Privacy Policy

​​

Last updated: 26 September 2025

​

Privacy Policy in accordance with Art. 13 of the General Data Protection Regulation (GDPR)

 

Controller Information

​

Controller to Art. 4 No. 7 GDPR

Responsible is

 

WIA Community e.U

Neulinggasse 34-36/st2/14

1030 Vienna

Contact: privacy@whereimatcommunity.com

You can also find more information in the imprint.

​

PLATFORM NATURE & DISCLAIMER​

​

Where I’m At Community is a paid, peer-to-peer membership platform dedicated to burnout recovery support. We are a commercial entity funded through membership fees and partner/affiliate programs. The community does not offer medical, clinical, or therapeutic services. All support and discussions are peer-led and do not substitute for professional care.
 

I. DATA PROCESSING ON MY WEBSITE

​

I would like to point out that data transmission over the internet can have security gaps. Complete protection of data against access by third parties is not possible. In order to protect your data as comprehensively as possible from unwanted access, I take so-called technical and organisational measures. Specifically, I use an encryption process on my website. Your data is transmitted from your computer to my computer and vice versa via the Internet using what is known as TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the Internet. You can usually recognise "TLS" by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

 

1. SERVER DATA AND HOSTING

​

This website automatically collects and stores server log file information that your browser transmits to us. These are

- Referrer (the previously visited website)

- Requested web page or file

- Browser type and version

- Operating system used

- Type of device used

- Time of access

- IP address in anonymised form (only used to determine the location of access)

 

The legal basis for this data processing is my legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This is based on being able to identify indications of unlawful use of my website. This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person. Your personal data will not be transmitted to third parties.

I have concluded a data processing agreement with the Wix.com Ltd. based in Israel in accordance with Art. 28 GDPR. This provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to me. A separate legal basis is required for the transfer of personal data to third countries such as Israel. One possibility is an adequacy decision. This establishes that there is a comparable level of data protection laws between the EU/EEA and the country. An adequacy decision exists for Israel in accordance with Art. 45 GDPR. For other data transfers to countries such as the USA, there are standard contractual clauses between Wix and the respective Wix partner company.

The data collected is stored for a maximum of 7 days in server log files that your browser automatically transmits to us. We only store the server log files for longer than 7 days in the event of attacks on our server infrastructure or other legal violations. This longer storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the preservation of evidence.

​

2. ENQUIRIES BY E-MAIL, TELEPHONE, CONTACT FORM

​

Information and personal details that you send me by e-mail, telephone or contact form will of course be treated confidentially. I use your data exclusively for the purpose of processing your enquiry. The legal basis is the implementation of (pre-)contractual measures in the context of this communication in accordance with Art. 6 para. 1 lit. b) GDPR. Another legal basis for data processing is my legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The legitimate interest arises from my interest in responding to enquiries from my customers, business partners and interested parties and in maintaining and promoting customer satisfaction.

 

We do not disclose your data to third parties, except to service providers acting as our data processors under Art. 28 GDPR.

We will delete or anonymise all personal data that you provide to us in response to enquiries no later than 180 days after the final answer has been given to you. The retention period of 180 days is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, there are no more queries about our responses after 180 days.

 

3. INTERNATIONAL USERS & UNDER-18 PROTECTIONS

​

Our services are available to users globally. All personal data is processed in accordance with GDPR. Membership is restricted to users aged 18 or over. By registering, you confirm that you are 18+. We do not knowingly collect data from minors. Accounts found to be underage will be deleted and all data removed. Attempts at underage registration are logged for compliance.

​

4. USE OF COOKIES AND COMPARABLE TECHNOLOGY FOR PROCESSING USAGE DATA

​

My website uses cookies and similar technologies. These are small text files that can be stored and displayed on your end device. In addition to session cookies, which are deleted as soon as the browser is closed, there are also permanent cookies.

 

Technically required (necessary) cookies and similar technologies are used, for example, to enable certain basic functions of my website (page navigation, display). For this purpose, information is stored on your end device and read by me. In some cases, these cookies and similar technologies only contain information on certain settings and are therefore not personally identifiable. Without such cookies and similar technologies, our website would not function correctly.

 

The legal basis for technically necessary cookies is Art. 6(1)(f) GDPR (legitimate interests in providing a secure and functional website). The processing is based on the initiation or fulfilment of a contract. Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our "Cookie Consent Tool" to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time. You can use the iubenda cookie consent banner to change your decision at any time and thereby revoke your consent with effect for the future.

For a full list of cookies used and their function you will find it here Cookie Policy.

​

IUBENDA COOKIE SOLUTION

​

We use the iubenda Cookie Solution to manage cookie consent on our website in compliance with the General Data Protection Regulation (GDPR) and the EU ePrivacy Directive (Cookie Law). This tool helps us ensure that cookies are only used after obtaining users’ informed and explicit consent.

​

The provider of this technology is iubenda s.r.l Via San Raffaele, 1 - 20121 Milan (Italy).

 

How iubenda Processes Data
When you visit our website, iubenda:
   •    Displays a cookie banner to inform you about the types of cookies used.
   •    Blocks non-essential cookies (e.g., analytics, advertising) until consent is provided.
   •    Records and stores proof of consent in compliance with GDPR Article 7(1), which requires that consent be demonstrable.

​

Types of Cookies Managed
Through iubenda, we manage the following types of cookies:
    1.    Essential cookies are processed under Art. 6(1)(f) GDPR (legitimate interests in providing a secure, functional website).
   2.    Analytics Cookies: Used to analyze user behavior and improve our services (e.g., Google Analytics).
   3.    Advertising Cookies: Used for personalized ads and marketing purposes.

​

Cookies and Tracking

​

Third-party services such as YouTube, Amazon Affiliates, and Spotify, as well as social media integrations, may place cookies or similar trackers when you interact with embedded content or affiliate links. Third-party cookies and embedded content load only after you consent via our site-wide iubenda cookie banner.

​

International Data Transfers

​

Some cookies and personal data may be processed by services located outside the EU/EEA (such as the US, UK, or Israel). Where applicable, these transfers are protected by Standard Contractual Clauses or adequacy decisions in accordance with GDPR.

​

Legal Basis for Processing
The legal basis for processing personal data through cookies is:
   •    Consent: As per GDPR Article 6(1)(a), we rely on your explicit consent for non-essential cookies.
   •    Legitimate Interests: Essential cookies are processed under GDPR Article 6(1)(f) as they are necessary for the operation of our website.

​​

Records of Processing and Consent Management

We maintain logs of all processing activities and user consents through Iubenda (or equivalent secure systems), as required by GDPR Article 30. Our documentation is updated promptly to reflect any changes in processing activities, integrations or legal requirements.

​

Your Rights
As a user, you have the right to:
   •    Withdraw your consent at any time by accessing the cookie settings on our website.
   •    Request access to or deletion of your personal data collected through cookies.
For more information on how iubenda processes data, please refer to their Privacy Policy.

​​

USE OF SWARM COMMUNITY PLATFORM

​

We use the Swarm platform (operated by Swarm, UK/EU) to provide community forums, messaging, profile creation, and event functionality. When registering for community access, your registration data (name/alias, email address) is securely shared with Swarm for account creation and management. Swarm acts as a data processor under our instructions; its own privacy policy applies in addition to this Privacy Policy, available https://swarm.to/legal/privacy.

 

Data transfers to Swarm servers occur within the EU and the UK, governed by Data Processing Agreements and Standard Contractual Clauses as required by GDPR.

​​​

USE OF GOOGLE ANALYTICS

​

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) ("Google"). 

​

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable the use of the website by the user to be analysed. The information obtained by the cookies about your usage behaviour of this website is usually transferred to a Google server in the USA and stored there.   There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view Google's certification here.

​

We have made the setting that your IP address will be anonymised. IP address anonymization is carried out by Google, but within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. 

​

On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

​

The anonymised IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you. 

​

You can view the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via our banner. The user and event data will be deleted after 14 months. The "Reset user data on new activity" function is activated. This means that if you visit again before the retention period expires, your data will not be deleted.

​

Google reCAPTCHA

​

Our website uses Google reCAPTCHA to check and prevent automated servers („bots“) from accessing and interacting with our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

​

This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.

​

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.

​

Google offers detailed information at https://policies.google.com/privacy concerning the general handling of your user data.

​

Google Fonts

​

Our website uses Google Fonts to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).

​

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

​

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our site.

​

When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display.

​

Google offers detailed information at 

https://adssettings.google.com/authenticated

https://policies.google.com/privacy 

in particular on options for preventing the use of data.

 

INTEGRATION OF EXTERNAL CONTENT 

​

We embed videos or other external content on our websites that are not stored on our servers. These are blocked so that accessing our websites with embedded videos/content does not automatically result in the third-party provider's content being reloaded. This means that the third-party provider does not receive any information.

​

Content from the third-party provider is only loaded after consent has been granted via the cookie consent banner. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. There is an adequacy decision for the USA, so that the data transfer can take place without further measures. You can view the certification of Google (YouTube) and Vimeo here.

​

Provider of the video service: 

Google Ireland Limited/Google LLC (USA) ("YouTube")

Wix.com Limited (“Wix Podcast Player”) - The data transfer is based on the adequacy decision.

​​

AFFILIATE MARKETING & EMBEDDED PARTNER CONTENT

​

Some content (e.g., links to Amazon, YouTube, Spotify) includes affiliate links or embedded resources. By interacting with these, you acknowledge that we may earn commissions which help support the community. Affiliate providers may process your data internationally. See our Cookies Policy for partner-specific privacy links.

​

USE OF WORKFLOW AUTOMATION TOOLS

​

Workflow Automation with Make.com and Google Sheets

​

To automate onboarding and membership administration, we use Make.com (“Make”) together with Google Sheets. This automation covers limited operations such as creating or updating member records and membership state (e.g., active, trial, cancelled) and related timestamps.

​

Categories of data processed: name or alias, email address, membership status/tier, internal IDs, and minimal operational metadata (e.g., timestamps). We do not use Make for profiling or marketing beyond what is described here.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR) for members and legitimate interests in efficient service operations and accuracy of records (Art. 6(1)(f) GDPR). Where consent applies (e.g., cookies for embedded services), it is handled separately in our Cookie Policy.

​

Roles and safeguards: Make acts as our data processor under a Data Processing Agreement (DPA). See Make’s DPA and privacy information at: https://www.make.com/data-processing-agreement.pdf and https://www.make.com/en/privacy-notice . Security and GDPR information: https://www.make.com/en/security and https://www.make.com/en/privacy-and-gdpr . Where international transfers apply, Make relies on Standard Contractual Clauses and related measures as set out in its DPA.

​

Configuration to minimize data: we restrict scenarios to the minimum fields necessary, limit data retention in logs, and restrict access to authorised personnel only.

​

Google Sheets: acts as a processor for operational records related to onboarding and membership states under Google’s data processing terms for Workspace. Data is encrypted in transit and at rest and access is limited to Operations (Admin).

​

Retention: operational records in Google Sheets are retained for 12 months after membership ends (or as required by law). Scenario logs within Make are retained for 30 days unless a longer period is legally required.

​​

Revocation of consent

If you do not want external pages to be reloaded on other sites, you can revoke your consent for reloading via the cookie consent banner.

SUB-PROCESSOR UPDATES AND NOTIFICATION

​

Please note that our service providers (Mailchimp, Stripe, Ko-fi, Swarm, etc.) may engage additional sub-processors. We remain vigilant and update this policy promptly whenever providers change their sub-processing arrangements, as per their published privacy notices.

 

5. COMMUNITY MODERATION, REPORTING & APPEALS

As part of our platform, we maintain community moderation and allow all users to report posts, messages, or profiles violating our community guidelines or that may be abusive, harmful, or unsafe.
   •    All reports are handled confidentially by moderators and recorded for audit and compliance.
   •    Actions (such as warnings, content removal, or account suspension) are documented; you may appeal moderation decisions via support@whereimatcommunity.com.
   •    Reports of urgent or illegal activity are escalated to platform leads or, where appropriate, authorities.
   •    Moderation and incident data is retained securely for up to 18 months, then deleted or anonymized as per our data retention policy.

​

All moderation, incident reporting, and appeal records are retained for up to 18 months to meet legal and operational requirements, and are then deleted or anonymised, in compliance with GDPR. Users may request deletion of their moderation data per their GDPR rights.

​

COMMUNITY CONTENT AND SENSITIVE DATA

​

Our community spaces (chat, forums, events) are designed for peer support and do not offer medical advice. Users are instructed not to post sensitive personal or health-related data and are encouraged to register under an alias. If such data is posted inadvertently, we will promptly remove it and take steps to minimize risk under GDPR and the EU Digital Services Act (DSA). Users may report sensitive or unlawful content at any time using the platform’s reporting tools.

​

6. NEWSLETTERS

​

You can subscribe to our newsletter on our website. The newsletter contains information about offers or promotions. When you subscribe to the newsletter, we collect and store the data you enter in the input mask. You are only required to enter your e-mail address.  

​

After submitting the registration form, you will receive an e-mail from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully subscribed to it. You will be informed of this by another e-mail. You also give us your consent to process your e-mail address and, if applicable, your other data. This ensures that no third party or unauthorised person registers for our newsletter (compliance with the double opt-in procedure). 

​

You can unsubscribe from the newsletter at any time by clicking on the "Unsubscribe" link at the end of each newsletter. If you revoke your consent, your data will be deleted immediately; we will store proof of revocation for a further three years so that we can fulfil our accountability obligation in accordance with Art. 5 para. 2 GDPR. This storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for the confirmation email is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on being able to prove that you have given your consent. The burden of proof for the controller is set out in Art. 5 para. 2 GDPR. 

​

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 174 para. 3 TKG 2021. You can revoke your consent at any time.

​

We do not pass on the data to third parties. We have commissioned the service provider Mailchimp from The Rocket Science Group LLC, based in the USA, to send our newsletter. There is a data processing agreement in accordance with Art. 28 GDPR. The data transfer to the USA is based on the Data Privacy Framework (adequacy decision for the USA). Mailchimp also transfers data to the following sub-processors as part of its service provision in accordance with the agreed data processing agreement: Akamai in Massachusetts, USA; Amazon in Washington, USA; Google in California, USA. A complete list of the sub-processors currently used by Mailchimp can be found here.

​

The success of newsletters is measured using a so-called "web beacon", a small file that sends information to the server when the newsletter is opened. Technical data such as browser type, system information, IP address and retrieval time are recorded. This data helps to technically improve the service and to analyse the reading behaviour of the target group, for example based on the location (determined by the IP address) or access times.

​

We also statistically record whether and when newsletters are opened and which links are clicked on. Although this information can technically be assigned to individual recipients, it is neither our aim nor that of the mailing service provider to observe individual users. Instead, these analyses are used to tailor the content to the reading habits of users and to send different content depending on their interests.

A separate revocation of the performance measurement is not possible; if you do not agree, the entire newsletter subscription must be cancelled.

​

7. USE OF PAYPAL AS A PAYMENT METHOD

​

If you decide to pay with the online payment service provider PayPal during your order process, your contact data is transmitted to PayPal as part of the order thus triggered. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal thereby assumes the function of an online payment service provider and a trustee and offers buyer protection services.

The personal data transmitted to PayPal is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data, which is required for order processing,as well as data related to the order, such as the number of items, item number, invoice amount and tax percentage, billing information, etc.

​

This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship. Your data is therefore transmitted to PayPal on the basis of Article 6 para. 1 lit. b GDPR.

​

​However, please note: PayPal may transfer the personal data to service providers, to subcontractors or other affiliated companies, to the extent necessary to fulfill the contractual obligations arising from your order or to process the data in the order on your behalf.

​

Depending on the payment method selected via PayPal, e.g., invoice or direct debit, the personal data transmitted to PayPal will be transmitted to credit agencies by PayPal. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. For information on which credit agencies are involved and which data is generally collected, processed, saved and forwarded by PayPal, please refer to PayPal’s data protection statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

8. USE OF STRIPE AS A PAYMENT METHOD​

 

Use of Stripe for Payment Processing

​

We use Stripe, a third-party payment processor, to securely handle transactions on our website. Stripe processes payments on our behalf and ensures compliance with industry security standards, such as PCI-DSS. When you make a payment through our website, certain personal data is collected and processed by Stripe. This includes:

• Personal Information: Name, email address, and billing details.

• Payment Information: Credit/debit card details, bank account information, or other payment method details.

• Transaction Data: Amount paid, date, and time of the transaction.

​

Purpose of Data Processing

We process this data for the following purposes:

• To facilitate secure payment transactions.

• To prevent fraud and ensure the security of financial information.

• To comply with legal and regulatory obligations (e.g., anti-money laundering regulations).

 

Legal Basis

The legal basis for processing this data is:

• Contractual Necessity: Data processing is required to complete transactions initiated by you.

• Legal Obligations: Certain data may be retained to comply with tax or financial regulations.

 

Data Sharing with Stripe

When you make a payment, your personal data is shared with Stripe as necessary to process the transaction. Stripe may also share this data with financial institutions or other entities involved in the payment process. For more information on how Stripe handles your personal data, please refer to their Privacy Policy.

 

Security Measures

Stripe uses industry-standard encryption (e.g., AES-256) and other security measures to protect your personal and payment information during processing.

 

Your Rights

 

You have the right to:

• Request access to the personal data we hold about you.

• Request correction or deletion of your personal data where applicable.

• Withdraw consent for processing at any time.

​

For privacy-related inquiries or to exercise your GDPR rights, email privacy@whereimatcommunity.com. We respond within one calendar month.

​​

User Rights and Consent Management

​

We use the iubenda Cookie Solution to present the banner, block non-essential cookies until consent, and store proof of consent (Art. 7(1) GDPR). You can update choices anytime via "Manage cookies". All cookie choices are stored securely, and you may request a log of consent records or deletion of specific tracking data by contacting your privacy contact email.

​

9. APPEALS, ESCALATION, AND CONTACT INFORMATION

For questions, complaints, appeals against moderation decisions, or to escalate urgent safety issues, contact us via:
   •    Support Email: support@whereimatcommunity.com
   •    Appeals: support@whereimatcommunity.com
   •    Contact Form: Contact form

 

Appeals regarding moderation actions must be submitted within 14 days; all appeals are reviewed by a senior moderator or administrator within 10 business days. For urgent issues, mark your correspondence as “URGENT” for immediate prioritization.

​​

RETENTION OVERVIEW

​

Processing Activity: Website server logs (security)
Primary System: Wix
Retention Period: 30–90 days (security rotation)
Legal Basis: Art. 6(1)(f) GDPR – legitimate interests (security)

​

Processing Activity: Contact enquiries
Primary System: Wix inbox / email
Retention Period: 180 days (then deletion unless legal retention applies)
Legal Basis: Art. 6(1)(b)/(f)

​

Processing Activity: Newsletter subscribers
Primary System: Mailchimp
Retention Period: Until unsubscribe or deletion request; suppression list retained to respect opt-outs
Legal Basis: Art. 6(1)(a)/(f)

​

Processing Activity: Community membership records (states)
Primary System: Swarm
Retention Period: Duration of membership + 12 months
Legal Basis: Art. 6(1)(b)

​

Processing Activity: Onboarding automation logs
Primary System: Make.com
Retention Period: 30 days (shortest practical for troubleshooting)
Legal Basis: Art. 6(1)(f)

​

Processing Activity: Operational spreadsheets (membership states)
Primary System: Google Sheets
Retention Period: 12 months after membership ends (or as required by law)
Legal Basis: Art. 6(1)(b)/(f)

​

Processing Activity: Analytics reports
Primary System: Google Analytics (IP anonymised)
Retention Period: 14 months
Legal Basis: Art. 6(1)(a) where consent applies; otherwise aggregated

​

Processing Activity: Moderation records (reports/takedowns)
Primary System: Swarm / internal
Retention Period: 18 months (unless needed for legal claims)
Legal Basis: Art. 6(1)(c)/(f)

 

Note: If statutory retention (e.g., tax or legal claims) requires longer storage, we retain only the minimum necessary data for that purpose.

​

10. USE OF KO-FI.COM FOR DONATIONS AND SUPPORT

​

We use Ko-fi, a third-party platform, to allow supporters to make donations or purchase goods/services. When you interact with us through Ko-fi, certain personal data may be collected and shared to facilitate these transactions. This includes:

• Display Name and Email Address: Shared with us when you make a donation or leave a message.

• Shipping Information: If you purchase physical goods or rewards, your address (and phone number, if required for shipping) is shared with us to fulfill the order.

• Payment Information: Payments are processed directly through third-party providers like PayPal or Stripe. We do not have access to your payment details, but these providers may share limited information such as your name and email address.

 

For more information on how Ko-fi processes personal data, please refer to their Privacy Policy.​

​

Purpose of Data Processing

We process the data collected via Ko-fi for the following purposes:

​

To manage and fulfill donations, purchases, or subscriptions.

• To communicate with supporters regarding their interactions with us on Ko-fi.

• To comply with legal obligations, such as maintaining transaction records for tax purposes.

​

Legal Basis

The legal basis for processing this data is:

• Consent: By using Ko-fi to support us, you consent to the processing of your data as described in this policy.

• Contractual Necessity: Data processing is required to fulfill transactions initiated by you.

• Legal Obligations: Certain data may be retained to comply with applicable laws.

 

Your Rights

As a supporter, you have the right to:

• Request access to the personal data we hold about you.

• Withdraw consent for processing at any time.

• Request deletion of your personal data from our records.

​

Deleting your account removes your data and also removes access to any purchased products (there’s no account to attach them to). If you want to minimise data but keep access, contact support@whereimatcommunity.com about data minimisation instead of full deletion.

 

To exercise your data subject rights (access, correction, erasure, restriction, objection, portability), contact us via the details above. Requests will be processed within one calendar month, in accordance with GDPR.​​

​

11. REFUND POLICY & COMPLAINTS

 

For refunds/complaints, see our Terms & Conditions.
​​

​

II. INFORMATION ABOUT MY SOCIAL MEDIA PRESENCE

​

I operate the following social media presences:

Instagram: https://www.instagram.com/whereimatcommunity/

YouTube:    https://www.youtube.com/@whereimatcommunity 

LinkedIn:      https://www.linkedin.com/company/whereimatcommunity/ 

Facebook:  https://www.facebook.com/profile.php?id=61570531855629

X:                  https://x.com/whereim_at_comm

​

​

Data processing by me:

​

a. Operation of my above-mentioned social media pages

​

The personal data entered on my social media page, such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. I reserve the right to delete content should this be necessary. I may share your content on our site and contact you via the social media platform, e.g. via the messengers offered. The legal basis for this is my legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

​

b. Page Insights

 

The social media platforms provide statistics and insights in anonymised form, which we use to gain knowledge about the types of actions that people take on our site (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our LinkedIn page.

 

This processing of personal data is carried out by the social media platform and me as a so-called joint controller in accordance with Art. 26 GDPR. In the case of joint controllership, a separate agreement must be concluded.

 

These agreements are provided by the social media platforms and are available over the Internet:

 

Instagram: https://www.facebook.com/legal/terms/page_controller_addendum

YouTube:    https://business.safety.google/controllerterms/

LinkedIn:     https://legal.linkedin.com/pages-joint-controller-addendum 

Facebook:  https://www.facebook.com/legal/terms/page_controller_addendum

X:                 https://gdpr.x.com/en/controller-to-controller-transfers.html

​

If you wish to object to specific data processing over which I have an influence, please use the contact details above. I will check your objection or, if necessary, forward it to the social media platform.

 

Note: The provision of your data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate and interact with us via our social media pages. 

 

Data processing by the operator of the social media platform:

​

In addition to me, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, I only have limited influence on data processing by the operator. Where I can exert influence (e.g. through parameterisation), I work within the scope of my possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many cases, however, I cannot influence the data processing by the operator of the social media platform myself and do not know exactly what data they process. The operator will inform you about the processing of personal data in its own privacy policy:

​Instagram: help.instagram.com/519522125107875   

​

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, I unfortunately have little influence on the web tracking methods of the social media platform. I cannot switch this off, for example. Please be aware that it cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. In this respect, I have no influence on the web tracking methods used by the social media platform. In this respect, I have no influence on the processing of your data by the provider of the social media platform.

 

Data transfer to third countries and recipients:

​

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certifications in accordance with the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram) and Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.  

 

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform will use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

 

III. INFORMATION ON DATA PROCESSING IN THE CONTEXT OF VIDEO CONFERENCES VIA ZOOM

 

We use the Zoom tool from Zoom Video Communications Inc. to organise telephone conferences, online meetings and video conferences. You will receive access to the agreed appointments via a link provided by e-mail. You can enter my video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the transmission of your video. You are muted by default and you must manually enable your microphone if you wish. If you switch on your camera and/or microphone, this data will be processed during the meeting.

​

The following additional data may also be processed depending on the type and scope of the specific use:

• Personal details (e.g. first and last name, e-mail address, profile picture)

• Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)

• Device/hardware data (e.g. IP addresses, MAC addresses, client version)

• Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)

• Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

 

Furthermore, your personal data may be processed. This also depends specifically on your use, such as use of the chat or the whiteboard. We explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting. 

​

Legal basis

 

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organisation of virtual communication.

​

Receiver 

​

The provider Zoom necessarily receives knowledge of the above-mentioned data insofar as this is contractually regulated within the framework of our data processing agreement in accordance with Art. 28 GDPR. There are no other recipients. 

​

We cannot rule out the possibility that data may also be routed via internet servers located outside the EU or the EEA. Zoom Voice Communications, Inc. has a valid certification under the Data Privacy Act as an adequacy decision for the USA.

​

You are not obliged to communicate with us via Zoom. Alternatively, you can also communicate by e-mail or telephone. 

​

We generally delete personal data when there is no need for further storage.

 

IV. YOUR RIGHTS AS A DATA SUBJECT

​

IN ACCORDANCE WITH ART. 15 PARA. 1 GDPR, YOU HAVE THE RIGHT TO RECEIVE INFORMATION ABOUT THE PERSONAL DATA STORED ABOUT YOU FREE OF CHARGE UPON REQUEST. FURTHERMORE, IF THE LEGAL REQUIREMENTS ARE MET, YOU HAVE THE RIGHT TO RECTIFICATION (ART. 16 GDPR), ERASURE (ART. 17 GDPR) AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU HAVE PROVIDED THE PROCESSED DATA YOURSELF, YOU HAVE THE RIGHT TO DATA PORTABILITY IN ACCORDANCE WITH ART. 20 GDPR.

IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 E) OR F) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, THIS WILL NOT TAKE PLACE IN FUTURE UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR FURTHER PROCESSING WHICH OVERRIDE THE DATA SUBJECT'S INTEREST IN OBJECTING.

IF THE DATA PROCESSING IS BASED ON CONSENT IN ACCORDANCE WITH ART. 6 PARA. 1 LIT. A), ART. 9 PARA. 2 LIT. A) OR ART. 49 PARA. 1 LIT. A) GDPR, YOU CAN REVOKE YOUR CONSENT AT ANY TIME WITH EFFECT FOR THE FUTURE WITHOUT AFFECTING THE LEGALITY OF THE PREVIOUS PROCESSING. 

YOU ALSO HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY. THE COMPLAINT CAN BE LODGED IN PARTICULAR WITH A SUPERVISORY AUTHORITY IN THE EU MEMBER STATE OF YOUR PLACE OF RESIDENCE, PLACE OF WORK OR PLACE OF THE ALLEGED INFRINGEMENT.

CONTACT DETAILS FOR THE RESPONSIBLE DATA PROTECTION AUTHORITY IN AUSTRIA CAN BE FOUND AT WWW.DSB.GV.AT  

 

V. NOTICE TO CALIFORNIA RESIDENTS (CPRA) - YOUR PRIVACY CHOICES

​

If California law applies, California residents have the right to request access, deletion, and correction of their personal information; to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising; and to limit the use of sensitive personal information (where applicable). We honor Global Privacy Control (GPC) signals.
You can exercise choices at Your Privacy Choices (California) using the Manage cookies link, which controls cookies/identifiers used for advertising/attribution and disables “sale”/“sharing” where applicable.

​

VI. NO AUTOMATED DECISION-MAKING

​

No automated decision-making or profiling takes place.

 

VII. PROVISION

​

Unless otherwise stated, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. If you do not provide your personal data, I may not be able to respond to your enquiry, for example.

​​

12. POLICY REVIEW & UPDATES

​

This privacy policy, cookie policy and related procedures are reviewed annually and updated to reflect changing laws, technology, user feedback, and operational needs. We will notify members of material changes through the website and, where appropriate, by email. The most recent version is always available at www.whereimatcommunity.com/privacy-policy.

​