together
Privacy Policy
Privacy Policy
§ 1 Who We Are and What We Do
LKK Together Development GmbH (hereinafter referred to as "Together"), located
at Kärntnerstraße 521, 8054 Seierberg, is an active limited liability company operating a
platform accessible at together-social.com. The Together app is a social network operated
by LKK Together Development GmbH. Together combines a shared photo album with a
social media platform. Users can create various albums with friends or family for different
projects and experiences, capturing these memories in photos and videos to share
according to their preferences. Together collects personal data to provide users with an
enhanced service and to better address violations of community guidelines and terms of use.
In providing our services, personal data is processed, and we inform you of this with this
privacy policy. We comply with all data protection obligations and protect your data through
digital security systems and technical measures.
§ 2 Who is Our Data Protection Officer
The responsible party according to Art. 4 para. 7 GDPR for compliance with the provisions of
the GDPR and all other data protection regulations is: LKK Together Development GmbH
Kärntnerstraße 521 8054 Seiersberg [email protected] You can assert your data
protection concerns and especially your data protection rights with the data protection officer.
§ 3 General Information About the Processing of Personal Data, Storage, and Deletion of
Processed Data
1. What personal data do we collect?
a. User's first and last name
b. Username
c. Email address
d. Encrypted password
e. Selected interests
f. Photos/videos uploaded by the user with captions
g. User-posted emojis
h. User-posted comments
i. Which accounts/pages the user subscribes to
j. Which posts the user views
k. Which pages the user participates in
2. When using our website or the services offered through it, personal data may be
processed. Personal data includes all information that relates to you personally (e.g.,
name, birth date, contact addresses, and much more). Personal data processing only
occurs in compliance with legal provisions (e.g., GDPR). This privacy information
aims to provide all necessary information under Art. 13ff GDPR.
3. Contact data, profile data, account information, customer reviews, user data,
verification data (identity check through IDs), payment information, company data,
location information, and tax data may be processed. The purpose is to enable you to
use our internet services.
4. When using Together, we generally collect and store your personal data only to the
extent necessary to provide our service and payment service. This applies to
customer data. When you create a customer account or profile, we process and store
the data you entered in the input mask necessary for providing our services.
5. If you contact us via email, contact form, or other electronic means, the data you
provide will also be processed and stored for the intended processing purposes,
provided this is necessary.
6. In providing our services, it may be necessary to share your personal data with third
parties.
7. Our database is managed by Microsoft Azure. Microsoft Azure is thus our data
processor under GDPR. Microsoft Azure has committed to complying with all data
protection regulations and can only access the data you provide and store to fulfill
your order.
8. Beyond the legal and factual necessity of data sharing, data is not shared with third
parties without your consent or your own action. Also, data is only shared with
authorized state institutions and authorities within the scope of legal disclosure
obligations or if we are required to provide information by court decision or official
order. Data is not transferred to third countries without your consent or explicit
request.
9. After terminating your membership with Together, your data remains stored only as
long as legal retention obligations exist (e.g., 7 years according to the Austrian
Business Code) or it is necessary for legal proof, although we observe the principle
of data minimization. If you have created a customer profile, the data remains stored
for your own use and interest until you cancel the profile or request deletion.
Exceptions are data that cannot or may not be deleted due to legal retention reasons.
10. The purpose of our data processing is to provide our services. By registering on our
platform, you consent to the processing of the data you entered. We also have a
legal interest in processing if you wish to use our platform.
11. If you want to register on our platform, we use the so-called double opt-in procedure
to complete the registration process. This means we send you an email to the
provided email address after your registration, asking for confirmation to complete
the registration and subsequent use. If you do not confirm your registration within a
reasonable time, your information will be locked and automatically deleted after 30
days.
12. During the registration process, the user's name, email address, and password are
collected. The user's selected interests are determined in the onboarding process of
the Together app. Photos and videos uploaded by the user are stored by Together in
the selected page after creation. Which user gave which emoji on which post is
stored by Together when assigning to show the creator of the respective post. If a
user clicks the subscribe button of an account or a page, Together remembers this to
inform the user in the future when new posts are available. If a user views a post,
Together remembers this to avoid displaying the post twice in the feed. If a user
accepts a page invitation, Together stores this.
§ 4 Automated Collection of Personal Data When Accessing and Using Our Website
1. When accessing and visiting our website, personal data processed by your browser
is transmitted to our server.
2. This includes the following data: IP address, user agent, date/time/number of
requests, browser, operating system, language, and version of the browser software,
request information, or information on transferred data volume.
3. Data collection is for technical reasons so you can view our website without
restrictions. It also serves to perform error analysis and ensure the website's stability
and security.
4. The information is temporarily stored in a so-called log file and deleted within 30 days.
The following data is stored in the named log file:
• the complete internet address (URL) of the accessed website
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL - e.g.,
https:// www.example.com/fromhereicame/)
• the hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• date and time
§ 5 Processing of Personal Data
When Using Our Platform as a Customer Registration process/steps for creating a profile as
a customer:
a) The user enters their data. Here, the required fields are to be entered or the
Together terms confirmed:
• First name
• Last name
• Username
• Birthdate
• Email
• Phone number
• Password
• Confirmation for marketing emails, community guidelines, terms of use, and privacy policy
b) Data is sent to a Microsoft Azure server by our data processor and then a user is created
in the Together database.
• Company: Microsoft Corporation
• Email: [email protected]
• Address: https://www.microsoft.com
• Location: Redmond, WA 98052-6399, USA
All data listed here is mandatory for creating a profile. All other data (see profile data, media)
is optional; however, a profile as a location or service provider becomes visible to end
customers or the public only after it is completed based on the mandatory fields defined by
Together. This data is stored until the user requests deletion or the data is no longer needed.
1. To create a customer account, the personal data listed under § 5a is processed. You
can then specify a password, with registration completed through email confirmation
and link activation. To enable you to use the platform and profile, these and all other
data you provide are stored and processed. After registration, you can set up your
customer profile.
2. If you unsubscribe from our platform as a user, the collected data will be deleted,
provided we are not legally required to retain it.
3. When you use our platform as a registered customer, your user data appears to other
registered users. This includes profile data (customer type, etc.); your profile picture,
if you upload one; and other self-published data. Third parties cannot view your
contact data disclosed to us unless you publish it yourself or share it with those third
parties.
4. When you use our platform's search options as a customer, you determine what data
you want to search for.
5. For your own better overview, we store your activities on our platform in your
account, providing a historical overview of your activities on our platform. This
involves processing user data.
§ 6 Data Processing
When Contacting Us Via Support Form or Email If you contact us electronically, e.g., via
email or support form, and this contains a request for processing, e.g., because you have
questions about existing bookings or are applying for a job with us, additional personal data
contained in your request may be processed and stored as necessary. We will store the data
as long as necessary for processing, or as legally required, or as deemed necessary for
legal reasons.
§ 7 Cookies
Our website uses "cookies." These are small text files stored on your device using the
browser. They do no harm and cannot access your programs. The use of cookies aims to
provide us with certain information and to make our internet offering more user-friendly
and effective. Our website uses "session cookies," temporarily stored on your device and
automatically deleted when you close your browser. Additionally, we use "persistent cookies"
on our website, stored on your device to recognize your browser upon a return visit. Using
certain cookies is necessary for the functionality of our website and technically necessary to
use the website's offering without restrictions and ensure stability (so-called "technical
cookies"). Using technically necessary cookies serves to maintain our website's functionality,
making the data processing by using these cookies required to safeguard legitimate interests
(Art. 6 para. 1 lit. f GDPR). No explicit consent is required for using technically necessary
cookies according to the mentioned provision. In addition to these technically necessary
cookies, "non-essential cookies" are used on our website for the tracking and analysis tools
mentioned under § 7. These cookies allow us to evaluate and better understand your
interests. Using such cookies and services enables us to make our online offering more
needs-based and effective and target our users with offers. You can choose your browser
settings to be informed about the setting of cookies and decide individually whether to
accept them in specific cases or generally reject them. Rejecting cookies may restrict the
functionality of our website. If you disagree with using cookies, you can refuse or disable this
feature in your browser settings.
§ 8 Tracking and Analysis
This website uses the following web analytics and tracking tools. Using these services
enables us to optimize the website's offering, design, and usage. Using these analysis and
tracking services also serves to statistically capture and evaluate website usage. This is
done by using cookies (§ 9), small text files stored on your device, and enabling analysis of
your website use. Thus, this processing activity pursues a legitimate interest within the
meaning of Article 6 para. 1 lit. f GDPR. Using web analytics and tracking tools leads to the
transmission and storage of information about your website use on a server of the provider.
If you disagree with this use, you can disable this feature in your browser settings.
§ 9 Google Analytics
Our website optionally uses the web analysis service "Google Analytics" by Google LLC
(hereinafter "Google"). Google Analytics uses cookies to analyze user website activity. The
information generated by cookies (e.g., IP address, browser information, operating system,
referrer URL, server request time) is usually transmitted to a Google server in the USA and
stored there. Google uses this information to evaluate website use, compile reports on
website activity for operators, and provide other services related to website and internet use
for market research and website design purposes. Google may also transfer this information
to third parties if required by law or if third parties process this data on behalf of Google. The
IP addresses collected by Google Analytics will not be linked with other Google information.
IP address collection can be prevented by activating IP anonymization on this website, within
member states of the European Union or other parties to the Agreement on the European
Economic Area. Only in exceptional cases is the full IP address transmitted. You can prevent
the storage of cookies by appropriately adjusting your browser software settings. In this
case, some website functions may not be available. Furthermore, you can prevent Google
from collecting and processing the data generated by cookies and related to your website
use (including your IP address) by installing the corresponding browser software (browser
plug-ins).
§ 10 Meta Pixel and Custom Audiences
Our platform uses the "Meta Pixel" service by Meta Platforms Inc. (hereinafter "Meta") for
optional analysis and optimization. Meta operates, among other things, the social media
platform "Facebook." Using Meta Pixel and Custom Audiences ensures that our Facebook
advertising activities only show to potential interested parties and are not intrusive. With the
service's help, we can also understand the effectiveness of Facebook ads for statistical and
market research purposes by logging whether users were redirected to our website after
clicking a Facebook ad.
§ 11 YouTube
Some pages of our website include videos and content from the "YouTube" platform, stored
athttp://www.YouTube.com gand viewable or accessible from our website. YouTube is a video
platform by YouTube LLC, a subsidiary of Google LLC. Videos are embedded using the
so-called two-click solution or extended data protection mode. This means that no personal
data is initially transmitted to YouTube when visiting our website. Only when you activate the
video by clicking does YouTube receive the information that you accessed the corresponding
subpage of our website. Furthermore, information such as IP address, date, and time of the
request; time zone difference to Greenwich Mean Time; content of the request (specific
website); access status/HTTP status code; transferred data volume; website from which the
request comes, browser; operating system, its interface, and language and version of the
browser software are transmitted. The transmission of information occurs regardless of
whether the user has an account on the YouTube platform and is logged in. If you are logged
into Google, your data is directly assigned to your account. If you do not want your
information collected by YouTube to be linked to your account, you must log out before
activating the button. In the case of an existing account, YouTube can use the collected
information, in particular, to contextualize and personalize advertising activities on its
platform. The data stored by YouTube is used to create user profiles, for advertising
purposes, market research, and/or the platform's needs-based design, regardless of whether
an account exists. The collected information is evaluated, particularly to provide
demand-oriented advertising and to inform other users about your activities on our website.
You have the right to object to such user profiling, for which you must contact YouTube to
exercise this right. More information about the purpose and scope of data collection and
processing by YouTube can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de)
There you will also find more information about
your rights and settings to protect your privacy.
§ 12 Newsletter
With your consent, you can subscribe to our newsletter. This allows us to inform you about
our services and offers and keep you updated. We use the double opt-in procedure to
register for our newsletter. This means we send you an email to the provided email address
after your registration, asking for confirmation to receive the newsletter. If you do not confirm
your registration within a reasonable time, your information will be locked and automatically
deleted after one month. Additionally, we store your used IP addresses and registration and
confirmation times. The purpose of this procedure is to verify your registration and clarify any
possible misuse of your data. After your confirmation, we store your email address to send
you the newsletter. You can withdraw your consent to receive the newsletter at any time and
unsubscribe from it. You can declare your revocation by clicking the link provided in every
newsletter email, emailing [email protected], or using the contact information
provided in the imprint on our homepage. As a data subject under GDPR, you have the right
to rectification, erasure, restriction, and objection regarding your personal data use,
according to Art. 16 ff GDPR. To exercise your rights, please contact our data protection
officer (§ 2). If you believe that processing your data violates data
protection law or your data protection rights have been infringed, you can contact the supervisory authority and lodge a
complaint.
§ 13 Use of Cloud Solutions
According to legal requirements, we inform you that we use the following cloud solutions:
Microsoft Azure is a cloud platform that receives your full name, email address, and
password in encrypted form. The privacy policy of Microsoft Azure can be found at: https://privacy.microsoft.com/de-de/privacystatement
Cloudflare is a cloud platform that
receives your uploaded media. The privacy policy of Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/
Google Workspace is used for sending emails and internally storing Together's documents to
ensure business operations. Terms of use: https://workspace.google.com/intl/de/terms/premier_terms.html
Meta Business Manager is used for communication between users and Together. Terms of use: https://www.facebook.com/legal/terms/businesstools
§ 14 Your Data Protection Rights
1. As a person affected by data collection and processing under GDPR, you have the
following rights, which we explain below in accordance with the GDPR:
Right to confidentiality;
Right to information (Art. 15 GDPR);
Right to rectification (Art. 16 GDPR);
Right to erasure (Art. 17 GDPR);
Right to restriction of processing (Art. 18 GDPR);
Right to data portability (Art. 20 GDPR);
Right to object (Art. 21 GDPR);
Right not to be subject to a decision based solely on automated processing,
including profiling (Art. 22 GDPR)
You can assert the aforementioned rights as the data subject at any time
by means of an informal notification to us.
2. To exercise your rights, please contact the person responsible under § 2 (Email:[email protected]).
This person is also available for questions and further explanations.
3. If you believe there has been a data protection violation by us, you can file a
complaint with the data protection authority/supervisory authority (Austrian Data
Protection Authority, Barichgasse 40-42, 1030 Vienna)
4. If you have consented to receive newsletters, you have the right to revoke this
consent at any time.
Following are your data protection rights:
§ 15 Right of Access by the Data Subject (corresponds to Art. 15 GDPR)
(1) The data subject has the right to obtain confirmation from the controller as to whether
personal data concerning them is being processed; if so, they have the right to access this
personal data and the following information:
(2) If personal data is transferred to a third country or an international organization, the data
subject has the right to be informed of the appropriate safeguards under Article 46 GDPR
relating to the transfer.
(3) The controller provides a copy of the personal data undergoing processing. For any
additional copies requested by the data subject, the controller may charge a reasonable fee
based on administrative costs. If the data subject makes the request electronically, the
information must be provided in a commonly used electronic format unless otherwise
requested.
(4) The right to obtain a copy under paragraph 1b must not adversely affect the rights and
freedoms of others.
§ 16 Right to Rectification (corresponds to Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the
rectification of inaccurate personal data concerning them. Taking into account the
processing purposes, the data subject has the right to have incomplete personal data completed,
including by means of providing a supplementary statement.
a. the purposes of the processing;
b. the categories of personal data being processed;
c. the recipients or categories of recipients to whom the personal data has been or will be
disclosed, especially recipients in third countries or international organizations;
d. where possible, the envisaged period for which the personal data will be stored, or, if not
possible, the criteria used to determine that period;
e. the existence of the right to request rectification or erasure of personal data or restriction
of processing of personal data concerning the data subject or to object to such processing;
f. the right to lodge a complaint with a supervisory authority;
g. where the personal data is not collected from the data subject, any available information
as to its source;
h. the existence of automated decision-making, including profiling, referred to in Article 22(1)
and (4) GDPR and, at least in those cases, meaningful information about the logic involved,
as well as the significance and the envisaged consequences of such processing for the data
subject.
For the purposes of processing, the data subject has the right to request the completion of
incomplete personal data - even by means of a supplementary declaration.
§ 17 Right to erasure ("Right to be Forgotten") (corresponding to Article 17 GDPR)
(1) The data subject has the right to demand from the controller the immediate deletion of
personal data concerning them, and the controller is obliged to delete personal data
immediately if one of the following reasons applies:
(2) If the controller has made the personal data public and is obliged to delete it according to
paragraph 1, the controller must take appropriate measures, including technical measures,
to inform other data controllers processing the personal data that the data subject has
requested the deletion of all links to, or copies or replications of, those personal data.
(3) Paragraphs 1 and 2 do not apply to the extent that processing is necessary:
a. The personal data are no longer necessary for the purposes for which they were collected
or otherwise processed.
b. The data subject withdraws their consent, which was the basis for processing according to
Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the
processing.
c. The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are
no overriding legitimate grounds for the processing, or the data subject objects to the
processing pursuant to Article 21(2) GDPR.
d. The personal data have been unlawfully processed.
e. The deletion of personal data is necessary to fulfill a legal obligation under Union law or
the law of the Member States to which the controller is subject.
f. The personal data have been collected in relation to services offered by the information
society according to Article 8(1) GDPR.
These exceptions also apply to processing:
a. for the exercise of the right to freedom of expression and information;
b. for compliance with a legal obligation requiring processing under Union or Member State
law to which the controller is subject or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health according to Article 9(2)(h) and (i)
GDPR and Article 9(3) GDPR.
§ 18 Right to Restriction of Processing (corresponds to Art. 18 GDPR)
(1) The data subject has the right to obtain from the controller the restriction of processing if
one of the following applies:
a. The accuracy of the personal data is contested by the data subject for a period enabling
the controller to verify the accuracy of the personal data;
b. The processing is unlawful, and the data subject opposes the erasure of the personal
data and requests the restriction of its use instead;
c. The controller no longer needs the personal data for the purposes of the processing, but
the data subject requires it for the establishment, exercise, or defense of legal claims;
d. The data subject has objected to processing pursuant to Article 21 para. 1 GDPR pending
the verification of whether the legitimate grounds of the controller override those of the data
subject.
(2) If processing has been restricted under paragraph 1, such personal data shall, with the
exception of storage, only be processed with the data subject's consent or for the
establishment, exercise, or defense of legal claims or for the protection of the rights of
another natural or legal person or for reasons of important public interest of the Union or a
Member State.
(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall
be informed by the controller before the restriction is lifted.
§ 19 Right to Data Portability (corresponds to Art. 20 GDPR)
(1) The data subject has the right to receive the personal data concerning them, which they
have provided to a controller, in a structured, commonly used, and machine-readable format,
and they have the right to transmit those data to another controller without hindrance from
the controller to which the personal data has been provided, where:
a.The processing is based on consent pursuant to Article 6 para. 1 letter a GDPR or Article
9 para. 2 letter a GDPR or on a contract pursuant to Article 6 para. 1 letter b GDPR; and
b. The processing is carried out by automated means.
(2) In exercising their right to data portability pursuant to paragraph 1, the data subject has
the right to have the personal data transmitted directly from one controller to another, where
technically feasible.
(3) Exercising the right under paragraph 1 of this Article shall not adversely affect Article 17
GDPR. This right does not apply to processing necessary for the performance of a task
carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right pursuant to paragraph 2 must not adversely affect the rights and freedoms of
others.
§ 20 Right to Object (corresponds to Art. 21 GDPR)
(1) The data subject has the right to object, on grounds relating to their particular situation, at
any time to processing of personal data concerning them which is based on Article 6 para. 1
letters e or f GDPR, including profiling based on those provisions. The controller shall no
longer process the personal data unless the controller demonstrates compelling legitimate
grounds for the processing which override the interests, rights, and freedoms of the data
subject or for the establishment, exercise, or defense of legal claims.
(2) Where personal data is processed for direct marketing purposes, the data subject has
the right to object at any time to processing of personal data concerning them for such
marketing, which includes profiling to the extent that it is related to such direct marketing.
(3) If the data subject objects to processing for direct marketing purposes, the personal data
shall no longer be processed for such purposes.
(4) The data subject must be explicitly informed of the right referred to in paragraphs 1 and 2
at the latest at the time of the first communication with them; this information shall be
presented clearly and separately from any other information.
(5) In the context of using information society services, and notwithstanding Directive
2002/58/EC, the data subject may exercise their right to object by automated means using
technical specifications.
(6) Where personal data is processed for scientific or historical research purposes or
statistical purposes pursuant to Article 89 para. 1, the data subject has the right, on grounds
relating to their particular situation, to object to processing of personal data concerning them,
unless the processing is necessary for the performance of a task carried out for reasons of
public interest.
§ 21 Automated Individual Decision-Making, Including Profiling (corresponds to Art. 22
GDPR)
(1) The data subject has the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning them or similarly
significantly affects them.
(2) Paragraph 1 does not apply if the decision:
a. Is necessary for entering into, or performance of, a contract between the data subject and
a data controller;
b. Is authorized by Union or Member State law to which the controller is subject and which
also lays down suitable measures to safeguard the data subject's rights and freedoms and
legitimate interests; or
c. Is based on the data subject's explicit consent.
(3) In the cases referred to in paragraph 2 letters a and c, the data controller shall implement
suitable measures to safeguard the data subject's rights and freedoms and legitimate
interests, at least the right to obtain human intervention on the part of the controller, to
express their point of view, and to contest the decision.
(4) Decisions referred to in paragraph 2 must not be based on special categories of personal
data referred to in Article 9 para. 1, unless Article 9 para. 2 letter a or g applies and suitable
measures to safeguard the data subject's rights and freedoms and legitimate interests are in
place.
§ 22 Programs, Providers, Terms, and Privacy Policies Used:
Below is a summary of the programs we use, along with the corresponding
terms and privacy policies:
Microsoft Azure
Personal data is stored in Microsoft Azure. The storage duration for all data is as long as a
deletion request is not made. Privacy Policy: https://azure.microsoft.com/de-de/support/legal/
Firebase
Personal data is stored in Google Firebase to carry out the registration process. The storage
duration for all data is as long as a deletion request is not made. Privacy Policy:
https://policies.google.com/privacy
OneSignal
Our app uses OneSignal to send notifications. With your consent, you receive information,
offers, and reminders. You can disable notifications anytime in your phone settings.
OneSignal processes your device ID, operating system, notification settings, and possibly
other data (device information, IP address, location) for sending notifications. The data is
stored in the USA and protected by the EU-US Data Privacy Framework. OneSignal
Privacy Policy: https://onesignal.com/privacy_policy
Cloudflare
To provide our service, we use Cloudflare's offering. Media and profile pictures are stored on
Cloudflare R2. The Cloudflare privacy policy can be found here:
https://www.cloudflare.com/de-de/privacypolicy/. Cloudflare commits to complying with the
GDPR. More information can be found here:
https://www.cloudflare.com/de-de/trust-hub/gdpr/
Additionally, we use Cloudflare as a web proxy to optimize the security and performance of
our website. The data transmitted to the website is transported via Cloudflare's servers,
including the user's IP address, system configurations, and other traffic information to and
from our website. This data collection protects our website from security threats and
improves loading times. Cloudflare processes this data in accordance with the GDPR.
Google Workspace
Used for email delivery and internal storage by Together to ensure business operations.
Terms of Use: https://workspace.google.com/intl/de/terms/premier_terms.html
Google Fonts
Our website utilizes Google Fonts to ensure a consistent and appealing design across different devices and browsers. Google Fonts is a service provided by Google LLC,
allowing us to incorporate various font styles directly from Google's servers. When accessing our website, your browser loads the required fonts from Google, which may
involve the transmission of your IP address to Google's servers. For more information on data processing by Google, please refer to Google's Privacy Policy.
Meta Business Manager
Used for communication between users and Together. Terms of Use:
https://www.facebook.com/legal/terms/businesstools