Data Protection

my-vpa Website Data Protection Provisions (GDPR)

The protection and security of your (hereinafter “you” or the “user”) personal data within the meaning of Article 4 (1) of the General Data Protection Regulation (hereinafter “GDPR”) (hereinafter “PD”) are important to us. Accordingly, we comply with data protection regulations in order to provide adequate protection for the PD of every user. In the following, we would like to inform you about the type, scope and purpose of PD processing on our website:
my-vpa GmbH, Kleine-Spitzengasse 2–4, 50676 Cologne (hereinafter “we” or “MY-VPA”) processes PD on the website exclusively in accordance with the GDPR and other applicable data protection regulations.

This Data Protection Policy (hereinafter “DPP”) provides the information in accordance with Article 13 of the GDPR for the use of the website www.my-vpa.com.
In this DPP, we first explain who the responsible data controller is and who the data protection officer is, then, sorted by type of access, the information about the types of PD, the purposes and legal basis of the processing, any recipients and any legitimate interests, deadlines for deletion and, if necessary, further information. At the end of this DPP, we will explain your rights.

1. Contact details of the data controller (Article 13 (1) (a) of the GDPR)

my-vpa GmbH, Kleine-Spitzengasse 2–4, 50676 Cologne, Managing Director Luis Miranda, phone: +49 (0)221 82 829 827, email: service@my-vpa.com, is responsible for operating the website and handling the PD that is processed during the course of this. Due to the size of the company and the business model, MY-VPA does not have a data protection officer. Therefore, please send all data protection enquiries to the above address.

2. Accessing the website and downloading documents

a. Types of personal data: each time the website is accessed and any documents are downloaded in the freely accessible area of the website, the following log files for the respective user are automatically created: browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our website (known as the referrer), the sub-websites that are accessed via an accessing system on our website, the date and time of access to the website, the internet protocol address (IP address) of the accessing system, the internet service provider of the accessing system, other similar data and information that is necessary for averting danger in the event of attacks on our information technology systems.

b. Purposes of processing (Article 13 (1) © of the GDPR): the aforementioned data is processed in order to ensure functionality when the website is accessed or to make the download technically possible. In addition, the data may be used to ensure the security of the information technology systems on which the website is operated. The data are not analysed for marketing or any other purposes.

c. Legal basis for processing, legitimate interests (Article 13 (1) © and (d) of the GDPR): the legal basis for processing the data is Article 6 (1) (f) of the GDPR; i.e., it is in the legitimate interest of MY-VPA. This legitimate interest consists of being able to present our website to you, including the downloading of documents.

d. Recipients/third parties/transfer to non-EU states (Art. 13 (1) (e) and (f) of the GDPR): PD are not transferred to third parties (Article 4 (10) of the GDPR). All PD are processed on computers within the European Union. The website host is our data processor. Data are not transferred to non-EU states. PD are only transferred to government institutions and authorities in accordance with legal regulations.
e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): PD are deleted no later than when you end your visit to the website, i.e., when you close the browser on your computer. For technical reasons, data on the server (log files) are deleted periodically every 14 (fourteen) days.

3. Contacting us by email using the email addresses provided on the website

We give you the opportunity to contact us directly by email via a specified email address at various points on the website, including in the Legal Notice. Please do not use general email addresses to send us documents containing special personal content, e.g., application documents.

a. Types of personal data: data include email address, log files about the properties of the email, the time of its arrival and all PD that have been specified in the email, for example, by the sender.

b. Purposes of processing (Article 13 (1) © of the GDPR): the purpose is to answer the user’s request, and subsequently, if necessary, to initiate, establish and conduct a business relationship, depending on the nature of the request.

c. Legal basis for processing, possible legitimate interests (Article 13 (1) © and (d) of the GDPR): the legal basis for processing the PD is Article 6 (1) (f) of the GDPR, if the sender of the email is not yet a client or is not already in another way in a business relationship or in the process of initiating one with us. In this case, our legitimate interests consist of providing you with information and answering your request and, if necessary, entering into a business relationship with you, provided this is relevant to your issue. If a contractual relationship already exists or one is to be initiated on your initiative, the legal basis for processing is Article 6 (1) (b) of the GDPR.

d. Recipients/third parties/transfer to non-EU states (Article 13 (1) (e) and (f) of the GDPR): PD shall not be transferred to third parties (Article 4 (10) of the GDPR) unless such transfer is the express subject of the user’s request or the user expressly consents to the transfer. All emails are processed on computers within the European Union. The email host is our data processor. Data are not transferred to non-EU states, not are such transfers intended. PD shall only be transferred to government institutions and authorities in accordance with legal regulations.

e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): the PD will be deleted three months after the request has been professionally dealt with, which will also be presumed if the user has not responded to a response from MY-VPA to his request for three months. If the request leads to a contractual relationship or makes preparations for one, the PD will be deleted in accordance with the legal provisions, no later than when the contractual or pre-contractual relationship has ended – namely, three months after its termination. The PD will not be deleted if Article 17 (3) of the GDPR applies, in particular, if statutory retention requirements exist and/or the PD are required in order to establish, exercise or defend against legal claims.

4. Use of the contact form

Before using the contact form (sending the completed form on the subpage https://www.my-vpa.com/kontakt/), the user must consent to the processing of the PD that is associated with the use of the contact form in accordance with the following regulations by actively ticking a box; otherwise, the completed form cannot be sent. For the right to withdraw consent that has been provided, at any time, see point 10.

a. Types of personal data: data include name, e‑mail address, subject, message content, technical logging of consent that has been provided.

b. Purposes of processing (Article 13 (1) © of the GDPR): the purposes are to answer the user’s request and subsequently, if necessary, to initiate, establish and conduct a business relationship, depending on the nature of the request.

c. Legal basis for the processing (Article 13 (1) © of the GDPR): the legal basis is Article 6 (1) (a) of the GDPR, i.e., the declared consent, and/or, depending on the type and course of communication, in order to initiate and implement a business relationship, Article 6 (1) (b) of the GDPR.

d. Recipients/third parties/transfer to non-EU states (Article 13 (1) (e) and (f) of the GDPR): user data shall not be transferred to third parties (Article 4 (10) of the GDPR) unless the user expressly requests such a transfer in his request and the consent also makes reference to it. All data are processed on computers within the European Union. The website host or the email host is our data processor. Data are not transferred to non-EU states. PD shall only be transferred to government institutions and authorities in accordance with legal regulations.

e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): the data will be deleted three months after the request has been answered or completed, unless the nature of the request results in a different treatment (e.g., processing of advice) or you withdraw your consent prior to this. If the request leads to a contractual relationship with MY-VPA or if it makes immediate preparations for one, the PD will be deleted in accordance with the legal provisions, no later than three months after the intended contractual or pre-contractual relationship has ended. The PD will be deleted unless Art. 17 (3) of the GDPR applies, in particular, if statutory retention requirements exist and/or the data are required in order to establish, exercise or defend against legal claims.

5. Transfer of application documents

We give applicants the opportunity to apply for a position with us at https://www.my-vpa.com/vpa-bewerbung/ using a form created with Google Docs; see: https://docs.google.com/forms/d/e/1FAIpQLSd1CHreQ85xGQx-o_iFqbqFlKbEvsI5ZoGfFH0niUFJlsisQA/viewform?c=0&w=1. The data protection provisions of Google and ReCaptcha apply to the Google Docs service; see: https://policies.google.com/privacy/update.

You can also send an email to our HR department via the subpage mentioned above. Please do not send any application documents to general email addresses. If you choose to send documents by email, the following rules apply.

a. Types of personal data: when sent by email, data include the email address, including the logging of the email on our computers, and all PD contained in the email relating to the application and communicated by the applicant, e.g., title, surname, first name, details from the applicant’s CV, certificates and the like. When filling out the web form, the following data are required: email, name, address, nationality, contact information, social media profiles.

b. Purposes of processing (Article 13 (1) © of the GDPR): the purpose of the processing is to select applicants and potentially establish an employment relationship.

c. Legal basis for processing (Article 13 (1) © of the GDPR): The legal basis is the desired work relationship or the actions required to establish it in accordance with Section 26 of the German Federal Data Protection Act (BDSG) or Article 6 (1) (b) of the GDPR when applying for freelance work.

d. Recipients/third parties/transfer to non-EU states (Article 13 (1) (e) and (f) of the GDPR): data will not be transferred to third parties (Article 4 (10) of the GDPR). All web forms and emails are processed on computers within the European Union. The email host is our data processor. Data are not transferred to non-EU states. PD shall only be transferred to government institutions and authorities in accordance with legal regulations.

e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): the data will be deleted within three months of completion of the application process (i.e., communication of the decision about whether your application will or will not be considered), unless (i) the application was successful and the application documents are enclosed alongside the HR file (Section 26 of the German Federal Data Protection Act (BDSG)), (ii) you have expressly given your consent in your capacity as an applicant to be included in a talent pool for a certain period of time (after which the data will be deleted) and/or (iii) a Article 17 (3) of the GDPR applies, in particular, if statutory retention requirements exist and/or the data are required in order to establish, exercise or defend against legal claims.

6. Live chat on the website

a. Types of personal data: data include all personal data communicated by the user during the chat, in particular, the user’s name. The technical data or log files that are required to carry out the chat are also collected.

b. Purposes of processing (Art. 13 (1) © of the GDPR): the purposes are to answer the user’s request and subsequently, if necessary, to initiate, establish and conduct a business relationship, depending on the nature of the request.

c. Legal basis for processing (Article 13 (1) © of the GDPR): the legal basis is Article 6 (1) (b) of the GDPR, i.e., initiating and conducting a business relationship.
Recipients/third parties/transfer to non-EU states (Article 13 (1) (e) and (f) of the GDPR): we use the service Tawk.to for the chat function on the website. You can find the creator’s privacy policy at: https://www.tawk.to/privacy-policy/. The creator processes the data on our behalf; see the agreement at: https://www.tawk.to/data-protection/dpa-data-processing-addendum/. User data are not otherwise transferred to third parties (Article 4(10) of the GDPR) unless the user expressly requests such a transfer in his request. Data are not transferred to non-EU states. PD will only be transferred to government institutions and authorities in accordance with legal regulations.

e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): unless the creator’s data protection concept at https://www.tawk.to/privacy-policy/ contradicts this, the data will be deleted three months after the request has been answered or dealt with (conclusion of the chat), unless the nature of the request results in a different treatment. If the request leads to a contractual relationship with MY-VPA or if it makes immediate preparations for one, the PD will be deleted in accordance with the legal provisions, no later than three months after the intended contractual or pre-contractual relationship has ended. The PD will be deleted unless Art. 17 (3) of the GDPR applies, in particular, if statutory retention requirements exist and/or the data are required in order to establish, exercise or defend against legal claims.

7. Purchasing hour packages (webshop)

This section of the data protection provisions applies to purchasing hour packages on the website; see: https://www.my-vpa.com/stundenpakete/. This webshop can only be used if a client account is created. The following explains what data are processed, and in what way they are processed, in order to establish the contractual relationship; under the contractual relationship itself, there will then be a separately agreed agreement on order processing (see client area).

a. Types of personal data: when creating a client account, data including email, first name, surname, company and telephone number are processed. When ordering hour packages, the user’s surname/first name, postal address (for invoicing), email address, taxability and bank details or credit card number are processed for the purpose of concluding and processing the contract.

b. Purposes of processing (Art. 13 (1) © of the GDPR): the purpose of processing is to enable and organise the provision of services, including after-sales following the completion of the transaction (including advice, liability for defects, etc.).

c. Legal basis for processing (Art. 13 (1) © of the GDPR): the legal basis is Article 6 (1) (b) of the GDPR, an upcoming or existing contractual relationship.

d. Recipients/third parties/transfer to non-EU states (Art. 13 (1) (e) and (f) of the GDPR): the data will not be transmitted to third parties (Article 4 (10) of the GDPR) unless the user expressly agrees to this. As part of the conclusion of the contract, consent is given to the data that is necessary for its execution being forwarded to the payment processing service provider Paypal, Klarna or Stripe. MY-VPA does not save any of your payment information. All data are processed on computers within the European Union. Data are not transferred to non-EU states. PD shall only be transferred to government institutions and authorities in accordance with legal regulations.

e. Deadlines for deletion (Article 13 (2) (a) of the GDPR): the data are processed for the duration of the business relationship, as long as they are necessary for the relationship. Otherwise, they will be deleted. In the case of terminated business relationships, the data will be deleted six months after the end of the business relationship. This does not apply if Art. 17 (3) of the GDPR applies, in particular, if there are statutory retention requirements (10 years retention for documents in accordance with the German Tax Code and six years for business documents in accordance with the German Commercial Code) and/or the data that are required for establishing, exercising or defending against legal claims (e.g., defect liability claims or defence of these).

8. Use of cookies and social plugins

a. Cookies in general

MY-VPA uses “cookies”. Cookies are small text files that save website settings, e.g., in the user’s web browser, when using the website. The cookies are used to make the website easier to use. MY-VPA uses session ID cookies. These are saved in the user’s web browser for the current session only and are automatically deleted when the browser is closed. Any user may prevent the installation of such cookies by adjusting the settings of their browser accordingly. In this case, however, this may mean that not all functions of the website can be used to their full extent.

Depending on the browser you are using, you have various options for preventing cookies from being stored on your computer and for blocking, displaying and removing stored cookies. If you have difficulties doing this, we recommend that you refer to the creator’s website. You will find the information you need there. If you decide that you do not want cookies to be stored on your computer, you will still have access to our website.

b. Google Analytics

In order to improve the quality of our offerings and website, we store data about each individual instance of access to our website for statistical purposes. This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). It is used on the basis of Article 6 (1) (1) (f) of the GDPR. Google Analytics uses “cookies”, which are text files that are stored on your computer to allow your website usage to be analysed. The information generated by the cookie about your usage of the website, such as:

browser type/version;
operating system used;
referrer URL (the previously visited page);
host name of the accessing computer (IP address); and
time of the server request;

are usually transferred to and stored by Google on servers in the United States. The IP address transferred by your browser for Google Analytics will not be combined with other data from Google. We have also added the “anonymizeIP” code to the Google Analytics code used on this website. This ensures that your IP address is masked. Therefore, all data are collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there.

On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports on website activity and provide the website operator with services related to usage of the website and internet usage. You can prevent cookies from being stored by enabling the corresponding setting on your browser. However, please be advised that if you do so you may not be able to use all the features of this website to their full extent.

You can also prevent the data that are generated by the cookie and which are related to your usage of the website (including your IP address) from being sent to and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the following link [LINK]. This sets an opt-out cookie which prevents any of your data from being collected in the future when visiting this website. The opt-out cookie applies only on this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. [Note: For instructions on incorporating the opt-out cookie, please visit: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].

9. User rights (Article 13 (2)(b) – (e), Article 7 (3) of the GDPR)

If the respective legal requirements are met, you have the right at any time to:

request information about the PD processed by us in accordance with Article 15 of the GDPR. In particular, you can request information about the purposes of the processing, the category of the PD, the categories of recipients to whom your PD has been or will be disclosed, the planned retention period and the existence of the rights explained in this section;
immediately request the rectification of incorrect or incomplete PD stored by us as per Article 16 of the GDPR;
request the erasure of your PD stored by us as per Article 17 of the GDPR, unless processing said PD is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to enforce, exercise or even only potentially defend legal claims;
request that the processing of your PD be restricted as per Article 18 of the GDPR, insofar as its accuracy is disputed by you, the processing is unlawful but you refuse to have it deleted and we no longer require the PD, but you need to enforce, exercise or defend legal claims or you have objected to the processing as per Article 21 of the GDPR;
receive your PD that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another responsible party, as per Article 20 of the GDPR;
withdraw any consent previously given to us at any time as per Article 7(3) of the GDPR. This would mean that we would no longer be allowed to continue the data processing based on this consent in the future; and
complain to a supervisory authority as per Article 77 of the GDPR. In general, you can contact the supervisory authority of your usual place of residence or workplace or the headquarters of MY-VPA.

If personal data are processed on the basis of legitimate interests as per Article 6 (1) (1) (f) of the GDPR, the data subject has the right to object to the processing of his/her PD as per Article 21 of the GDPR if there are reasons for this that arise from his/her particular situation or if the objection is directed against direct advertising. In the latter case, the data subject has a general right of objection, which we will implement without any particular situation needing to be specified.
In order to exercise these rights, the user should contact the body specified in point 1.

Privacy Policy for my-vpa mobile apps

Last Updated: 14/10/2023

1. Introduction

Welcome to my-vpa mobile application! This privacy policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application available on Google Play and App Store. We are committed to protecting your privacy and ensuring that your personal information is handled with care.

2. Information We Collect

2.1 Contact List Information: my-vpa mobile app may request access to your device’s contact list to send out invites to your team-mates (via email) We do not store or share your contact list information without your explicit consent.

2.2 Video and Image Information: my-vpa mobile app may require access to your device’s camera and photo gallery to share more info within the task transcription in the chat. We do not access or use this information without your explicit consent.

3. How We Use Your Information

We may use the collected information for the following purposes:

To provide the services offered by my-vpa mobile app.
To improve our app and services.
To personalize your experience within the app.

4. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties without your explicit consent.

5. Data Security

We take reasonable measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

6. Your Choices

You can control and manage the information we collect through the app settings. You can withdraw your consent for accessing your contact list, camera, or photo gallery at any time.

7. Changes to this Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Please check this policy periodically for updates.

8. Contact Us

If you have questions about this privacy policy or our data handling practices, please contact us at datenschutz@my-vpa.com.

9. Consent

By using my-vpa mobile app, you consent to our privacy policy and agree to its terms.

Data Pro­tec­tion

1. Cont­act details of the data con­trol­ler (Artic­le 13 (1) (a) of the GDPR)

2. Acces­sing the web­site and down­loa­ding docu­ments

3. Cont­ac­ting us by email using the email addres­ses pro­vi­ded on the web­site

4. Use of the cont­act form

5. Trans­fer of appli­ca­ti­on docu­ments

6. Live chat on the web­site

7. Purcha­sing hour packa­ges (web­shop)

8. Use of coo­kies and social plug­ins

9. User rights (Artic­le 13 (2)(b) – (e), Artic­le 7 (3) of the GDPR)

Pri­va­cy Poli­cy for my-vpa mobi­le apps

1. Intro­duc­tion

2. Infor­ma­ti­on We Coll­ect

3. How We Use Your Infor­ma­ti­on

4. Sha­ring Your Infor­ma­ti­on

5. Data Secu­ri­ty