with our hosting provider where applicable.

International transfers: Where data is processed outside the EU/EEA, transfers are safeguarded via adequacy decisions (where applicable) and/or Standard Contractual Clauses (SCCs) and other measures used by the provider.

 

Retention:

  • Standard server logs: up to 7 days

  • Extended retention: only if required for investigating security incidents, attacks, or suspected legal violations (retained only as long as necessary to preserve evidence)

 

Domain Provider: In addition, we use services from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, for domain services. In this context, IONOS processes server log data as described above on our behalf on the basis of a data processing agreement in accordance with Art. 28 GDPR. The legal basis is our legitimate interest in the secure and reliable provision of our website (Art. 6 para. 1 lit. f GDPR).

2. ENQUIRIES BY E-MAIL, TELEPHONE, CONTACT FORM

If you contact us, we process the data you provide (e.g., name, email address, message content) to handle your enquiry.

Purpose: responding to enquiries and maintaining customer support.

 

Legal bases:

  • Art. 6(1)(b) GDPR (pre-contractual/contractual measures), and/or

  • Art. 6(1)(f) GDPR (legitimate interest in responding effectively)

Recipients: We do not disclose enquiry data to third parties except service providers acting as our processors (Art. 28 GDPR).

Retention: We delete or anonymise enquiry data no later than 180 days after final resolution, unless legal retention obligations apply.

 

3. INTERNATIONAL USERS & UNDER-18 PROTECTIONS

Our services are available globally. We process personal data in accordance with GDPR standards.

Adults only (18+): Membership is restricted to users aged 18 or over. If an account is found to belong to a minor, it will be removed and data handled in line with legal obligations.

4. USE OF COOKIES AND COMPARABLE TECHNOLOGY FOR PROCESSING USAGE DATA

We use cookies and similar technologies to operate and secure our website (essential cookies) and, with your consent, to perform analytics. Essential cookies are processed on the basis of our legitimate interests in providing a secure, functional website (Art. 6(1)(f) GDPR). All non-essential cookies (for example Google Analytics) are used only with your consent (Art. 6(1)(a) GDPR), which you can give and withdraw at any time via our cookie banner or settings.
A detailed and always up-to-date list of the cookies and similar technologies used on our website, including providers, purposes, and retention periods, is available in our Cookie Policy, which is maintained via our consent management tool.”

USE OF SWARM COMMUNITY PLATFORM

 

We use Swarm to provide our members-only community platform (spaces, posts, messaging, profiles, events, courses). Swarm processes personal data on our behalf as a processor. Swarm's privacy policy also applies.

Data processed: Email addresses, display names/aliases, optional profile photos/bios, posts/comments/reactions, user reports, direct messages (if enabled), event RSVPs, course access logs, downloads, device/session data, moderation/audit logs.

Privacy-first features: Users may post using aliases or anonymous features. Other members cannot see account identities, but administrators, moderators and Swarm may access account data where necessary for safety, compliance or operations. We recommend avoiding identifying details (full names, workplaces, addresses).

 

Purposes: We process this data to provide the community and course services, maintain platform security, moderate content and respond to reports, and maintain records of membership status and purchases. The legal bases are Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interests in platform security, moderation and service improvement), and Art. 6(1)(c) GDPR (legal obligations, where applicable).

We minimise sensitive data processing and encourage alias use.

Transfers: EU/UK servers (UK adequacy decision). Other transfers via Swarm's contractual safeguards.

​​​

USE OF GOOGLE

 

Google Analytics 4 (GA4)

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) ("Google"). 

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable the use of the website by the user to be analysed. The information obtained by the cookies about your usage behaviour of this website is usually transferred to a Google server in the USA and stored there. The data transfer to Google LLC (USA) uses EU-US Data Privacy Framework (DPF). View Google's DPF certification: https://www.dataprivacyframework.gov/participant?id=a2zt000000001L5AAI

We have made the setting that your IP address will be anonymised. IP address anonymization is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. 

On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

The anonymised IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you. 

You can view the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via our banner. The user and event data will be deleted after 14 months. The "Reset user data on new activity" function is activated. This means that if you visit again before the retention period expires, your data will not be deleted.

 

​Google Workspace (Email & Productivity)

 

We use Google Workspace (provided by Google Ireland Limited and Google LLC) for business email (privacy@…, support@…legal@...), document storage, and collaboration. This includes processing of customer support emails, partner communications, and internal operational documents containing personal data.

Data processed: Names, email addresses, support queries, partner contact details, document content (where we store customer/partner info).

Purposes: Business communications, record-keeping, internal collaboration.

Legal basis: Art. 6(1)(b) and (f) GDPR (contract/service delivery, legitimate business operations).

Transfers: EU (Ireland) + US via EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses as detailed in Google's Data Processing Terms.

Further details: Google's Workspace privacy information and processor documentation.
 

Google reCAPTCHA

Our website uses Google reCAPTCHA to check and prevent automated servers („bots“) from accessing and interacting with our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.

Google offers detailed information at https://policies.google.com/privacy concerning the general handling of your user data.

 

USE OF NOTION

 

We use Notion (Enterprise account on EU servers) for internal productivity, partner relationship management (CRM), and moderation reporting. Notion processes:
   •    Partner data: Names, emails, organisations, contact notes
   •    Moderation data: Member display names/aliases, reported post URLs/content excerpts, incident timestamps, moderator notes, health/safety-related reports (where voluntarily disclosed by users)
 

Purposes: Partner management, project tracking, community moderation documentation, incident reporting, audit trails.
Legal bases:
   •    Art. 6(1)(f) GDPR (legitimate interests in efficient operations and community safety)
   •    Art. 6(1)(c) GDPR (legal obligations under DSA for moderation records)
   •    Art. 9(2)(e) GDPR (health/safety data voluntarily made public in reports)
Location: EU servers (no third-country transfers).
Retention:
   •    Partner  Relationship duration + 12 months
   •    Moderation records: Minimum 18 months (DSA compliance + legal claims)
Access: Restricted to authorised moderators/administrators only.
Further details: Notion Enterprise GDPR page: (https://www.notion.com/help/gdpr-at-notion) and

Data Processing Addendum: (https://notion.notion.site/Data-Processing-Addendum-361b540101274b1fa7e16b90402b0d99).

USE OF BUNNYCDN

We use the content delivery network (CDN) “BunnyCDN” operated by BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia, to deliver our website content quickly and securely.
When you access our website, BunnyCDN processes technical connection data (in particular your IP address, date and time of access, requested file, referrer URL, browser type and version, operating system and device type) in server log files in order to deliver the content and protect against misuse. The legal basis is our legitimate interest in the provision and security of our website in accordance with Art. 6 para. 1 lit. f GDPR.
The data is generally processed within the EU. Where data is transferred to third countries, BunnyCDN uses appropriate safeguards in accordance with Art. 46 GDPR. Further information is available in BunnyCDN’s privacy notice.

ERROR MONITORING WITH SENTRY

We use the error‑tracking service Sentry operated by Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, to monitor the stability and security of our website.
When an error occurs, technical data about the event (such as IP address, browser and device information, operating system, time of the error, requested URL and details about the actions immediately before the error) may be transmitted to Sentry and stored in error logs. This helps us to identify and fix problems so that our website works reliably. The legal basis is our legitimate interest in maintaining the security and functionality of our services in accordance with Art. 6 para. 1 lit. f GDPR.
Data may be transferred to the USA. The transfer is based on the EU standard contractual clauses and additional safeguards in accordance with Art. 46 GDPR. Further information can be found in Sentry’s privacy notice: https://sentry.io/privacy.

INTEGRATION OF EXTERNAL CONTENT 

We embed videos or other external content on our websites that are not stored on our servers. These are blocked so that accessing our websites with embedded videos/content does not automatically result in the third-party provider's content being reloaded. This means that the third-party provider does not receive any information.

Content from the third-party provider is only loaded after consent has been granted via the cookie consent banner. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view the certification of Google (YouTube) and Vimeo here.

Provider of the video service: 

Google Ireland Limited/Google LLC (USA) ("YouTube")

Wix.com Limited (“Wix Podcast Player”) - The data transfer is based on the adequacy decision.

​​

AFFILIATE MARKETING & EMBEDDED PARTNER CONTENT

 

Some content on the website or platform may include affiliate links, embedded media, external tools, partner resources, or referral pathways (for example Amazon, YouTube, Spotify, or third-party experts and providers).

If you interact with these external services, they may process your personal data under their own privacy policies and may transfer data internationally.

Where external experts, partner programmes, workshops, or referral pathways are mentioned, they are independent third parties. Any separate engagement, purchase, booking, participation, or contract with them is governed by their own terms and privacy policies.

Amazon Affiliate Links


We participate in the Amazon Associates program. When you click Amazon affiliate links, Amazon sets tracking cookies on their domain (amazon.com) to record referral data for 24 hours (extendable to 90 days for carted items). Amazon processes this independently under their privacy policy. Legal basis: Consent via cookie banner (Art. 6(1)(a) GDPR).[web:29][web:32]
 

We may earn commissions from some affiliate or referral links. This does not alter your rights or the impartiality of recommendations.
 

Third-party services and referrals

From time to time, the platform may refer Users to external experts, facilitators, service providers, or partner programmes through Reinvent Partners or other areas of the Service. Any such third parties act independently from Where I’m At / WIA Community e.U. and are solely responsible for their own services, privacy practices, terms, and legal compliance.

If you engage with a third party, any separate processing of your personal data will be governed by that third party’s own privacy policy and terms.

Independence of expert-led content

 

Where the platform includes guest sessions, expert-led workshops, partner pathway pages, or educational contributions by external experts, such content is provided by independent third parties from their own professional or educational perspective. Unless expressly stated otherwise, such persons do not act as employees, agents, or representatives of WIA Community e.U. in relation to their separate services.
 

ADDITIONAL THIRD-PARTY SERVICES AND TRACKING
 

Consent blocking: Our iubenda consent management solution ensures no non-essential trackers load or execute before you actively consent. Non-essential services remain blocked until consent is given via the banner/settings.


Google Cloud CDN and Vercel
 

We use content delivery networks (CDNs) such as Google Cloud CDN and Vercel to deliver website content quickly and securely. When you access our website, these providers may process technical connection data (in particular your IP address, date and time of access, requested file, referrer URL, browser type and version, operating system and device type) in server log files for the purpose of content delivery and protection against misuse. The legal basis is our legitimate interest in the provision, performance, and security of our website in accordance with Art. 6(1)(f) GDPR. Where data is transferred to third countries (such as the USA), this is based on appropriate safeguards (for example adequacy decisions, Standard Contractual Clauses, and additional technical and organisational measures).
 

Sectigo CodeGuard
 

We use Sectigo CodeGuard for website backup and security monitoring. In this context, CodeGuard may process server‑side technical data (including IP addresses and file metadata) in order to create backups, detect anomalies, and support recovery in case of incidents. The legal basis is our legitimate interest in the integrity and availability of our website in accordance with Art. 6(1)(f) GDPR. Where CodeGuard processes data in third countries, appropriate safeguards such as Standard Contractual Clauses apply.

 

Google Looker Studio
 

We may use Google Looker Studio to generate internal aggregated reports based on website and platform analytics data (for example data collected via Google Analytics). Looker Studio itself does not place cookies on your device but retrieves and visualises data from other sources. The legal basis for any processing in this context follows the underlying data source, in particular your consent under Art. 6(1)(a) GDPR for analytics data and our legitimate interests under Art. 6(1)(f) GDPR for internal reporting. Data transfers to Google LLC in the USA are based on the EU‑US Data Privacy Framework and, where necessary, Standard Contractual Clauses and additional safeguards.
 

Vertigo Media and ClickBank
 

From time to time, we may use third‑party providers such as Vertigo Media and ClickBank to host or deliver digital content, campaigns, or affiliate offers. When you interact with such content, these providers may process your IP address, device information, and usage data (for example clicks or conversions) and may set their own cookies or similar technologies under their own privacy policies. The legal basis for any marketing or conversion tracking cookies is your consent (Art. 6(1)(a) GDPR), obtained via our cookie banner. You can withdraw this consent at any time through the cookie settings. These providers act as independent controllers for their own processing and may transfer data internationally under the safeguards described in their privacy policies.

Meta Ads Conversion Tracking and Google Floodlight Conversion Tracking


If you give your consent via our cookie banner, we use Meta ads conversion tracking (Meta pixel or similar technology) and Google Floodlight conversion tracking to measure the effectiveness of our advertising campaigns and optimise our marketing. These tools allow us to understand whether users complete certain actions (for example visiting specific pages or making purchases) after interacting with our ads. The legal basis is your consent under Art. 6(1)(a) GDPR and, if applicable, Art. 49(1)(a) GDPR for transfers to third countries.


Meta Platforms and Google act as independent controllers for their own advertising networks and may combine this information with other data they hold about you to display personalised advertising. Data may be processed in the EU and in third countries (in particular the USA). Transfers are based on mechanisms such as the EU‑US Data Privacy Framework and/or Standard Contractual Clauses together with additional technical and organisational measures. You can withdraw your consent to Meta and Floodlight tracking at any time via our cookie settings; this will prevent further tracking on our site but not necessarily remove ads in general.

WORKFLOW AUTOMATION (Zapier, Make.com)

We use Zapier/Make.com for onboarding/membership sync between Swarm + internal systems. Data: name/alias, email, membership status, timestamps. Purposes: Operational efficiency. Legal bases: Art. 6(1)(b)(f). Transfers: US (SCCs/DPF). Retention: 30 days. Sub-processors above.

SUB-PROCESSOR UPDATES AND NOTIFICATION

 

Please note that our service providers (Mailchimp, Stripe, Ko-fi, Swarm, etc.) may engage additional sub-processors. We remain vigilant and update this policy promptly whenever providers change their sub-processing arrangements, as per their published privacy notices.

DATA RETENTION OVERVIEW (SUMMARY)

We retain personal data only as long as necessary for the purposes described above, and longer only where required by law.

- Website server logs (Wix, IONOS, BunnyCDN): 7 days (longer for security incidents) - Art. 6(1)(f) GDPR
- Error monitoring (Sentry): 30 days (1 year max for unresolved issues) - Art. 6(1)(f) GDPR
- Contact enquiries (Wix forms, Google Workspace): 180 days after resolution - Art. 6(1)(b)(f) GDPR
- Community platform (Swarm): Membership duration + 12 months - Art. 6(1)(b) GDPR
- Course participation logs (Swarm): Membership duration + 12 months - Art. 6(1)(b) GDPR
- Moderation/reporting/appeals (Notion, Swarm): 18 months minimum (longer for DSA/legal claims) - Art. 6(1)(c)(f) GDPR
- Newsletter subscriptions (Mailchimp): Unsubscribe + 3 years (proof of consent) - Art. 6(1)(a) GDPR
- Analytics (Google Analytics 4): 14 months (consent-based) - Art. 6(1)(a) GDPR
- Payments/transactions (Stripe, PayPal, Ko-fi): 7+ years (Austrian tax/accounting law) - Art. 6(1)(c) GDPR
- Workflow automation (Zapier, Make.com): 30 days (90 days max for troubleshooting) - Art. 6(1)(b)(f) GDPR
- Business productivity (Google Workspace email/docs): Relationship duration + 12 months - Art. 6(1)(b)(f) GDPR
- Partner CRM (Notion): Relationship duration + 12 months - Art. 6(1)(f) GDPR

 

Notes:
- All retention periods comply with GDPR Art. 5(1)(e) data minimisation
- Legal retention overrides purpose-based retention (e.g., tax records)
- Pseudonymised/anonymised data may be retained longer for analytics

 

YOUR RIGHTS AS A DATA SUBJECT

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR) where processing is based on Art. 6(1)(e) or (f) GDPR

  • Withdraw consent at any time (Art. 7 GDPR) where processing is based on consent

 

You also have the right to lodge a complaint with a supervisory authority.

Austria: Österreichische Datenschutzbehörde (DSB) — www.dsb.gv.at

 

To exercise your rights, contact: privacy@whereimatcommunity.com

SUB-PROCESSOR OVERVIEW

Our key service providers and their sub-processor documentation:


Wix.com (Website hosting) https://www.wix.com/about/privacy 
Stripe (Payments) https://stripe.com/legal/end-customers-subprocessors
Mailchimp (Newsletters) https://mailchimp.com/legal/sub-processors
PayPal (Payments) https://www.paypal.com/legalhub/pp-subprocessor-list
Google Workspace (Email/docs) https://workspace.google.com/terms/dpa_terms
Notion (CRM/moderation) https://www.notion.com/help/gdpr-at-notion
Zapier (Automation) https://zapier.com/legal/sub-processors
Make.com (Automation) https://www.make.com/en/legal/sub-processors
Sentry (Error monitoring) https://sentry.io/privacy
BunnyCDN (CDN) https://bunny.net/privacy

Swarm (Community Platform Provider) *available on request

 

We maintain data processing agreements with all processors above and monitor their sub-processor lists quarterly. All international transfers use approved mechanisms (SCCs, DPF, adequacy decisions).

​5. NEWSLETTERS

You can subscribe to our email newsletter, which contains information about our services and offers. For this purpose we process your email address and, if you provide them, optional details such as your name. We use a double opt-in process to verify your subscription.
 

The newsletter is sent via Mailchimp (The Rocket Science Group LLC, USA) under a data processing agreement in accordance with Art. 28 GDPR. Data may be transferred to the USA on the basis of the EU-US Data Privacy Framework and, where applicable, additional safeguards. Mailchimp may use sub-processors, which are listed in its own documentation.
We may measure newsletter performance (for example whether emails are opened and which links are clicked) in order to improve our content. The legal basis for sending the newsletter and performance measurement is your consent (Art. 6(1)(a) GDPR and § 174 TKG 2021).

You can withdraw your consent at any time with effect for the future by clicking the “Unsubscribe” link in any email.

6. USE OF PAYPAL AS A PAYMENT METHOD

We offer payments via PayPal (PayPal Europe S.à.r.l. et Cie, S.C.A., Luxembourg). When you choose PayPal, PayPal receives the personal data required to process the payment and perform identity and fraud checks (for example name, address, email, payment information and transaction details). PayPal processes this data as an independent controller under its own privacy policy.


The legal basis for transmitting data to PayPal is Art. 6(1)(b) GDPR (contract performance) and, where applicable, Art. 6(1)(c) GDPR (legal obligations). For further details see PayPal’s privacy statement. Please refer to PayPal’s data protection statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

7. USE OF STRIPE AS A PAYMENT METHOD​

We use Stripe as a payment processor for card and other electronic payments. When you complete a payment, Stripe processes your payment data (such as card details, bank information and transaction IDs) and certain contact details (such as name, email and billing address) to execute the transaction, prevent fraud and comply with financial regulations.
The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (legal obligations in tax and financial law). Stripe processes data as an independent controller for some purposes and as our processor for others; further information and its list of sub‑processors are available in Stripe’s own documentation.

Mailchimp (newsletters) and Ko-fi (donations): See retention table + sub-processor documentation above.

User Rights and Consent Management

We use the iubenda Cookie Solution to present the banner, block non-essential cookies until consent, and store proof of consent (Art. 7(1) GDPR). You can update choices anytime via "Manage cookies". All cookie choices are stored securely, and you may request a log of consent records or deletion of specific tracking data by contacting your privacy contact email.

8. APPEALS, ESCALATION, AND CONTACT INFORMATION


For questions, complaints, appeals against moderation decisions, or to escalate urgent safety issues, contact us via:
   •    Support Email: support@whereimatcommunity.com
   •    Appeals: support@whereimatcommunity.com
   •    Contact Form: Contact form

Appeals regarding moderation actions must be submitted within 14 days; all appeals are reviewed by a senior moderator or administrator within 10 business days. For urgent issues, mark your correspondence as “URGENT” for immediate prioritization.

9. USE OF KO-FI.COM FOR DONATIONS AND SUPPORT

We use Ko‑fi to enable supporters to make donations or purchase selected goods or services. In doing so, Ko‑fi and its payment providers (for example Stripe or PayPal) process your data as independent controllers under their own privacy policies. We receive only the information needed to recognise the payment and, where applicable, to deliver any goods or services (for example display name, email, and shipping details). The legal bases are Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations).

10. REFUND POLICY & COMPLAINTS

For refunds/complaints, see our Terms & Conditions.
​​

II. INFORMATION ABOUT MY SOCIAL MEDIA PRESENCE

We maintain pages on Instagram, YouTube, LinkedIn, Facebook, X. Platforms process data per their policies. We receive anonymized page insights (Art. 6(1)(f)). 

Links:
- Instagram: https://www.instagram.com/whereimatcommunity/
- YouTube: https://www.youtube.com/@whereimatcommunity
- LinkedIn: https://www.linkedin.com/company/whereimatcommunity/
- Facebook: https://www.facebook.com/profile.php?id=61570531855629
- X: https://x.com/whereim_at_comm

Full details in each platform's privacy policy.

III. NOTICE TO CALIFORNIA RESIDENTS (CPRA) - YOUR PRIVACY CHOICES

If California law applies, California residents may have additional rights (for example to request access, deletion or correction of personal information and to opt out of certain data “sales” or “sharing”). Where relevant, these can be exercised via our cookie and privacy settings or by contacting us. We honour Global Privacy Control (GPC) signals for applicable web tracking.

IV. NO AUTOMATED DECISION-MAKING

No automated decision-making or profiling takes place.

V. PROVISION

Unless otherwise stated, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. If you do not provide your personal data, I may not be able to respond to your enquiry, for example.

​​

11. POLICY REVIEW & UPDATES

This privacy policy, cookie policy and related procedures are reviewed annually and updated to reflect changing laws, technology, user feedback, and operational needs. We will notify members of material changes through the website and, where appropriate, by email. The most recent version is always available at www.whereimatcommunity.com/privacy-policy.

bottom of page